Consumers expect technology to make their lives easier. When it comes to payments, this means consumers expect a frictionless experience. Explore what role IoT will play in providing seamless commerce experiences in 2020 and beyond.
The Internet of Things (IoT) market is projected to grow to more than $3 trillion annually by 2026. This number is no surprise as IoT continues to transform various industries and types of organizations by connecting devices with the internet. The next several years will also be marked by the significant proliferation of connected devices, with one report projecting that there will be over 64 billion IoT devices by 2025 — an increase of 10 billion or 18.5% in 2018. Within the banking and financial services sector, IoT market size is projected to increase from $249.4 million in 2018 to $2,030.1 million by 2023, at a CAGR of 52.1 percent.
There are several different factors contributing to the IoT market, including Blockchain as well as 5G networks. While blockchain in the IoT is not anticipated to become a standard, it may be a tool employed by certain companies in the future or for use within specific solutions. Lightning-fast 5G networks, on the other hand, will catapult opportunities within the IoT space. Not only will IoT providers aim to support 5G networks, but this standard will improve cellular solutions overall.
IoT makes devices smart, which has serious implications for the fintech and payments industries. Smart devices can be incorporated into financial services to not only disrupt retail banking but to create a subset of IoT, known as the Internet of Payments. This would encompass all transactions that happen within the payment systems associated with connected devices. The potential to disrupt traditional payments infrastructure is great.
In terms of retail banking disruption, the results are similar. Smart devices can speed up and streamline financial transactions while also improving security and identity management. Beyond that, we can see opportunities within car insurance, for example, where smart devices can track vehicle mileage, maintenance and performance and rates can be more usage-based. This has implications for both health and real estate insurance, too. New IoT infrastructures can create a more accurate and standardized experience for financial transactions.
Shifts in Consumer Behavior and Expectations
The long and short of it is that consumers expect technology to make their lives easier. Not only are they comfortable with technology’s presence in their lives — they expect it. This translates to an expectation of frictionless experiences in every area of life. Retailers are taking notice.
Chevrolet partnered with Shell last year to launch a feature that let drivers pay for gas from their vehicle’s infotainment screen. The features was part of General Motor’s Marketplace service, which enables car owners to pre-purchase coffee or gas or even make restaurant reservations from inside their car. As manufacturers continue to partner with payment providers to streamline payments, we will continue to see a proliferation of the IoT in a variety of “everyday” experiences.
Payments industry magazine PYMNTS and Visa conducted a survey of roughly 2,500 consumers to get their thoughts on shopping experiences. The results shed light on how unhappy consumers are with the current state of shopping. More than half (60%) said the entire shopping process (including online and in-store) is inefficient, time-consuming, and boring. Roughly two-thirds said they would use an IoT to improve speed and ease of shopping and over three quarters said they want banks and financial institutions to implement innovative payment methods.
Based on the shifting consumer expectations above, the IoT presents big opportunities to streamline payments and move towards invisible payments. Smartphones are now ubiquitous and wearables are moving in that direction, making digital payments more plausible than ever. Mobile plays a big role and consumer sentiment is still seesawing here. A recent study showed that 55% of U.S. mobile users reported hating the idea of being cashless. Subsequently, about 76% of mobile users carry cash and 45% said they don’t think there’s a reason to use mobile payments. On the surface, this is disheartening to banks, payment processors and fintechs focused on pushing a digital wallet agenda; however, it’s not the end of the story. Younger consumers do believe in mobile payments, with 22% of people under 40 saying they use mobile payments daily.
Amazon Go is a perfect example of IoT payments in action. These convenient stores facilitate an invisible payments experience by allowing shoppers to simply select their items and leave the story. Computer vision and machine learning software tracks items selected (along with anyone put back on the shelf) to calculate the total purchase amount, which is then automatically deducted from the customer’s Amazon account. It’s about as seamless an experience as one can expect and largely judged as a success in creating a checkout-less experience. In fact, others are so convinced that Amazon is using IoT to pioneer the shopping experience of the future that they are trying to replicate the technology and get an edge in. While the jury is still out on how people will adopt digital payments, IoT carries a lot of promise in terms of doing away with the inconvenience of carrying cash.
