IoT Payments Wednesday Morning

Continuation of my running thoughts as I listen and participate at the Secure Technology Alliance.

Wearables a small part of the IoT market and to scale the vendors need to not have to worry about “Payments”.
Should device manufactures understand payments? Can they?
The TSP must appreciate its role and what it is not.
As we look at IoT we need to recognize the scale of the shift from a issuer centric to a consumer centric model. The payment credential carrier no long belongs to the Issuer.

What is the role of the Token Requestor? It provides a consolidated view for the consumer. It consolidates rhe view of all the edge devices.
Who is the ultimate revenue source? The consumer? How does one create the consolidated view with so many instances of tokens?
What is the life of a token? This then leads to the question of the relationship with the manager (issuer) of the Means of Payment.
With the pre-provisioned credential how does one manage long term life cycle.

Is PKi the right approach to the necessary level of trust this emerging environment requires.
We must remember the complexity of a PKi infrastructure.
In the payment space the use of secure devices e.g. HSM was mainly on the acquiring side. Now as a result of EMV issuers became much more concerned with keys and key management.
As we move into a mobile and more broadly connected world the need to assure trust in the software, device whatever.
This discussion is very much about the value and need for HSMs.
The question is raised as to the future of PKi given the US Gov’t perspective.
And, what of the introduction of Quantum Computing and the associated risk to the available cryptographic algorithms and keys?

A car can be used a place to shop, it could pay for service rendered, it can be linked to service providers. NFC/BLE/In-app and Card on File.
The car can host merchant apps.
The idea of a POS device in the car leaves me lost. Who is the seller?

To address smart cities one has to think across the wider context.
What are the roles the FTA can support, becomes a question of what the cities want.
Mobility on Demand driven by the needs to reduce congestion and improve life.
Built on local partnership within the community
A recognition that a multimodal approach is necessary. A focus on user centric approaches to transport.

The challenge begins with the fragmentation of the transit environment. It is not transit it is all about Mobility.
They want a brand and system agnostic solution that is intelligent and can help better manage spend.
How large is transit, public only, 6,500 transit operators supporting 1 trillion rides per year.
The roadmap is in development, it is early days.

What ìs a wearable? Do define them based of feature and function. Cloths, jewelry…
We use a wearable when we need them. Athletic, climate, entertainment or work.
These electronic wearable needs to consider the use cases that should be integrated into a limited number of devices we would wear.
Three words – simple – connected – enablements
How will we enable more specifically load the various certificates we need to access, employ and pay for.
Interoperability will become the challenge. Do we imagine a world restricted by brand / manufacturer? Or, open to a wide array of designs and capabilities then how do we get there.
Secure element
Data management & personalization
Mobile device software integration
Device life cycle management

Tokenization as a methodology ans ecosystem is essential to the growth of payment in the IoT space.

Identity is the key to much.
The next question therefore it trust in the Identifier.
Authentication with what, in what where?
Life cycle management. How do you know your device been wiped clean of all your credentials.

Leave a Reply Cancel reply