Banking on IoT: Security in the Internet of Things Era

The Internet of Things (IoT) is set to completely revolutionise our economy, society and culture over the next five years, with 2016 looking set to be the year in which IoT hits the mainstream.

When it comes to the future of business, we have already recently considered how the IoT will change banking and what the impact of the predicted 25 billion smartphones and connected devices by 2020 is going to mean for the banking industry and its customers.

I previously discussed what IoT and machine-to-machine (M2M) connectivity between an ever-increasing number of connected digital devices is going to mean in terms of improvements in customer experiences and rewards offered by banks, how big data is going to help banks stay ahead of the business curve and how new types of biometric and positional sensors are going to change both consumer and business banking in the future.

One vitally important aspect of the IoT banking revolution that we also have to consider in some depth is security. Clearly, security has always been of the utmost importance to the banking industry, throughout its entire history, but with the many consumer and business advantages promised by the IoT era comes a whole new array of security challenges that banks need to be very aware of and prepared to deal with.

IoT and the importance of security for banking

The forthcoming boom in IoT devices and the billions of new wearables and smart devices that are set to transform our work and personal lives over the next few years, hold the promise of a far more efficient world in which banking experiences – for both consumer and business customers – will be improved by the many new M2M devices able to communicate with each other.

And it will be the new generation of increasingly connected consumers and businesses that will drive IoT innovation in banking. M2M connectivity will see banks start to develop progressively more rewarding and more convenient customer experiences and business services, including more convenient forms of always-on access and new payment technologies.

However, with each successive improvement in customer and business banking services due to IoT technology there will also be a concurrent increase in concerns around identity theft and customer verification. Banks’ data security and data management technologies and strategies will be more important than ever.

It’s already very evident to casual observers of the effect of technology on culture and business that smartphone and smartwatch users are becoming quickly familiar and happy to use contactless and wearable payment technologies such as Apple Pay. And major tech brands such as Google, Samsung and various OEMs are actively deploying proximity and secure online payment strategies and embedding payment functionalities in wearables. These technologies and devices are marked by new identity verification and data security methods. Apple Pay, for example, uses tokenization, replacing a user’s credit card number with a unique number for making payments.

Security checking methods like tokenization are by no means new concepts, but their widespread implementation in smart and wearable technologies in the IoT era is certainly going to bring an extra level of security to digital payment processes. Which means that sensitive personal and financial data will be better protected from accidental or deliberate unauthorized access.

In addition to tokenisation, banks and retailers will increasingly start to use real time geo-location technologies and information in order to identify where and when they might deliver the best offers and incentives to their customers. Each such development will require specific security and user authentication techniques in order to ensure the banks’ customers are happy with their personal location data being used this way.

Banking, biometric authentication and user trust

As well as traditional forms of security and user authentication, banks will also start to use and rely on biometric data – from numerous sources including fingerprints, finger vein and iris scans, voice-recognition and facial-recognition software.

Even so, while biometric forms of user authentication will help to improve banks’ data security, there is also a need for a higher level of trust from customers, in order for them to share such new forms of personal data with their bank.

Banks will also very quickly become repositories of huge amounts of information on the daily movements and habits of their customers. This means that banks will be required to show that they can protect the location-based data they receive from the customers’ smartphones, wearables and connected cars by incorporating the latest data security technology at every step in the chain and at every node in the network.

Whether data is ‘resting’ on a device or on a bank’s IT system or whether it is moving around nodes in an IoT ecosystem, it always must be fully secured and encrypted. Additionally, banks will have to have solid and secure key management strategies and strong authentication processes in place to ensure security isn’t a barrier to IoT innovation.

Overall, to fully embrace the potential of IoT for both consumer and business customers, banks are going to have to step up to the new security challenges to build and maintain customer trust, as they develop new ways of improving overall network infrastructure and their uses of big data, analytics and the cloud.