Marketers and CEOs are rubbing their hands together excitedly anticipating the data and sales potential brought about by the Internet Of Things—where every car, thermostat, refrigerator, doorbell and dog collar has its own IP addresses.
How far could marketers push this data usage? Computerworld described where Google could proceed with its purchase of the Nest thermostat.
“What do you think is going to happen when you give a company that makes its money from advertising a window into your temperature settings? If you’re someone who is always cranking up the heat, Google might send you an offer for 20 percent off electric blankets, firewood or two weeks in the Caribbean,” Computerworld said. “Does that not seem all that intrusive to you? Well, then, let’s say that your Nest thermostat has recorded a long history of you keeping the thermostat at 71 degrees during the winter months but you suddenly start to set it at 66. Google’s algorithms take note, make some calculations and conclude that you are in dire financial straits. Now you’re getting offers for low-interest loans or selling your gold jewelry for cash now. Maybe your neighbor doesn’t realize that you’ve been laid off, but Google does.”
One of the most anticipated IoT devices are cars with ample dashboard room. Gartner is projecting that, by 2020, “about 150 million vehicles will be connected via Wi-Fi, and 60 percent to 75 percent of them will be capable of consuming, creating and sharing Web-based data.”
The attraction of “pay by car” is clear. Someone’s driving on the highway and realizes that the gas tank is frighteningly low. What if an onboard nav could not only direct the driver to the nearest gas station—or, if the tank isn’t that low, to the nearest gas station whose per-gallon price is the lowest in the area—and offer the ability to charge it to the default payment card on file? Then the driver could drive in, get the gas and immediately drive away.
Or consider a restaurant recommendation. When a driver is more than 50 miles from home—something the driver’s smartphone and in-car nav system would know—the chance that the driver will accept a restaurant recommendation is much higher. What if the screen could display the menu and allow the driver to make selections and to then charge that to the default card on file? A message is transmitted to that restaurant and the meal is ready upon arrival and the check—including tip—has already been paid.
Ericsson last month reported its own Internet of Things predictions. “By 2020, 90 percent of the world’s population over 6 years old will have a mobile phone and smartphone subscriptions are expected to top 6.1 billion, compared with 2.7 billion smartphone subscriptions today.”
Ericsson also noted where things stand today, mobile-wise. “India and China show the fastest growth for new mobile subscriptions with 18 million and 12 million net additions in Q3 2014. 800 million new smartphone subscriptions in 2014 brings total to 2.7 billion worldwide.”
There is a flip side to all of this goodness. One fear is corporate-to-corporate intellectual property theft. Let’s say an innovator creates a sophisticated mobile app designed to process payments made by watch. What if they discover that a tech company—say perhaps Google or Apple, in the case of Android or iOS apps, or maybe Amazon or Alibaba if they are affiliated with the transaction—is accessing that data and is using it to try and steal their customers?
Then there are the traditional security threats, where some firms are deathly afraid that this device-expansion could open security holes that no one has a clue how to close.
Unisys, for example, issued a statement last week warning IT execs of the inherent risks within the Internet of Things, specifically arguing that IoT outpaces organizations’ ability to protect critical data.
“As devices and items such as cars and home appliances are connected to the Internet, they present more opportunities for the bad guys to get to consumers’ private data and even into their homes,” said Dave Frymier, vice president and chief information security officer at Unisys. “For better or worse, the cyber world is changing faster than the security models used by most organizations, and that will continue to leave us vulnerable to cybercriminals.”
Clearly, payments security is subject to the same risks. Making purchases on a watch—or, for that matter, on a toaster or from a car’s dashboard—are as interesting to thieves as they are to marketers. (The convenience of toasting the last slice of bread and hitting the button for “send more bread” is tempting, though.)
These concerns are hardly new. Last December, it was Symantec that was sounding the Internet Of Things doomsday warnings. “Symantec has discovered a new Linux worm that appears to be engineered to target the ‘Internet of things.’ The worm is capable of attacking a range of small, Internet-enabled devices in addition to traditional computers. Variants exist for chip architectures usually found in devices such as home routers, set-top boxes, and security cameras. Although no attacks against these devices have been found in the wild, many users may not realize they are at risk since they are unaware they own devices that run Linux.”
When the topic of security comes up, it’s important to remember that there are various aspects of security. From a payments perspective, the key worry is someone breaking into the systems, stealing credentials and making fraudulent purchases. (Actually, it’s only the fraud that payments folk should really care about. If the bad guys stole credentials and then did nothing with them—sort of like stamp collecting—no one would care.)
But it’s the credential, the identity of the person that could be distributed to a variety of endpoints that creates the greatest concern to those who see the enormous potential made possible by moving commerce to devices that we can’t even begin to imagine today.
“In 2015, the trend will morph from BYOD (bring your own device) to BYOID (bring your own identity),” said Terry Hartmann, vice president of security solutions and industry applications at Unisys. “Consumers need a central gateway device that belongs to them and is associated with their unique identities. Given that most consumers already have such a device, authentication will move from the back end of transactions to the front end – the consumer’s device. Increasingly, users’ identities will be authenticated through ID codes, IP addresses and tools such as biometric readers built into smartphones. Meanwhile, the back end will serve as an ecosystem for risk assessment.”
Ed McLaughlin, MasterCard’s Chief Emerging Payments Officer, is not that concerned about the Internet of Things movement and in sees the tokenization framework that is central to MasterCard’s Digital Enablement System as fully capable of not only enabling commerce made possible by IoT but protecting the identities of those who wish to leverage that opportunity.
Tokens as digitized, secure device specific credentials can accelerate the delivery of embedded commerce in any device that connects to the internet. McLaughlin pointed to the incredible consumer convenience that comes from eliminating the need to enter and then store card and consumer credentials across multiple web sites or apps, relying instead on a protocol that does all of the work in the background. He likened tokens to digitized credentials to IP addresses and web sites – a global standard that not only creates interoperability across devices and merchants but one that removes friction from the consumer and merchant experience.
The Internet Of Things is coming and it will make for some ultra-convenient and in-context payments. But seizing the opportunity fully will require that those tasked with enabling it do so with a healthy balance of creativity and paranoia to ensure that all bases are covered.