The 'Internet of Payments' puts ID security on the smartphone

When a "pay restroom" 100 miles from the nearest major city accepts frictionless mobile payments, stores that force buyers to wait a minute for a chip-and-PIN transaction seem dated, and cash-only transactions are inconvenient.

This is the premise of the Internet of Payments—that a consumer can purchase something, like paying for a toll on the road or a slice of pizza—with minimal inconvenience, and without their wallet.

A significant advantage of IoP technologies is that it’s easier to detect and prevent fraudulent transactions. 

For years, it has been necessary for consumers to call their financial institutions before leaving for a trip to a foreign country so that their cards would not be frozen after buying dinner upon arrival.

But mobile has become such an indispensable technology that it’s now feasible to infer a user’s identity and make decisions on the validity of a transaction based on the user’s mobile being present. In the case of the pay bathrooms, because my mobile phone was present and unlocked, was not rooted, and had been present in Iceland for a week, it was reasonable to assume this was a valid transaction.

Inference of user identity becomes more challenging in multiperson households with shared devices bound to a single user identity. What reasonable assumptions could be made, for example, if my partner had pressed the Amazon Dash button in the kitchen for more coffee while my mobile and laptop were 3,500 miles away? This becomes more challenging with artificial intelligence-based devices, such as an Alexa- or Cortana-powered device bound to a single user identity.

What notifications or approvals are required if my IoT thermostat is authorized to pay the monthly gas bill on my behalf, but I’m not home? The Internet of Payments will be made up of numerous apps and devices, so determining legitimacy of a transaction may involve a corresponding app on a user’s mobile that can receive a push notification to ask, for example: “You’re in Iceland, do you want more coffee at home?”

Consumers and payment processors will benefit by a lowered number of fraudulent transactions once vendors settle on a de facto standard for transaction validation and notifications based on user identity. Until then, keep some pocket change handy.

PrintReprint

3 Tips To Thwart Insider Attacks: An Essential Guide For Summer Travels

Three Preventative Measures for Cybersecurity Health-Care Disorders