Menu

Can you trust your refrigerator with your credit card?

Can you trust your refrigerator with your credit card?
Posted: Apr 19, 2017
Comments: 0
Author: Tom Davis

Even if IoT devices are not secure, payments made by connected devices are.

Lately it seems a lot of disturbing stories have been coming out about the Internet of Things (IoT). NBC News stated that there are over 6 billion connected devices in use, and predicted that this number will grow to over 20 billion by 2020. But is also showed a video reporting on a massive denial of service attack that used millions of connected baby monitors and home video cameras to launch the attack. More recently, the local Fox station in Orlando carried a story about a couple whose smart home was digitally infiltrated by a hacker who invaded the home via the voice-enabled two-way camera. In this case it was a “white hat” hacker, or a member of a group of ethical hackers who look for holes and inform the vulnerable without causing harm. TMG published a whitepaper stating that “The Internet of Things Increasingly an Internet of Threats.” Recently, The Washington Post reported on a connected doll, My Friend Cayla, which has a built-in camera to detect motion and a microphone for voice recognition. It has a built-in Bluetooth for the voice recognition to be processed in the cloud; Siri-like. This connected toy has been banned in Germany because it is easily hackable and presents a prime target for hackers who can use the toy's technology to spy on families and collect private information.

At the same time Visa is showcasing a connected car which can pay for parking and gas by itself and IBM is betting $200 million that most of the predicted 200 billion connected devices, namely the billions of cars, fridges, sneakers and other connected devices, will be turned into points of sale.

So how can we be hearing about how unsafe the Internet of Things can be, and at the same time, how the Internet of Things will become the Internet of Payments? In order to answer this question, and dispel some myths, one needs to look at the security of the devices separately versus the security of payments made from or by the devices.

Security of these billions of connected devices is a valid concern. But the devices do not present a completely new type of vulnerability. Wi-Fi routers have always been a window through which hackers could gain digital access into a home. Additional connected devices just adds many new windows of vulnerability, primarily due to just one simple factor: people don’t add a password, or change the default password. Avast Research found that more than half of all home routers are poorly protected by default or common, easily hacked password combinations such as admin/admin or admin/password, or even admin/<no-password>. Add to this problem the lack of password or default password on most home security cameras, baby monitors, smart garage door openers, connected toys, and home hubs. Unfortunately the manufactures of many connected devices actually encourage this kind of complacency as a trade-off to make fairly complex devices easy to install and work right-out-of-the-box. Security of the IoT doesn’t have to be an issue, but as long as human nature is involved, security, or the lack thereof, will remain a problem.

Even if the devices are not secure, payments made by connected devices are secure.  In fact, payments in the IoT can be made more secure than payments made at a physical Point-Of-Sale. POS terminals are subject to malware downloaded to the actual device to steal payment credentials. This is how major breaches over the last two years, including Home Depot, Target, Wendy’s and very recently Arby’s, were conducted. Connected devices don’t have payment information stored locally. Instead they use a secure cloud-based payment scheme, such as Visa Checkout, MasterPass, or Amazon, which in some cases go further by storing a token of a payment credential (versus the actual card number). So even if a hacker can get into the Samsung Smart fridge, they might be able to see your shopping list, but not your payment info. Likewise, smart jewelry and clothes that can be used to make a payment, store just a token that is associated with that device/ring/sweater. Even if a hacker can copy the token, it is useless if used from any other device.

While the IoT feels a bit like the Wild West when it comes to hackers, payments in the IoT remains a secure way to pay.

Print
Rate this article:
No rating
Tom Davis

Tom DavisTom Davis

Tom is President & COO of CSCU. He joined CSCU in 2004 and today wears many hats as highly respected executive and tireless evangelist on new payment technologies and innovations and how they will positively impact the success and growth of credit unions.

Other posts by Tom Davis

Full biography , Contact author

Please login or register to post comments.

search

Featured Stories