Continuing the learning and commentary
IoT Payments 2017 – Austin TX October 10th and 11th
- Security has always been an after thought as devices were deployed and solutions were developed. Security needs to be built in as a fundamental layer in these emerging IoT objects.
- Growth in fraud in online payments is typically a result of the deployment of EMV.
- As we think about Dash buttons and the myriad of other interfaces that can access a card on file style shopping and payment experience we must think anew about security.
- What is context? Our digital footprint as we go through our daily lives.
- The growing number of IoT devices can help to establish context, which can then be used as a fourth factor in an authentication scheme.
- It is all about acquiring data and building a profile, your context.
- What is the unique identifier that links all the objects to the individual.
Bridging the Security Gap
- Brightsight a lab focused on security looking at both physical a logical security at both the operating system and application layer.
- The IoT landscape is a world of objects where to goal is sell fast. No security has been built in and the attack surface is broad and wise.
- The fear of who is able to access the vast array of data available through these connected devices.
- Security is about managing risk. Risk evolves over time. Therefore security must evolve to stay ahead of the current level of risk – continuous improvement.
- In the world of IoT who will define the security requirements and who shall pay becomes the key question.
- We should consider using Common Criteria as a baseline for the security of IoT devices.
- Bottom line – the implementation of security is all about the developer and the use of already certifies components e.g. Integrated Circuit and the Operating System.
The key to top of wallet
- Changing our top of wallet card is not something we are driven to do.
- So many sites drive to Card on File
- The objects will end up with an embedded payment within
- There is a hierarchy of needs
BASIC WANTS & NEEDS
MASS & PERMITTED RECOMMENDATION
SOCIAL & RELEVANT 1REFERRALS
As he speaks of On-behalf a document produced back in 1996 must be found
- Will the IoT evolution increase consumption, Maybe?
- What is the connectivity
- Where are the credentials stored
- Is it a configurable device relative to which credentials
Contactless cards and devices
The mobile ecosystem introduces the token requestor
A solid overview of the world of tokenization
- The tap experience with a wearable is an interesting design experience.
- A wearable is smaller and much more personal.
- As seen from the payment networks
- Like a card
- Mobile device (secure element)
- Wearable are in market today
- Wearable are in market today
Risk Based Payment Security
- Beth took a walk through the history of payment acceptance
- The Internet of Things creates the tsunami effect on our world of risk. Both scary and empowering.
- Risk is or was always about the balance between security and convenience.
- Tokenization moves the authentication responsibility from the Issuer to the payment brand. In this case who has the responsibility in the event of. Has the threat of penetration moved to the payment brand.
- The move to mobile devices as a result of the inherent transaction security to the registration and ID&V process.
- Interoperability and security standards who controls? IoT is not a market. It is a collections of vertical and closed environments.
- We need to agree on a common set of security values not necessarily on a common standard.
- When we think about the wider question of the how and what of security. We need to think about the security of the device and the cloud. We need to remember it is also about the ability to spoof and acquirer the credentials of a user.
- Security must be designed in from the beginning.