The Green Sheet Online Edition
February 11, 2019 • Issue 19:02:01
IoT payments: fast, fraudproof, frictionless
A new population of commerce-enabled machines equipped with intelligence and sensemaking capabilities is challenging our most deeply held ideas about payments. Smart refrigerators monitor inventories, reordering food when supplies are depleted. Smart televisions expand viewing options, adding music, video streaming and Internet content to traditional programming. Vending machines initiate transactions when doors open and check out removed items when doors close. These are examples of how the Internet of Things (IoT) is transforming commerce.
Organizations use IoT technologies to automate tasks to improve efficiencies, product development and the customer experience. Software innovations are augmenting, not replacing physical products, experts say. These innovations make products discoverable in the IoT and bridge the divide between physical and virtual environments.
Numerous innovations that originated in the industrial IoT found their way to the broader IoT ecosystem. In August 2018, Forrester Research published The Forrester Wave: Industrial IoT Software Platforms, Q3 2018. The report identified five core IoT capabilities: connect, secure, manage, analyze and build. Following are examples of how each capability helps protect physical assets across the supply chain while facilitating fast, fraud-proof, frictionless payments.
IoT software platforms gather data from low-level sensors attached to billions of products to authenticate, manage and protect industrial assets. These platforms use communications protocols and gateways to extract data and update digital systems. RFID tags, barcodes, QR codes and heat-sensing devices are popular inventory scanning methods. Forrester researchers cited narrow-band networks, Bluetooth LE, LTE Cat 0 and Wi-Fi as communications options.
Impinj Inc., a global RFID solutions provider, helps enterprises wirelessly connect and network physical objects to the Internet while gathering information about each item. Gaylene Meyer, vice president, global marketing and communications at Impinj, said Macy's, Zara's and other retailers use the company's RAIN RFID solution to track, identify, locate and authenticate inventoried objects. By combining item connectivity with item intelligence, the solution enables companies to manage devices and products across an enterprise, she added.
Matthew Warner, director of channel management at OptConnect, works with payments service providers to provide commercial-grade connectivity across the IoT. He has seen clients implement his company's managed SIM card program in a variety of ways. "Our customers deploy proprietary sensors that predict and monitor data usage," he said. "They use SIM cards to communicate with data hubs over cellular networks while optimizing security and efficiencies."
Systech Corp. manufactures IoT hardware and software, including modular IoT gateways and networking products. Robert Lutz, vice president of business development at Systech, said the company's SL-600 IoT gateway can detect when consumers remove items from store shelves. Retailers use the device to create dynamic price tags, updating them wirelessly in real time as they track a pricing strategy's effectiveness. Lutz said, "Using a secure dashboard and drag and drop tools, business owners can create a script and remotely manage their stores from anywhere in the world."
IoT devices generate sensitive information through local gateways and over the Internet, which makes them vulnerable to hacks and data leaks, Forrester researchers noted. They recommended implementing software protections to "ensure device attestation, network connectivity, software upgrades, authentication, identity and access management, and data loss prevention."
Ruston Miles, chief strategy officer and co-founder at Bluefin, a technology provider, said many companies say they'd like to accept payments for their subscription-based services and ask how turn on payments to create recurring revenue. Bluefin advises them to segment protected networks from IoT devices, which can be staging points for malware to access your networks.
"Things will be things and as we make them more convenient and innovative, they eventually become enabled on the IoT," Miles said. "Even marginal things you wouldn't think of as Internet-enabled, like lightbulbs, can be staging points. If 50 people show up at your office, with 2 wearables on each body, that's 100 IoT devices exponentially expanding your attack surface."
Miles went on to note that payment data should always be encrypted and tokenized if stored. Devalue data, even data that accidentally gets into your network, he cautioned. That Fitbit you use to track your steps is connected to a network and has software, he said. Fitbits can be a backdoor, but if your data is encrypted and tokenized, employees can bring their Fitbits to work.
Sam Shawki, CEO at MagicCube, said IoT security must be compatible across devices and operating systems. "Imagine your iPhone talking to a GE medical device, searching Google, instant messaging your car and directing your Samsung tablet to the hospital ‒ just in time for your grandchild's birth," he said. "This scenario would require Apple, GE, Google, Ford and Samsung to use common software across devices or at least have a common set of APIs."
Forrester researchers found that IoT networks simplify the process of configuring and provisioning connected IoT assets. They also observed that IoT software platforms "support monitoring, testing, updating, and troubleshooting connected devices and software," and may include enhanced reporting of device updates and histories. Managing connected devices can be a huge supply chain issue, Shawki stated. When you build and sell a fleet of connected cars, how do you manage them? When you insert a chip into a device, how do you manage it remotely, once it's in the wild?
MagicCube's solution solves for security without using hardware, Shawki stated. The company's virtual trusted execution environment is designed to meet EMVCo specifications for software-based mobile payments and can be remotely managed. "We can do a seamless over-the-air upgrade without asking anyone's permission," he said. "Our software-based solution can suspend and resume the device's ability to transact."