A big part of IoT success in payments is capturing the right data. Connected devices can make it easier to capture not only transaction data but data tied to events and experiences before and after payments transactions. Data may run the gamut from geolocation to internet browsing activity to the weather or even biometric data. This data can then be used to enhance and personalize the customer and payments experience moving forward. It can also support marketing campaigns, inform logistics, and add insights to business models and future product development.
5G technology is based on a new core network and radio communication system referred to as 5G New Radio (5G NR). With improved wireless connections globally, it also promotes multiple access for connectivity technologies including Wi-Fi, fixed-line, satellites, and cellular. In short, 5G will have the capacity to cut lag by connecting more devices at higher speeds. This new seamless user experience will power smart devices on a small scale and smart industries and cities on a larger scale.
The hope is that adoption will grow, spurring more network rollouts. Users would be able to access more multimedia content, including 3D video and augmented reality. Additional use cases involve the larger-scale initiatives like smart grids, factory automation and other critical communications within industries.
As a decentralized ledger that is cryptographically secured, blockchain technology enables the secure transfer of data between parties. This can play a role in scaling the IoT, which currently has systems that rely on a more centralized architecture. Data is sent from device to cloud and then back to IoT devices again. Given the projection of 64 billion connected IoT devices by 2025, a centralized system may actually hinder scalability and also have more vulnerabilities in security. One-off verification and authentication by third-parties could prove to be a high-cost and inefficient endeavor when it comes to payments.
Smart contracts in blockchain networks, however, may enable more autonomy within IoT. Devices can function securely via agreements that would only be executed when certain requirements are met. This removes the third-party middlemen from the transaction equation, improving automation, scalability, and cost savings. It also quashes data theft or hacking attempts; the decentralized, cryptographically secured network makes it very difficult for data or network security to be compromised.
Biometrics are not new and have already seeped into everyday experiences, including fingerprint and facial recognition sensors that are commonplace on smartphones today. Biometrics have the power to create a seamless authentication experience without creating friction for the end-user. Along with easy integration and the unique credentials utilized, biometric authentication has strong promise when it comes to the security of the future.
Biometric identifiers (fingerprints, facial patterns, voice patterns, etc.) are excellent, constant identifiers and also very difficult to replicate. This makes them ideal to keep out unauthorized users and to ensure that the right user can always access their device or make a payment without having to remember a password or other login credentials.
While in-person payments have the added security of EMV chip and PIN technology, digital transactions need a similar level of protection. Tokenization can provide that protection and ensure that the billions of connected devices that are becoming payment vehicles remain secure for both consumers and retailers.
IoT transactions linked to digital wallets can be secured by a token, making it easier for any and all devices to become a payment method. Tokenization can reduce card-not-present (CNP) fraud when financial institutions and manufacturers incorporate it into systems, core platforms and payment processors.
Given the increased frequency of data breaches, there is more pressure than ever for retailers to safeguard consumer data. Personal information, including names, credit card information and security codes, is at risk when not secured. The challenge becomes keeping the consumer experience at the forefront without sacrificing security.
Tokenization enables this balance by replacing sensitive customer data with a unique identification symbol instead. All critical information about the data is retained; however, the tokens alone are useless if breached or stolen. The token keeps the data protected as it navigates the routing of the transaction, keeping the risk of compromise minimal.
Mastercard and Visa have already made their commitment to secure IoT transactions known by enabling financial institutions and merchants to utilize tokenization at a relatively low-cost level. In 2018, Mastercard unveiled the expansion of the Mastercard Engage platform, which helps vendors deploy digital wallets and enabling tokenization. The platform also specifically works with IoT device manufacturers to facilitate secure payments through devices via the Mastercard Digital Enablement Service.
