Credit Unions Prep to Leverage the IoT
The Internet of Things, which revolves around machine-to-machine communication, embedded sensors, the cloud and millions of connected objects, could bolster member engagement for credit unions but also create security, privacy and system concerns.
The machines include mobile point of sale and wearable devices, home appliances, health monitors, body scanners, intelligent shopping carts, and security and environmental control systems.
Estimates of the size and value of the IoT market vary. Gartner predicted there will be nearly 26 billion devices valued at $1.9 trillion by 2020, while the International Data Corporation estimated nearly $9 trillion in annual sales by 2020. Cisco put the number of IoT devices at around 14.8 billion today and some 50 billion by 2020, and Microsoft estimated there will be 30 billion or more IoT devices by 2020.
Regardless of the varying statistics, Microsoft has called the IoT a game changer, and experts have visualized IoT devices changing how people live, shop and bank by transforming big data into actionable information, providing efficiency gains and powering retail activities.
“It used to be only computers, but has expanded dramatically into all kinds of stuff from the scales in your bathroom to your watch, which is both interesting and convenient, and a security nightmare,” Stu Sjouwerman, founder/CEO of the Clearwater, Fla.-based security firm KnowBe4, said.
Ondrej Krehel, founder/CEO of the New York City-based cybersecurity intelligence firm LIFARS, added, “We can say that we interact with many devices that are in the building grounds of a ‘smart revolution.’”
Creating an engaging experience for customers and members is at the top of many financial institutions’ lists as well. Millennials in particular expect engagement on their terms, and because of these new expectations, financial institutions are seeking innovative ways to transform big data into valuable assets that provide a better consumer experience.
Potential banking IoT applications include beacons to track movement, mobile banking apps, wearables, and interactive ATMs and kiosks.
Some financial institutions are already using beacon technology, in which mobile apps aided by sensors in the physical world respond based on consumer-indicated preferences, with the goal of improving engagement and creating new revenue streams. Institutions are also exploring sending out branded, local offers to mobile banking users as a new income generator.
For example, using a combination of advanced geo-tracking and beacon technology, credit unions could distribute accurate and timely marketing alerts, such as financing approvals for members shopping at car dealerships.
Experts also predict wearables, which consumers and business are beginning to adopt, will be influenced by the IoT. According to the Framingham, Mass.-based IDC Worldwide Quarterly Wearable Device Tracker, wearable device shipments will reach 76.1 million units this year.
The Brookfield, Wis.-based core processor Fiserv is currently piloting several wearable devices and applications, as well as researching how consumers use these devices in their everyday lives.
The $10 billion, Langley, British Columbia, Canada-based First West Credit Union introduced Dashband, which has been billed as “the first wearable device in North America using Visa payWave.” The wristband enables mobile, contactless payments.
In addition, the Austin, Texas-based mobile and Internet banking provider Malauzai Software developed an Apple Watch banking app as an extension of the watch's existing mobile banking application. Among the financial institutions that have launched the app are the $557 million Greater Texas Federal Credit Union in Austin and the $257 million Alabama Teachers Credit Union in Gadsden, Ala.
Interactive, targeted, digital signage is beginning to play a role in the financial marketing space as well. For instance, the $1.9 billion, San Diego-based California Coast Credit Union uses digital signage created by the Chandler, Ariz.-based fintech firm DBSI in its micro-branch at San Diego State University. Through the digital signage product, the credit union delivers interactive media, including brochures, videos and tutorials, to grab students’ attention.
Another IoT instrument, near-field communication, enables payment terminals equipped with proximity readers to accept tap-to-pay, in-store payments via mobile wallets such as Apple Pay, Android Pay and Samsung Pay.
Given the rise in the number of IoT devices, credit unions are likely to leverage them more and more, Sjouwerman noted.
“There are a lot of enticing technical solutions that credit unions might be looking at to compete and make their member experience more user-friendly,” he said.
However, they must also look at the security risks associated with the IoT.
In September, the FBI warned in a public service announcement, “As more businesses and homeowners use web-connected devices to enhance company efficiency or lifestyle conveniences, their connection to the Internet also increases the target space for malicious cyber actors.”
The FBI alert coincided with the IoT's explosion into consumer and enterprise environments, Irfan Saif, principal with the New York-based Deloitte & Touche LLP's Cyber Risk Services practice, noted.
“In order to secure the next generations of IoT, core security practices such as hardening devices, building technology solutions that are ‘secure by design,’ and deploying them in a secure manner are extremely important,” he said.
Sjouwerman strongly emphasized that IoT security issues stem from the fact that IoT device developers design with time-to-market in mind – not security.
“The more of those IoT devices you bring online, the worse it gets,” he said. “With a credit union, you have to balance between competition with the banks, being user friendly, staying on the ball and being modern, and on the other hand are risks related to that.”
Retailers’ wireless networks will also need to be enhanced to support increased bandwidth requirements as a result of the growing IoT, as well as reinforced to thoroughly safeguard transactions, Carl Mazzanti, CEO for the Hoboken, N.J.-based computer network service provider eMazzanti Technologies, explained. Each device on the network becomes an access point, and therefore a potential security breach opportunity.
“All devices, especially stored wireless devices, need to be secured, monitored and managed,” Mazzanti said. “Every point of entry must be secured.”
A device breach could also lead to unforeseen consequences.
“The concerns are if any device is stolen, can information be gleaned from it?” Krehel asked. “Can using it authenticate a thief or deny a legitimate claim? In addition, there are concerns over replacement and privacy. Privacy is normally the No. 1 reason against IoT, as people do not want their late-night fridge visits and other historically private activities being monitored.”
Sjouwerman added, “Once that profile is out there, the genie is out of the bottle, and that is the thing you want to keep in mind when you start working with the IoT, as any organization, but especially as financial institution.”
One way a credit union can respond counterintuitively, Sjouwerman suggested, is to position itself against the IoT due to the risks involved. Then it can ask its members to stick with a credit union that is old fashioned, safe and secure.
Because the IoT is bandwidth-hungry, its growing number of devices will also put a huge strain on existing networks, Mazzanti noted.
“Retailers should take corresponding steps to increase network bandwidth and security,” he said. “The estimates of bandwidth requirements that were used in the previous decade have been blown apart by high-megapixel Internet protocol cameras, video analytics and cloud data storage.”
And acquiring the right high-speed Internet service is a critical step in preparing for emerging technologies, as customer Wi-Fi, mPOS or kiosk environments, and IoT devices and sensors all require Internet.
“Moving quickly to take advantage of new opportunities may be dependent on the speed and reliability of a retailer's Internet connection,” Mazzanti said.