If you’re like most people, you wouldn’t knowingly invite a burglar into your home or share your personal and financial data with strangers. You lock your doors. You password-protect your phone and computer. However, if you’re like most people, you also may be letting hidden security risks into your home or business by using some of the many internet-connected devices, such as smart speakers, smart appliances and wearable devices.
Estimates of how many Internet of Things (IoT) devices are connecting physical objects through digital networks to computers vary, but the number is already huge and growing daily. IoT Analytics says there were more than 12 billion actively connected IoT devices as of 2021 and predicts there will be more than 27 billion by 2025. According to McKinsey & Co., while the average home had just one IoT device five years ago, it now has about five.Â
As these numbers keep increasing, the security and identification challenges posed by these devices are also increasing. This is particularly true when it comes to payment transactions. Over the next five years, advances in wireless communications, artificial intelligence, robotics, and other digital technologies could make it possible, even preferable, for intelligent connected devices to initiate and accept payments through other IoT devices and the cloud, sometimes with little or no human involvement.Â
The dynamics of these machine-to-machine payments may differ from traditional consumer-to-business and business-to-business transactions, with new user journeys and data exchanges, but they still need to be just as reliable and secure. Consumers and businesses who want the convenience and efficiencies of IoT devices need to know their information and data will be protected from unauthorized users.Â
Evaluating device security
Not every IoT device or its accompanying software will have the same level of built-in security as today’s smartphones. Consumers might not change the default settings on IoT devices, allowing hackers to access them. Even if they do change those settings, manufacturers might not continue to support their devices indefinitely with security patches, leaving them vulnerable to being hacked at some future date. Users also need to consider what happens to their data when they dispose of an IoT device they no longer need or want.
Providing the trusted setting for machine-to-machine transactions to take place is a priority if this evolution in payments is to reach its full potential. That means expanding capabilities in identity verification and authentication to establish assurance in the transaction process, reduce fraud across the network and enable seamless customer experiences.Â
It also means asking new questions and exploring new ideas, such as how the data generated by IoT will support and inform transactions, how IoT devices and data might enhance the consumer experience, what new market segments and requirements might emerge, and how consumer acceptance may evolve because of technological advances and new IoT offerings.Â
This will involve collaboration across many disciplines, including basic research, science and technology, regulation and oversight, and human behaviour.  Â
That’s why Mastercard, which already operates its own Intelligence and Cyber Centre in Vancouver, is partnering with academic institutions in Canada, such as Ryerson University (now Toronto Metropolitan University) in Toronto and the University of New Brunswick, to explore these types of questions. As a founding member of the National Cybersecurity Consortium and host of the Canadian Institute for Cybersecurity, UNB has many cybersecurity-oriented researchers working across the institution. The partnership will build on this strong foundation, establishing a Research Chair in IoT Cybersecurity and a new Cybersecurity IoT Security Lab at UNB and supporting students through scholarships.Â
These partnerships will help us find the solutions needed today to support and sustain machine-to-machine transactions and develop and nurture the experts and infrastructure for tomorrow.Â
Protecting IoT transactions
Just like in-person or e-commerce payments, IoT transactions demand the highest levels of security, reliability and transparency. Trust will always be the top priority for customers, cardholders, retailers, our partners – and for us.Â
As technology advances, devices evolve and payment methods adapt, we are continually innovating to ensure the security of billions of electronic payments and data sharing wherever and whenever they occur. The work we are doing today will make it possible for consumers and businesses to take full advantage of the IoT without opening their doors to the digital equivalent of burglars.
