Beware the Internet of Thieves

Written by

The internet of things brings great opportunity for the payments industry, with strong growth forecasted in mobile payments – but what about the threats? It’s time for the payments industry to address this reality before it’s too late, writes Ajay Bhalla 

The hype around the internet of things (IoT), embedded computing devices with internet connectivity, shows no sign of slowing down. Forecasts predict 4.9 billion connected things will be in use in 2015, up 30% from 2014, and will reach 25 billion by 2020.

Already, the IoT embraces a wide range of devices, including digital home lighting, smart TVs, car systems, networking devices, smart watches, and activity trackers. There can be no doubt that it has become a powerful force for change in business and consumer spheres, but the IoT could also have a disruptive impact across all industries and all areas of society.

The nature of increased connectivity leads to increases in the areas for attack, and the subsequent vulnerabilities  present new opportunities for researchers and attackers alike. In the past year, there have been a growing number of probing and experimental attacks on a range of devices, as well as a few serious attacks.

Further research forecasts that the rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1trn globally by 2019, rising to almost four times the estimated cost of breaches in 2015.

Not Just a Technology Issue

Payments are core to consumers’ lives, with research forecasting that, by 2017, half of today’s smartphone users will be using mobile wallets as their preferred payment method. The market is clearly growing, and the increasing number of vendors launching connected wearable devices are confident that the mobile wallet will deliver on its promises.

Although mobile platforms are inherently more restrictive than desktop computers, the widespread use of applications like mobile banking means that, in time, mobile devices will be increasingly targeted by skilled attackers.

In some instances, attacks are already capable of exploiting vulnerabilities in IoT systems and as market leaders emerge and their ecosystems grow stronger, attacks against devices will undoubtedly escalate.

The Payments Industry Must Anticipate the IoT

Research estimates the global average cost of a cybercrime attack to be close to $6m and through its global adoption, the IoT could soon become the next battleground in the threat landscape, generating an ‘internet of thieves’ that we must anticipate so we can detect, prevent and protect ourselves against.

Further research highlights security concerns (48%) and privacy (46%) as the two main inhibitors to IoT adoption, calling on business and technology leaders to reconsider traditional approaches to cybersecurity and identity.

What can we be doing now while this threat is still in its infancy to assure a safe and secure transition when the time comes for consumers to pay within the IoT?

A layered approach to security is vital to fully protect against the threats posed by the IoT. Within this, there are four key elements.

First, when making payments, we must protect the card number in both the physical and the digital environments by confirming the authenticity of the payment account.

Second, we need to ensure that the rightful owner of the card is the one actually making the transaction – they must confirm they are who they say they are. There are a number of ways in which we already do this – more traditionally with passwords but now the industry as a whole is shifting towards a new era of biometric authentication. It is forecast that by 2020 100% of smart mobile devices will include such sensors as a standard feature.

The third layer to this approach is securing the transaction, making sure all the pieces of data fit expected models and patterns through analysis of card, cardholders, and environmental data to measure and mitigate risk.  

While these three elements operate their own purpose within the layered approach, the fourth and final element is running consistently within them, every step of the way. This stage ensures all potential areas of vulnerability are covered so if thieves aren’t caught one place, they will be caught elsewhere.

Whether it’s to stay ahead of competition or fraudsters, the payments industry cannot ignore the implications of the IoT, set to transform their current environments. One thing is certain; adopting a safe and secure approach delivers better profitability, consumer experience and brand protection than any individual security solution.

About the Author

Ajay Bhalla takes ultimate responsibility for delivering on MasterCard’s core pledge – to ensure the safety and security of every payment and every cardholder connected to its network. In his current role, and throughout a 23-year career at the MasterCard, he has been behind many of the innovative solutions that have made payments simpler, safer and smarter.

What’s hot on Infosecurity Magazine?