Protecting physical assets is a critical imperative in the IoT, noted Stephen Joseph, business development manager, banking and finance at Axis Communications. He provided the example of a fleet of software-enabled video cameras, each performing a different task. One could monitor foot traffic; another could focus on checkout queues; a third could use heat-mapping to identify high-trafficked areas in a store.
"We ask clients what problems they want to solve and design solutions that deliver a meaningful ROI," Joseph said. "Effective video surveillance balances customer experience with security to help customers feel safe and keep the bad element away."
Steve Schoenecker, senior category manager, food service and retail solutions at Panasonic Corp., North America, said Panasonic provides supply chain visibility from source to consumption, delivering pertinent data to customers from "a single pane of glass." For example, if there's a typhoon in Taiwan, we know that ship will not sail, so that one-click Amazon order will be switched to air to meet Amazon's promised delivery date, he explained.
Forrester researchers noted that advanced analytics enable sensors to capture audio and video data in real time. Analysts can evaluate various types of captured sensor data to make informed decisions. "Rich analytics are an increasingly important category of IIoT software platform functionality, including data filtering and streaming analytics to monitor data in real time and advanced analytics to extract hidden patterns and insights from captured information," they wrote. Schoenecker said Panasonic "lives on the smart edge of the IoT, where data is being collected, helping our customers design warehouse management systems for their environments and sort through data to make actionable decisions."
Jim Dempsey, national sales manager at Panasonic North America, added, "We scan things using voice, RFID portals and data capture technologies that go into the network of smart edge devices. Unique product identifiers enhance visibility and traceability, providing data to the system's analytics and artificial intelligence layers. The system can sort through data and make basic decisions without human intervention."
Frank Teruel, senior vice president and general manager at ThreatMetrix, a LexisNexis Risk Solutions company, pointed out that everyday things like listening devices, wearables and smart TVs make the IoT a pervasive threat, because these devices are frequently designed without a security posture. "In the IoT, we associate devices with people," Teruel said. "Our methods and usage patterns assimilate these devices into our digital identities."
As individual usage patterns become part of their digital identities, ThreatMetrix creates a comprehensive but anonymous profile, using analytics to see "if Frank is really Frank." Each device is assessed in the following four ways:
- What method of interaction is a device using in the digital world? Is it human?
- How are the varied personas of an individual interacting on the Internet? From a risk perspective, any one of these personas could compromise an individual's identity.
- How is this digital identity functioning in real time?
- What is the comprehensive picture, including known threat vectors and analytics, telling us about this person?
"Once I've established a clear connection between an individual and group of devices, I have a deterministic view of data elements and identifiers that can be applied to an actual rule set in our system," Teruel said. "The amount of information resident on these devices is incredible. We need to manage the devices we're using in a transaction. To us, whether it's a fridge or a smartphone, it fits into our paradigm of securing identity risk."
Forrester researchers noted that software developers use a variety of tools to shape data elements and models into IoT business processes, applications and use cases. These resources, which include APIs, software development kits and other development tools, help developers connect, secure and manage IoT applications.
Joe Jensen, vice president of the Internet of Things Group at Intel Corp., said some of the most exciting innovations in retail are changes you can't see, such as machine learning platforms that automate promotions and merchandising processes, enabling staffers to focus on their customers. These developments are driven by creative collaborations and advanced technologies. Intel's Open Retail Initiative promotes common, open source frameworks that facilitate a free exchange of ideas in retail and remove barriers to adoption, he stated.
Peter Fitzpatrick, director of market development at Agreement Express, said a universal IoT interface would connect consumers with myriad product and service providers across the IoT. "No single retailer has everything you need at the best price," he said. "The same applies to payment services. Today's merchants have a broader toolset to operate their businesses and choose to work with providers that bundle them together in a unified experience."
Fitzpatrick said Agreement Express has partnered with Paya to provide a unified application experience to ISOs. John Laurell, vice president, technical operations at Paya, added that the partners are helping clients embed onboarding and payment acceptance into a range of vertical solutions.
4.3 billion by 2023
As IoT retail platforms continue to reduce costs and improve efficiencies, analysts expect them to play a larger role in enterprise resource planning. Juniper Research & Strategy cited examples of RFID applications that improve logistics and warehouse operations and power Amazon Go's "Just Walk Out" shopping experience.
Juniper's October 2018 study, titled IoT in Retail: Strategies & Forecasts for Retailers & Platform Providers 2018-2023, predicts the global population of IoT connected assets will grow from 5 billion in 2018 to 25 billion by 2023.
IoT revenue, which was $890 million in 2018, will exceed $4.3 billion by 2023, researchers stated. "Retailers are facing a perfect storm of pressures and challenges, which IoT implementation can help them navigate successfully," said Nick Maynard, author of the report. "ERP and retail platform providers are a compelling proposition in enabling successful IoT transformation."
Dale S. Laszig, senior staff writer at The Green Sheet and managing director at DSL Direct LLC, is a payments industry journalist and content provider. She can be reached at firstname.lastname@example.org and on Twitter at @DSLdirect.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.