February 2, 2017
Connected devices have become increasingly common as has integrating payment functionality into those devices. While not everyone has a refrigerator that automatically orders groceries, digital assistants like the Amazon Echo are establishing a beachhead for IoT that will become more extensive in the coming years. Fraudsters are counting on that development happening quickly so they can exploit an emerging technology with security holes experts haven’t even thought of. But, a new white paper from payment solution provider TMG details early best practices banks and payment companies that want to offer IoT payment solutions can adhere to that could help limit their vulnerability. The advice will sound familiar to fraud professionals, but the lessons bear repeating.
While biometrics will likely factor significantly in authenticating users of connected devices, employing multiple layers of authentication is vital. Changing passwords on privileged accounts should be automatic, but 20 percent of organizations have never done so, according to the author. Also, solution providers must think beyond the device and consider the security of the apps running on it, the servers connected to it and the network it is running on.
“Just as IoT technology is new, so are the fraud detection and prevention strategies governing them. The PCI Council, for example, is still developing a framework for ensuring payment security when IoT devices are involved,” according to the paper’s author, TMG Fraud Prevention Manager Ashley McAlpine. “There is no doubt the IoT has the potential to inject unprecedented convenience into the financial lives of consumers. Yet, for every convenience, there is typically a trade-off. Neither the financial industry, nor the consumers who rely on it, can afford for security to become that trade-off.”
Download the free white paper here.