IoT is the game-changing next step for telcos – but is it a security risk?
As revenues continue to decline in telcos’ traditional core business – calls, data and roaming fees – it is understandable that the IoT is being hailed as a natural progression and sizeable growth opportunity for the industry. But it also brings with it a significant weakness through which fraudsters can attack, writes Chris Curd, the head of telco at ACI Worldwide.
The market is predicted to be huge Each household will have a minimum of 20 connected devices talking to networks by 2020, and every square mile will have 600 million devices sending small bursts of information. Research from Edgar, Dunn & Company estimates that the number of IoT devices in use by – such as wearables, smart home appliances and connected cars – will rise from four billion in 2016 to 13.5 billion in 2020, a threefold rise in only four years. This means a lot of extra attack vectors for fraudsters.
The current state of affairs
This IoT market is currently viewed in terms of four main pillars:
- Spectrum (the bandwidth to deliver IoT)
- Payments infrastructure
- Fraud and security
Despite the fraud threat, the industry is mainly focusing on spectrum and commoditisation – in other words, physically enabling IoT technology. This involves ensuring IoT devices operate using low bandwidth transmitters and have enough bandwidth to carry the billions of additional communications per day. With the huge challenges to address in their bid to commercialize the IoT opportunity, it’s understandable that this commands much of telcos’ attention.
The problem is, in the face of the challenges in addressing these first two pillars, most telcos have not yet progressed to looking at how they will take payments, how they will secure these payments, or the impact that the immense volume of transactions might have on their payments infrastructure.
While the list of potential IoT devices is almost endless, all these devices will be communicating via an embedded eSIM or iSim, passing on multiple transactions per day. Telcos looking to support IoT services need to ensure they select a payments gateway that supports any type of device and any method of communication, supporting high transaction volume securely without compromising the user experience.
Lastly – and arguably most importantly – telcos need to make sure the payments solution they put in place can push final IoT purchase confirmation back to the consumer before payment is taken, by adding additional fraud protections. Imagine a smart fridge automatically orders a replacement pack of beer every time it runs out. In theory this sounds great, but in reality, there is too much room for error, with consumers potentially losing control of both their fridge contents and their money. The best approach is to have a final point of authorization for each payment, easily done via a simple yet secure SMS or biometric authorisation method; a final, but important, security checkpoint in the process.
With the payments and fraud elements of the IoT forming such a critical part of the path to increased revenue and profitability, telcos will jump at the opportunity to work with expert partners that can provide a robust, cloud-based platform with ready access to a range of geographies and payment methods. But security must be a key consideration in any of these payment partnerships, otherwise the customer is being unnecessarily exposed to fraudulent and costly attacks.