December 11, 2019 By Mike Elgan 4 min read

Increased reliance on the internet of things (IoT) is one of the biggest trends in enterprise technology, and the financial services industry is a big part of that trend. And due to the nature of financial business, both the promises and the risks of the IoT in financial services are great.

To demystify the IoT a bit, an IoT device is anything with processing power that is not usable as a computing device. That covers point-of-sale (POS) devices, security motion detectors and even internet-connected coffee machines, to name a few. Gartner predicted that the world will see nearly 21 billion IoT devices by next year.

Many IoT devices used in the financial services industry are customer-facing. Banks, for example, can use IoT tech to form a higher-resolution picture of credit risk or to recognize customers as they come through the door for a smoother, more personalized customer service experience. Businesses can use IoT devices to collect more data about customer preferences and behavior, and financial institutions can gather real-time data from wearables to enable personalized product advertising.

Current customers can perform transactions using wearable and car-based IoT devices, and new customers can be signed up for financial services using mobile devices at special events, trade shows or malls. Home devices like smart speakers allow consumers to open accounts through voice commands, which can trigger back-office workflows.

In short, IoT devices offer improved customer service and greater business efficiency, but the benefits of the IoT in financial services cannot be realized simply by purchasing IoT devices — that’s just the beginning.

How the Internet of Things Can Become the Internet of Broken Things

When a new technology comes along that isn’t fully understood yet, buyers often embrace the technology because it’s the “Next Big Thing,” and not because they have a clear vision of how it will benefit their affairs or add value to existing systems and processes. IoT technologies are no exception. Considering the costs of purchasing IoT devices without considering the costs that may come after is all too common. Let’s start with the most mundane issues they can bring.

Unlike nearly all enterprise technology devices, which are either plugged into the wall or powered by rechargeable batteries, many IoT products are powered by replaceable batteries. This can start out great but turn sour when the batteries inevitably weaken and ultimately die. Dealing with batteries is part of a larger conversation that needs to take place about the many factors that can affect the total cost of IoT device ownership. Remember to account for the inevitability of equipment failures and the costs of downtime as well as the resources and processes required to perform preventative maintenance.

IoT devices can also generate an enormous amount of data, creating additional costs related to storing and securing all that data. Organizations often don’t have the necessary processes in place to check IoT data for errors and omissions, so the quality of data isn’t always reliable. That’s a separate project that needs to be planned.

When an organization makes an IoT device purchase, it must also allocate funds for implementation, security, maintenance and other post-purchase matters.

Security and Privacy Concerns

Gartner predicts that IoT security spending will reach $3.1 billion by 2021. That estimate is likely conservative, as spending will likely increase once organizations fully understand the security and privacy risks associated with the IoT. In addition, IoT decision-making often doesn’t include budgeting for security, but greater awareness about the susceptibility of these devices to hacks will likely change that.

Many IoT in financial services devices are ripe targets for cybercriminals because they tend to convey personal information about customers and facilitate money transfers. And since that IoT data is not always originating from financial organizations, it’s often left exposed or poorly protected. To account for this, organizations with customer-related IoT data must communicate what data is being gathered from customers and what the company intends to do with that information.

It’s helpful to regard IoT devices as sources of huge quantities of potentially sensitive data on top of the already growing stores of organization data that must be securely and privately managed.

Small Devices Can Create Big Data

Where does all the data generated by financial institutions go? And how can organizations make use of it? To maximize the potential gains of data collection, institutions must extract the most actionable insights, and this is where artificial intelligence (AI) can help.

A survey conducted by SAS, Deloitte and Intel found that 92 percent of respondents reported business improvements after integrating AI with IoT systems. Shockingly, only 12 percent of organizations found the IoT to be beneficial on its own, but with AI added, that statistic rose to 31 percent.

IoT data must be deciphered to be useful, and AI is a crucial asset for turning data into actionable insights.

Integrating IoT Devices Safely

Here are some tips for integrating IoT technologies into a financial organization for increased security and business efficiency:

  • Understand which devices are part of your IoT infrastructure and where they operate. Keep an eye on these devices, what they’re doing and who has access to them.
  • Think about how to pair IoT data with AI for actionable business insights.
  • Consider how authentication will work. If access to your devices or data will be selectively granted to specific people, how will those people be authenticated?
  • Make sure you have a plan for updates and patches that includes how you will ensure new IoT devices are compatible with your existing systems for update management.
  • Stay on top of the latest emerging threats related to the IoT.
  • Plan how you will handle any strange or malicious activity originating from your IoT devices.
  • Make sure your IoT purchases support identity and access management (IAM), since many products do not.
  • Integrate the IoT into your vulnerability management program.

Above all, don’t think of the IoT as a tech bandwagon that you must jump on. Instead, think of it as a generator of massive amounts of data that must be made intelligible, accessible and secure. It’s not all about buying the devices, it’s about what comes after the purchase.

More from Banking & Finance

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Cost of a data breach 2023: Financial industry impacts

3 min read - According to the IBM Cost of a Data Breach Report 2023, the global average cost of a data breach in 2023 was $4.45 million, 15% more than in 2020. In response, 51% of organizations plan to increase cybersecurity spending this year. For the financial industry, however, global statistics don’t tell the whole story. Finance firms lose approximately $5.9 million per data breach, 28% higher than the global average. In addition, evolving regulatory concerns play a role in how financial companies…

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

The rise of malicious Chrome extensions targeting Latin America

9 min read - This post was made possible through the research contributions provided by Amir Gendler and Michael  Gal. In its latest research, IBM Security Lab has observed a noticeable increase in campaigns related to malicious Chrome extensions, targeting  Latin America with a focus on financial institutions, booking sites, and instant messaging. This trend is particularly concerning considering Chrome is one of the most widely used web browsers globally, with a market share of over 80% using the Chromium engine. As such, malicious…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today