December 11, 2019 By Mike Elgan 4 min read

Increased reliance on the internet of things (IoT) is one of the biggest trends in enterprise technology, and the financial services industry is a big part of that trend. And due to the nature of financial business, both the promises and the risks of the IoT in financial services are great.

To demystify the IoT a bit, an IoT device is anything with processing power that is not usable as a computing device. That covers point-of-sale (POS) devices, security motion detectors and even internet-connected coffee machines, to name a few. Gartner predicted that the world will see nearly 21 billion IoT devices by next year.

Many IoT devices used in the financial services industry are customer-facing. Banks, for example, can use IoT tech to form a higher-resolution picture of credit risk or to recognize customers as they come through the door for a smoother, more personalized customer service experience. Businesses can use IoT devices to collect more data about customer preferences and behavior, and financial institutions can gather real-time data from wearables to enable personalized product advertising.

Current customers can perform transactions using wearable and car-based IoT devices, and new customers can be signed up for financial services using mobile devices at special events, trade shows or malls. Home devices like smart speakers allow consumers to open accounts through voice commands, which can trigger back-office workflows.

In short, IoT devices offer improved customer service and greater business efficiency, but the benefits of the IoT in financial services cannot be realized simply by purchasing IoT devices — that’s just the beginning.

How the Internet of Things Can Become the Internet of Broken Things

When a new technology comes along that isn’t fully understood yet, buyers often embrace the technology because it’s the “Next Big Thing,” and not because they have a clear vision of how it will benefit their affairs or add value to existing systems and processes. IoT technologies are no exception. Considering the costs of purchasing IoT devices without considering the costs that may come after is all too common. Let’s start with the most mundane issues they can bring.

Unlike nearly all enterprise technology devices, which are either plugged into the wall or powered by rechargeable batteries, many IoT products are powered by replaceable batteries. This can start out great but turn sour when the batteries inevitably weaken and ultimately die. Dealing with batteries is part of a larger conversation that needs to take place about the many factors that can affect the total cost of IoT device ownership. Remember to account for the inevitability of equipment failures and the costs of downtime as well as the resources and processes required to perform preventative maintenance.

IoT devices can also generate an enormous amount of data, creating additional costs related to storing and securing all that data. Organizations often don’t have the necessary processes in place to check IoT data for errors and omissions, so the quality of data isn’t always reliable. That’s a separate project that needs to be planned.

When an organization makes an IoT device purchase, it must also allocate funds for implementation, security, maintenance and other post-purchase matters.

Security and Privacy Concerns

Gartner predicts that IoT security spending will reach $3.1 billion by 2021. That estimate is likely conservative, as spending will likely increase once organizations fully understand the security and privacy risks associated with the IoT. In addition, IoT decision-making often doesn’t include budgeting for security, but greater awareness about the susceptibility of these devices to hacks will likely change that.

Many IoT in financial services devices are ripe targets for cybercriminals because they tend to convey personal information about customers and facilitate money transfers. And since that IoT data is not always originating from financial organizations, it’s often left exposed or poorly protected. To account for this, organizations with customer-related IoT data must communicate what data is being gathered from customers and what the company intends to do with that information.

It’s helpful to regard IoT devices as sources of huge quantities of potentially sensitive data on top of the already growing stores of organization data that must be securely and privately managed.

Small Devices Can Create Big Data

Where does all the data generated by financial institutions go? And how can organizations make use of it? To maximize the potential gains of data collection, institutions must extract the most actionable insights, and this is where artificial intelligence (AI) can help.

A survey conducted by SAS, Deloitte and Intel found that 92 percent of respondents reported business improvements after integrating AI with IoT systems. Shockingly, only 12 percent of organizations found the IoT to be beneficial on its own, but with AI added, that statistic rose to 31 percent.

IoT data must be deciphered to be useful, and AI is a crucial asset for turning data into actionable insights.

Integrating IoT Devices Safely

Here are some tips for integrating IoT technologies into a financial organization for increased security and business efficiency:

  • Understand which devices are part of your IoT infrastructure and where they operate. Keep an eye on these devices, what they’re doing and who has access to them.
  • Think about how to pair IoT data with AI for actionable business insights.
  • Consider how authentication will work. If access to your devices or data will be selectively granted to specific people, how will those people be authenticated?
  • Make sure you have a plan for updates and patches that includes how you will ensure new IoT devices are compatible with your existing systems for update management.
  • Stay on top of the latest emerging threats related to the IoT.
  • Plan how you will handle any strange or malicious activity originating from your IoT devices.
  • Make sure your IoT purchases support identity and access management (IAM), since many products do not.
  • Integrate the IoT into your vulnerability management program.

Above all, don’t think of the IoT as a tech bandwagon that you must jump on. Instead, think of it as a generator of massive amounts of data that must be made intelligible, accessible and secure. It’s not all about buying the devices, it’s about what comes after the purchase.

More from Banking & Finance

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

DORA and your quantum-safe cryptography migration

5 min read - Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. Unfortunately, this also introduces threats to the digital economy and particularly the financial sector.The Digital Operational Resilience Act (DORA) is a regulatory framework that introduces uniform requirements across the European Union (EU) to achieve a "high level of operational resilience" in the financial services sector. Entities covered by DORA — such as credit institutions, payment institutions, insurance undertakings, information and communication technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today