IoT
July 4, 2019

Merchants Fight IoT-Enabled Fraud

While IoT tools offer revolutionary applications in many industries, they also leave the door open for costly fraud. Unsecured devices, lack of regulation and volume of data all contribute to fraud risk. Merchants must take every precaution possible and stay up to date on the latest fraud-prevention technologies.

Adoption of IoT technology is growing fast. Research and advisory firm Gartner suggests the number of connected devices will reach 20.4 billion worldwide by 2020, more than doubling the number from just three years earlier.

Consumer-facing technologies like auto systems and smart TVs will represent a considerable chunk of the total. However, it’s not consumers who have growing applications for IoT tools. Gartner states that more than half of all major businesses will be using IoT in some capacity by next year as well.

IoT enables revolutionary applications for faster, more efficient warehouse and supply chain management, improved customer experience and much more. Altogether, IoT tools could account for $11 trillion in annual savings and revenue for businesses by 2025.

Of course, it’s not all sunshine. There are drawbacks to the growing role of IoT in business. If we’re careless, IoT technology missteps will lead to costly mistakes.

Opportunities for Fraudsters

Bad actors are looking to new IoT tools and strategies just as eagerly as the average merchant. It’s nothing new; every time something new hits the market, fraudsters are among the first people to discover how to leverage it. What we need to do in response is to try to remain one step ahead wherever possible.

So, where are the points of vulnerability? What are the properties that make disparate IoT tools—as a whole—exploitable by fraudsters? Here are the three key issues:

#1. Lack of Regulation

IoT technology fundamentally changes the dynamics of the market and customer behaviour. Despite that, we don’t have the regulatory infrastructure in place to adapt to sudden, rapid change. Policies in retail and other sectors are still catching up to the advent of e-commerce; compare it to chargeback policy, for example, which is still stuck in the ‘70s, in many ways. Hopefully, it won’t take decades to adjust to IoT.

#2. Insecure Devices

Even if they’re not supposed to, the fact is that many consumers store lots of privileged information on their devices, including cardholder and bank information, personal records, passwords, and more. For example, cybercriminals might seek financial data stored by consumers on smartwatches, phones, other connected devices. Plus, given the nature of IoT devices, the information stored can be even more personal and sensitive. These devices are not always secured properly or used on private connections. Thus, the data can be compromised.

#3. Volume of Data

We should be concerned by not only what data consumers share, but also how much of it. There’s so much data shared every day—literal billions of records—that some portion of them will inevitably be compromised. Fraudsters can employ any number of tactics, such as identity spoofing, phishing, or malware, to steal consumer information.

Vigilance Is Key

IoT technologies present incredible opportunities. However, consumer behaviors and outdated industry infrastructure put consumers and merchants alike at risk due to fraud.

Merchants’ first lines of defence against fraudsters should always be themselves. They need to be on the watch for criminals using stolen consumer information to make purchases. This calls for deploying the right anti-fraud tools and strategies to detect bad actors.

Some tools fit very comfortably within an IoT strategy; for example, I’m a proponent of mobile wallet adoption. Not only do apps like Apple Pay and Samsung Pay utilize the same tokenization technology as EMV chip cards, they also employ two-factor authentication. The user needs to unlock the device, then once that person is ready to pay, she provides biometric authentication to complete checkout. While some users are sceptical of mobile payments, believing they’re less secure than standard card transactions, the opposite is actually true.

Of course, no single verification method is foolproof. We’re not going to eliminate fraud entirely if we convince users to embrace mobile payments or other IoT-adjacent technologies. What businesses need to do is adopt a much more comprehensive, multilayer approach.

Just using one or two disparate fraud tools won’t cut it. Sellers need to draw on multiple redundant points to protect themselves. Some of the most widely used among these fraud detection tools include:

  • Geolocation
  • Device fingerprinting
  • Address Verification Service (AVS)
  • Fraud scoring
  • Blacklists (for known fraudsters)
  • Transaction velocity limits
  • CVV verification

Even with a rock-solid strategy in place, merchants can still be vulnerable to fraudsters. Criminals constantly look for ways to exploit new technologies and take advantage of businesses. Merchants need to stay on top of new developments in business technology if they hope to make the most of new developments. Otherwise, what could be an asset will quickly develop into a liability.