Usability and security key to payments via the Internet of Things
By Scott Hess, vice president of user experience, consulting and innovation, Fiserv
Ongoing advancements in mobile device technology have opened many doors for the on-the-go consumer.
Curious about the weather? There is an app for that. Need to check email? It is right there. Want to text a friend or post to social media? Tap, tap, done.
In our increasingly mobile world, today’s consumers are also embracing the mobile channel as a way to make purchases, pay bills and transfer funds. And, in a similar way, as the internet of things grows we expect to see more payments originating from connected devices.
Comprised of physical devices that can collect and exchange data, the Internet of Things includes everything from connected cars to smart appliances, and the number of these devices is growing exponentially. For payment providers, usability and security should be top of mind considerations for this emerging area.
Design with usability in mind
As with any new payment offering, consumer choice and preference should be at the center of design. Financial institutions interested in expanding services through the IoT should use the same lens they do when evaluating which capabilities they would deliver on a smartphone versus a desktop: what types of capabilities are practical for this device, and how will consumers want to access them?
For example, a smartphone is ideal for checking account balances, transferring funds, and sending person-to-person payments whereas a smartwatch has a much smaller screen making it hard to navigate those activities. Proactive account notifications, such as account balance or successful funds transfer alerts, would be more appropriate for a smartwatch because it does not require the consumer to interact with the notification.
Some devices lend themselves better to financial services than others do, and the physical attributes of the device can determine how the consumer will use it. People are unlikely to want to set up a budget from their connected car, but they may very well want to check their balance or pay a bill from there. When a financial institution understands how the consumer is going to interact with them through the device in question and responds accordingly, it ensures the consumer will derive value from the interaction.
Security will require multiple layers
It is not realistic to expect device manufactures to equip all devices with bank-grade security. However, it is still essential to secure payments and money movement activities from the devices connected to the Iot. Doing so will require securing the device itself, apps on the device as well as creating layers of security beyond the device – such as into the cloud – as part of a multi-layered approach to security.
To break this down, we can think about the two primary ways payments are initiated via the IoT – by a person or by the device itself. If a person initiates a payment from a device it is quite possible they are using an app intended for the purpose of making payments – accessing online banking from their connected car to make a bill payment, for example. In that case the online baking app has appropriate security protocols in place, helping ensure the payment is secure.
On the other side of the coin we have payments initiated by the device itself. Take the much-used connected refrigerator example. If my refrigerator senses that I am out of milk and orders more, how will that payment be authorized, created, and secured?
In these cases it becomes obvious that the security of the payment cannot reside exclusively with the device itself – there needs to be additional security layers. An obvious place for one of more of these layers to reside is in the cloud, and it is incumbent on larger players leveraging the internet of things to propel this concept of layered security. This includes working together to advance common industry standards related to security.
Taking a multi-channel, multi-device approach, such as registering devices to each other, and thinking in terms of layered security, so if one layer is breached you have others to fall back on, are important considerations for securing payments via the IoT.
Leveraging existing capabilities such as tokenization in the Internet of Things space is an example of the type of layering that can address potential for fraud for transactions that are made via cards. Another potential layer would be to go beyond credentials and leverage personal behavior to help identify legitimate transactions.
The Internet of Things delivers additional touchpoints and features that will evolve how payments are made. Usability and security will be key considerations for payments initiated by people, and the growing volume of device-initiated payments will necessitate a collaborative, multi-layered approach to payments security.