IoT Payments Wednesday Morning

Continuation of my running thoughts as I listen and participate at the Secure Technology Alliance.

Role of the TSP

  • Wearables a small part of the IoT market and to scale the vendors need to not have to worry about “Payments”.
  • Should device manufactures understand payments? Can they?
  • The TSP must appreciate its role and what it is not.
  • As we look at IoT we need to recognize the scale of the shift from a issuer centric to a consumer centric model. The payment credential carrier no long belongs to the Issuer.

  • What is the role of the Token Requestor? It provides a consolidated view for the consumer. It consolidates rhe view of all the edge devices.
  • Who is the ultimate revenue source? The consumer? How does one create the consolidated view with so many instances of tokens?
  • What is the life of a token? This then leads to the question of the relationship with the manager (issuer) of the Means of Payment.
  • With the pre-provisioned credential how does one manage long term life cycle.

Root of Trust

  • Is PKi the right approach to the necessary level of trust this emerging environment requires.
  • We must remember the complexity of a PKi infrastructure.
  • In the payment space the use of secure devices e.g. HSM was mainly on the acquiring side. Now as a result of EMV issuers became much more concerned with keys and key management.
  • As we move into a mobile and more broadly connected world the need to assure trust in the software, device whatever.
  • This discussion is very much about the value and need for HSMs.
  • The question is raised as to the future of PKi given the US Gov’t perspective.
  • And, what of the introduction of Quantum Computing and the associated risk to the available cryptographic algorithms and keys?

In-Vehicle Payments

  • A car can be used a place to shop, it could pay for service rendered, it can be linked to service providers. NFC/BLE/In-app and Card on File.
  • The car can host merchant apps.
  • The idea of a POS device in the car leaves me lost. Who is the seller?

Smart Cities and Multi-Modal

  • To address smart cities one has to think across the wider context.
  • What are the roles the FTA can support, becomes a question of what the cities want.
  • Mobility on Demand driven by the needs to reduce congestion and improve life.
  • Built on local partnership within the community
  • A recognition that a multimodal approach is necessary. A focus on user centric approaches to transport.

Multimodal Payment Integration

  • The challenge begins with the fragmentation of the transit environment. It is not transit it is all about Mobility.
  • They want a brand and system agnostic solution that is intelligent and can help better manage spend.
  • How large is transit, public only, 6,500 transit operators supporting 1 trillion rides per year.
  • The roadmap is in development, it is early days.

Wearables – lessons learned

  • What ìs a wearable? Do define them based of feature and function. Cloths, jewelry…
  • We use a wearable when we need them. Athletic, climate, entertainment or work.
  • These electronic wearable needs to consider the use cases that should be integrated into a limited number of devices we would wear.
  • Three words – simple – connected – enablements
  • How will we enable more specifically load the various certificates we need to access, employ and pay for.
  • Interoperability will become the challenge. Do we imagine a world restricted by brand / manufacturer? Or, open to a wide array of designs and capabilities then how do we get there.
  • Secure element
    Data management & personalization
    Mobile device software integration
    Device life cycle management

    Tokenization as a methodology ans ecosystem is essential to the growth of payment in the IoT space.

BLE of IoT Payments

  • The cloud may restrict what could be communicated.
  • BLE is “local” allowing secure application management and secure transactions.

Managing Trust and Security

  • Identity is the key to much.
  • The next question therefore it trust in the Identifier.
  • Authentication with what, in what where?
  • Life cycle management. How do you know your device been wiped clean of all your credentials.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.