PRINCETON JUNCTION, N.J., November 7, 2017 – IoT Payments 2017, a Secure Technology Alliance event, took place last month with sessions covering the most important developments, innovations and efforts driving secure, seamless IoT payments.
“IoT Payments is the only conference bringing together financial executives, device and application providers and retail industry experts for a deep dive into the evolving intersection of payments and the Internet of Things,” said Randy Vanderhoof, executive director of the Secure Technology Alliance. “Throughout the event, we heard first-hand from speakers on the different ways the payments and IoT industries are intersecting to collaborate on solutions for simple, smart, secure payments across connected devices.”
Throughout the two-day event, speakers discussed the best strategies for developing solutions that meet the “big three” criteria for IoT payments success: security, mobility and usability. The following is a recap of the event:
Many early IoT implementations didn’t prioritize security, instead focusing on easier, faster deployments and more convenience for the consumer. Michael Orlando of Fit Pay said that while 83 percent of consumers want to use connected devices for payments and other smoother transactions, the IoT and payments industries need to put security first.
Stefania Boiocchi of Infineon pointed to the emergence of Mirai, a type of malware that automatically turns internet-connected devices into botnets to be used in distributed-denial-of-service attacks, as the wake-up call that pushed the industry to make security a priority.
Boiocchi recognized the importance of considering how trust is spread throughout a transaction, and identifying where the risk is. With each of the IoT markets using different approaches for managing trust, interoperability with standardized, end-to-end security approaches are necessary.
But there needs to be a balance between security and usability. During a session on moving the future of retail forward, Stephane Wyper of Mastercard pointed to innovative new ways to provide security without additional friction, such as behavioral analysis and other new biometric form factors.
Jose Diaz of Thales e-Security explained why IoT payments need a trust framework that provides enough security but requires minimal interaction with the consumer. To do this, Diaz says we need an on-device credential, like PKI, that provides a root of trust to enable secure communication, mutual authentication and data integrity.
Other speakers agreed, emphasizing that applications that need high security, like payments, will require hardware security based on a tamper-resistant hardware element. Speakers also highlighted the role of secure chip technology for IoT devices, which provides a foundation for security for transactions (e.g., authentication, data security) and life cycle management.
In addition to concerns for security, speakers voiced insights on how to manage the lifecycle of IoT devices for payments and other applications. Unlike payment cards, IoT devices may have long lives, change ownership, be discarded, need updates and more – and all of this needs to be managed securely.
For relevant news, resources, expert commentary and thought leadership on the security and privacy of IoT, visit the Secure Technology Alliance’s content portal, IoTSecurityConnection.com.
For continuing updates on the Secure Technology Alliance, visitwww.securetechalliance.org, follow @SecureTechOrg on Twitter.
About the Secure Technology Alliance
The Secure Technology Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption and widespread application of secure solutions, including smart cards, embedded chip technology, and related hardware and software across a variety of markets including authentication, commerce and Internet of Things (IoT).
The Secure Technology Alliance, formerly known as the Smart Card Alliance, invests heavily in education on the appropriate uses of secure technologies to enable privacy and data protection. The Secure Technology Alliance delivers on its mission through training, research, publications, industry outreach and open forums for end users and industry stakeholders in payments, mobile, healthcare, identity and access, transportation, and the IoT in the U.S. and Latin America.
For more information, please visit www.securetechalliance.org.