What Are the Risks of the IoT in Financial Services?

December 11, 2019
| |
4 min read

Increased reliance on the internet of things (IoT) is one of the biggest trends in enterprise technology, and the financial services industry is a big part of that trend. And due to the nature of financial business, both the promises and the risks of the IoT in financial services are great.

To demystify the IoT a bit, an IoT device is anything with processing power that is not usable as a computing device. That covers point-of-sale (POS) devices, security motion detectors and even internet-connected coffee machines, to name a few. Gartner predicted that the world will see nearly 21 billion IoT devices by next year.

Many IoT devices used in the financial services industry are customer-facing. Banks, for example, can use IoT tech to form a higher-resolution picture of credit risk or to recognize customers as they come through the door for a smoother, more personalized customer service experience. Businesses can use IoT devices to collect more data about customer preferences and behavior, and financial institutions can gather real-time data from wearables to enable personalized product advertising.

Current customers can perform transactions using wearable and car-based IoT devices, and new customers can be signed up for financial services using mobile devices at special events, trade shows or malls. Home devices like smart speakers allow consumers to open accounts through voice commands, which can trigger back-office workflows.

In short, IoT devices offer improved customer service and greater business efficiency, but the benefits of the IoT in financial services cannot be realized simply by purchasing IoT devices — that’s just the beginning.

How the Internet of Things Can Become the Internet of Broken Things

When a new technology comes along that isn’t fully understood yet, buyers often embrace the technology because it’s the “Next Big Thing,” and not because they have a clear vision of how it will benefit their affairs or add value to existing systems and processes. IoT technologies are no exception. Considering the costs of purchasing IoT devices without considering the costs that may come after is all too common. Let’s start with the most mundane issues they can bring.

Unlike nearly all enterprise technology devices, which are either plugged into the wall or powered by rechargeable batteries, many IoT products are powered by replaceable batteries. This can start out great but turn sour when the batteries inevitably weaken and ultimately die. Dealing with batteries is part of a larger conversation that needs to take place about the many factors that can affect the total cost of IoT device ownership. Remember to account for the inevitability of equipment failures and the costs of downtime as well as the resources and processes required to perform preventative maintenance.

IoT devices can also generate an enormous amount of data, creating additional costs related to storing and securing all that data. Organizations often don’t have the necessary processes in place to check IoT data for errors and omissions, so the quality of data isn’t always reliable. That’s a separate project that needs to be planned.

When an organization makes an IoT device purchase, it must also allocate funds for implementation, security, maintenance and other post-purchase matters.

Security and Privacy Concerns

Gartner predicts that IoT security spending will reach $3.1 billion by 2021. That estimate is likely conservative, as spending will likely increase once organizations fully understand the security and privacy risks associated with the IoT. In addition, IoT decision-making often doesn’t include budgeting for security, but greater awareness about the susceptibility of these devices to hacks will likely change that.

Many IoT in financial services devices are ripe targets for cybercriminals because they tend to convey personal information about customers and facilitate money transfers. And since that IoT data is not always originating from financial organizations, it’s often left exposed or poorly protected. To account for this, organizations with customer-related IoT data must communicate what data is being gathered from customers and what the company intends to do with that information.

It’s helpful to regard IoT devices as sources of huge quantities of potentially sensitive data on top of the already growing stores of organization data that must be securely and privately managed.

Small Devices Can Create Big Data

Where does all the data generated by financial institutions go? And how can organizations make use of it? To maximize the potential gains of data collection, institutions must extract the most actionable insights, and this is where artificial intelligence (AI) can help.

A survey conducted by SAS, Deloitte and Intel found that 92 percent of respondents reported business improvements after integrating AI with IoT systems. Shockingly, only 12 percent of organizations found the IoT to be beneficial on its own, but with AI added, that statistic rose to 31 percent.

IoT data must be deciphered to be useful, and AI is a crucial asset for turning data into actionable insights.

Integrating IoT Devices Safely

Here are some tips for integrating IoT technologies into a financial organization for increased security and business efficiency:

  • Understand which devices are part of your IoT infrastructure and where they operate. Keep an eye on these devices, what they’re doing and who has access to them.
  • Think about how to pair IoT data with AI for actionable business insights.
  • Consider how authentication will work. If access to your devices or data will be selectively granted to specific people, how will those people be authenticated?
  • Make sure you have a plan for updates and patches that includes how you will ensure new IoT devices are compatible with your existing systems for update management.
  • Stay on top of the latest emerging threats related to the IoT.
  • Plan how you will handle any strange or malicious activity originating from your IoT devices.
  • Make sure your IoT purchases support identity and access management (IAM), since many products do not.
  • Integrate the IoT into your vulnerability management program.

Above all, don’t think of the IoT as a tech bandwagon that you must jump on. Instead, think of it as a generator of massive amounts of data that must be made intelligible, accessible and secure. It’s not all about buying the devices, it’s about what comes after the purchase.

Mike Elgan

I write a popular weekly column for Computerworld, contribute news analysis pieces for Fast Company, and also write special features, columns and think piece...
read more

Your browser doesn’t support HTML5 audio
Press play to continue listening
00:00 00:00