IoT Payments 2017: Security, Trust and the Usability of Things


IoT Payments 2017, a Secure Technology Alliance event, took place last month with sessions covering the most important developments, innovations and efforts driving secure, seamless IoT payments.

“IoT Payments is the only conference bringing together financial executives, device and application providers and retail industry experts for a deep dive into the evolving intersection of payments and the Internet of Things,” said Randy Vanderhoof, executive director of the Secure Technology Alliance. “Throughout the event, we heard first-hand from speakers on the different ways the payments and IoT industries are intersecting to collaborate on solutions for simple, smart, secure payments across connected devices.”

Throughout the two-day event, speakers discussed the best strategies for developing solutions that meet the “big three” criteria for IoT payments success: security, mobility and usability. Here’s a recap of the event:

Many early IoT implementations didn’t prioritize security, instead focusing on easier, faster deployments and more convenience for the consumer. Michael Orlando of Fit Pay cited a Visa study that said that while 83 percent of consumers want to use connected devices for payments and other smoother transactions, the IoT and payments industries need to put security first.

Stefania Boiocchi of Infineon pointed to the emergence of Mirai, a type of malware that automatically turns internet-connected devices into botnets to be used in distributed-denial-of-service attacks, as the wake-up call that pushed the industry to make security a priority.

Boiocchi recognized the importance of considering how trust is spread throughout a transaction, and identifying where the risk is. With each of the IoT markets using different approaches for managing trust, interoperability with standardized, end-to-end security approaches are necessary.

But there needs to be a balance between security and usability. During a session on moving the future of retail forward, Stephane Wyper of Mastercard pointed to innovative new ways to provide security without additional friction, such as behavioral analysis and other new biometric form factors.

Jose Diaz of Thales e-Security explained why IoT payments need a trust framework that provides enough security but requires minimal interaction with the consumer. To do this, Diaz says we need an on-device credential, like PKI, that provides a root of trust to enable secure communication, mutual authentication and data integrity. 

Photo by kasto80/iStock / Getty Images

Other speakers agreed, emphasizing that applications that need high security, like payments, will require hardware security based on a tamper-resistant hardware element. Speakers also highlighted the role of secure chip technology for IoT devices, which provides a foundation for security for transactions (e.g., authentication, data security) and life cycle management.

In addition to concerns for security, speakers voiced insights on how to manage the lifecycle of IoT devices for payments and other applications. Unlike payment cards, IoT devices may have long lives, change ownership, be discarded, need updates and more – and all of this needs to be managed securely.

The Secure Technology Alliance’s IoT Security Council

The Secure Technology Alliance’s IoT Security Council serves as a forum for stakeholders to promote security awareness, encourage the widespread adoption of security standards, and define best practices that will help protect and maintain privacy of IoT devices and the data they generate.

The Secure Technology Alliance welcomes and encourages broad participation from IoT technology firms and device manufacturers to join the IoT Security Council to share their voice and take an active role in bringing security to IoT. For information on the IoT Security Council, visit