While both biometrics and tokenization promise to enhance security, we still face issues related to the sheer volume of connected devices and use cases. The number of connected devices will continue to increase and many may be poorly protected, leaving the door open to network compromise via mutating malware. Many believe we are in the “Wild West” stages of IoT, lacking standardization and facing a variety of payments use cases. The diversity of devices makes protection increasingly difficult.
In addition to protection, connected devices should also have the ability to monitor and alert on access attempts that are unauthorized to block future attacks and isolate any compromised devices. There are two principles to which attention must be paid: securing the physical devices as well as the network that communicates data between authorized components. Lack of standardization within the IoT technology stack makes adherence to these principles complicated. Network infrastructure, the devices themselves (which vary in design, integrations, and lifespans), cloud platforms, machine learning integrations, and communications networks are just the beginning of the complex web that facilitates IoT payments. Other considerations include compatibility with existing payments infrastructure, customer authentication technologies and implementations, and payment credential management.
There is no certification process in existence to manage these moving pieces amidst a complex environment and certain threats exist that can lead to serious attack scenarios in IoT payments.
If an IoT administration system is compromised, it is possible that the attacker can gain access to all assets, including devices, gateways, and networks, that the admin system controls. The attacker then has the ability to steal sensitive data, create malfunctions or otherwise negatively affect the behavior of the IoT environment. This type of attack can be critical; an entire administration system compromise means multiple assets are also compromised, potentially without detection.
Another threat involves the manipulation of calibration parameters established for sensors. In these cases, bad values can be substituted for good ones, which can be critical to various systems. This type of attack may target the sensor processing and knowledge model levels of the control system of an industrial robot in a factory or in the payments world, a real-time risk management system in a payment network authorization computing facility.
A botnet is a network of private, automatic devices or computers that are maliciously infected and controlled as a group to accomplish a task (e.g. sending spam messages). A botnet attack starts with the exploitation of a vulnerability within a device, injecting commands that allow a bad actor to gain access to administrator privileges. Upon this access, a botnet made up of vulnerable IoT devices can be created and used to carry out an attack. Given the inherent interconnectivity of IoT devices along with non-standardized configuration, this type of attack could be relatively simple to carry out. Any unsecured element of IoT could present entry points to payment systems, leading to fake payment authorization requests.
We discussed some of the efforts in biometrics and tokenizations, though there are also a number of public administration initiatives aimed at hardening IoT against cyberattacks. The European Commission created a proposal meant to strengthen the European Network and Information Security Agency’s (ENISA) mandate around standardizing ICT products. The UK government has also taken steps in this area, promoting best practices for IoT system design as well as secure-by-design principles. That said, no financial industry standardization initiative currently exists to help police IoT-enabled payments or the supporting security architectures. Both will be necessary to fuel both the adoption of IoT-enabled payments services as well as the development of IoT payments applications.
The promise of IoT to enhance and streamline payments is obvious. As we move closer to invisible payments, IoT is likely to be a usual suspect. That said, there are still significant barriers — both with adoption as well as with securing IoT payments — that could stifle growth and movement. While it may be early to make any definitive statements about the future of IoT payments, 2020 is likely to be a critical year to see how some of these elements play out.
Mobile payments and the proliferation of smartphones and mobile wallets are still panning out in terms of consumer interest. While the mobile mania seems to have slowed, there are indicators that Millennials and Gen Z may push past the disinterest of older generations and catapult mobile payments into a new, more active era.
There is also more to be seen on the security front. Biometric technology continues to evolve and tokenization is still gaining momentum among merchants and fintechs for other digital payments. What remains to be seen is how certification or standardization may play a role in the development of IoT, particularly as it relates to payments. There is more work to be done in standardizing and securing the IoT ecosystem, and wider adoption will likely rest on how this pans out over the next 12 months.