Staying safe in the banking IoT

As more and more devices incorporate digital connectivity, community banks are faced with the promise and peril of having their customers conduct their banking through a much wider and often less-secure array of access points.

By Karen Epper Hoffman

Over the past couple of decades, banks have had to adjust to their customers conducting more of their banking activity first on desktop computers, and then on mobile devices. And soon, it seems, customers will be connecting through their cars, their Google Homes, their watches and even their fridges.

Welcome to the brave new world of the Internet of Things (IoT), where everything from wearable gear and watches, to household appliances and lightbulbs, to automobiles and medical implants will be able to connect to other networks, including their owner’s bank’s system. Today there are already about 20 billion IoT devices in circulation worldwide, but that number is likely to more than triple to an estimated 50 billion by 2020, according to research from Cisco.

Through mobile-optimized websites and mobile banking apps, customers can bank anywhere at any time. Soon, they’ll be able to bank from virtually any thing. It’s a heady notion. On one hand, it will give consumers more control of their financial lives and could create new opportunities for banks to offer better and more cost-efficient services, as well as potentially expand certain lending markets for their business customers. On the other hand, these latest capabilities create a massive new class of potential threats and vulnerabilities that financial institutions need to protect against.

The banking IoT today
Some of the larger national banks are already piloting and even rolling out services through increasingly common home devices like Amazon’s Echo and Google’s Home. They’re building off of their existing investments in machine learning and artificial intelligence (which is often closely related to IoT development), according to Wellington Holbrook, chief transformation officer for ATB Financial, a C$48.5 billion financial institution in Alberta, Canada.

“Community banks that can leverage the right partnerships to deepen AI research and exploration will be able to match that pace,” Holbrook says, “but we believe it’s likely that most community banks will take a ‘fast follower’ model and roll out ‘skills’ on home devices that have already been explored by other industry players.”

Quick stat


of bankers are familiar with the IoT

Scott Hess, vice president for innovation and user experience for Fiserv, says his company has already been involved in IoT development for a decade, with the key concern being; “If we build it, will customers actually use it?” But with the advent in recent years of a plethora of voice-activated technologies, from Siri to Alexa to any given GPS device, “we have all become comfortable with talking to products to get them to do things,” Hess says. Fiserv has at least two community bank customers planning to launch services this year where customers can bank through their home voice devices (like Amazon’s Echo).

Due to security concerns, Hess believes the first IoT banking implementations will be “simple tasks that will not expose personal identifiable information,” such as asking for the location of the nearest ATM or branch, or possibly accessing a current balance. What is needed here, he adds, is a more secure means of registering these IoT devices, possibly through a one-time password and a PIN, or more accurate voice authentication.

Chris Nichols, chief strategy officer at $10.2 billion-asset CenterState Bank in Winter Haven, Fla., is seeing the financing of IoT developments heat up as more “major pieces of machinery that are sensor enabled are starting to hit the market this year.” CenterState is working with several IoT-focused equipment manufacturers to connect the bank with its agricultural borrowers “in order to make them more efficient,” Nichols says. He adds that the bank is considering working with companies that develop commercial building sensors, point-of-sale terminals and other IoT devices.

For its part, ATB Financial has explored and launched several proofs of concept on various home devices in recent months to “understand where the value to our customers lies and how they interact with the technology when it comes to their banking,” Holbrook says, adding that ATB is investigating the use of biometric identification on IoT devices. “Community banks will also be likely to leverage their payments relationships with card issuers to focus on what technically is still at heart an IoT offering things like Apple or Samsung Pay on mobile,” Holbrook says. “We are finding there is a demand for an IoT banking approach so long as the experience is smart, simple and helpful.”

Despite the hype and the potential, some bankers are as puzzled by IoT as they are intrigued. A 2017 survey by International Data Corporation found that just 43 percent of bankers were familiar with the IoT; and yet, the same study found that a full 58 percent of these decision-makers saw IoT as strategic to their business, while another 20 percent said it was “transformational.”

As Nichols points out, IoT devices will allow banks to collect and analyze data “in real time to give us much better insight into our borrowers’ business. If done correctly, we believe credit risk can be cut in half.”

Holbrook says that as IoT devices are “more integrated into people’s lives, being able to open up new channels to move to opti-channel experiences in banking will add value to the banking relationship and result in retention and a share of wallet increases. You’re providing your customers with value by continuing to make your service easy, accessible and convenient on devices they’re already on.”

For community banks specifically, Holbrook believes internal benefits are also important to consider. “Exploring the IoT waters will allow community banks to understand the limits of their existing banking systems and architecture from an integration and evolution perspective, understand customer experience and behaviors from a design perspective … even traditional risk and governance models will learn from this exercise to understand where transformation needs to occur from that perspective,” he adds.

Promise and perils
Just as with the adoption of any technological development, the move to IoT (and particularly IoT banking) brings with it massive challenges in security, interoperability, privacy and compliance. Indeed, a recent James Brehm & Associates survey of global business executives across multiple industries found that nearly two-thirds of them (64 percent) see security as the biggest barrier to IoT growth—more significant than interoperability issues or return-on-investment demands.

“As IoT devices often have more exposure to attacks than standard software applications, things like cameras, microphones, USB inputs and Bluetooth capabilities all open us up to unique hacking scenarios,” says Holbrook. Hess believes the solution will be secure registration of these devices and better authentication, like one-time passcodes, as well as location monitoring, or software that reviews and analyzes customer behavior against normal routines.

Another cause to pause, as Holbrook points out, is that IoT efforts are often closely connected to artificial intelligence and machine learning. Hence, he believes that “unless you have dedicated efforts and people within the research part of this space, you may not be able to fully embrace IoT in ways that deliver value to your customer base.” Such exploration requires significant long-term investment in the right talent and partnerships, he adds. “Customers will compare their banking IoT experience with their last best any-experience,” he says. “So as a community bank, you are being compared to not only the big banks but to Amazon, Google, Airbnb and the like.”

For Nichols, in working with and matchmaking customers with some of these developers, “the biggest challenge is making sure the IoT-based equipment lives up to the hype. Some of these startups have proven to be unrealistic on their capabilities and when they will come to market.” In addition, he believes it is important for banks to choose sectors and equipment where sensor-based lending makes a difference in credit quality.

“We believe IoT equipment can make a huge difference in manufacturing and agriculture,” he says, “but we are not convinced that the extra data helps in office lending.”

Karen Epper Hoffman is a writer in Washington state.