Skip to content

IoT and Financial Services: 5 Things to Understand About the Risks


The Internet of Things helps financial services firms run their businesses more efficiently and engage with their customers more effectively.

The proliferation of internet-connected devices has made it easier for customers to conduct their affairs and has given the companies that they do business with more insight into their activities.

Whether it’s checking an account balance, making a payment, or submitting a loan application, “smart devices” such as phones, watches, and digital assistants let customers perform many of the tasks that they previously needed desktop computers, or even customer service representatives, to do.

Financial service providers can use data from each online engagement to identify habits and trends that will allow them to improve their services for customers individually and collectively, such as deciding where to put a new ATM or how to offer a new investment product.

But the popularity of the IoT has brought perils as well. The number of smart devices and their inherent vulnerabilities make it difficult for financial services firms to implement IoT security measures to protect against data breaches and other risks.

As of 2017, 8.4 billion connected devices were in use globally, according to Gartner. That was 31 percent more than in 2016.

However, Gartner has also estimated that by 2020 more than 25 percent of identified attacks in enterprises will involve IoT. The number of smart devices is partially to blame because of the sheer volume of opportunities they offer hackers.

The ability to compromise the security of IoT devices presents the biggest challenge for organizations, particularly for companies that are responsible for their customers’ data, such as financial services firms. IoT devices are designed to easily connect to networks and share information through common wireless protocols such as Bluetooth, which makes them attractive as potential points of attack.

IoT devices often lack basic security measures, which could expose sensitive information. They also are often unattended, which may make them accessible to cybercriminals who want to target financial institutions or their customers.

So, though smart devices have transformed the way financial firms operate and interact with their clients, the increased agility has also brought a new set of challenges for IoT security. Consider these five risks.

1) Privacy

Data sent to financial institutions from smart devices could contain geolocation and other types of information that could constitute a breach of privacy. “Adhering to privacy standards while making good use of information is one such area of concern,” according to an Infosys white paper on IoT-enabled banking services.

2) Data Security

IoT devices can compromise data security because each one is a potential point of entry for a hacker. The IoT security threat is not limited to customer devices; financial companies use IoT to streamline their businesses in various ways, including through connected office devices such as connected printers and building automation such as HVAC systems.

3) Data Management

With the influx of more information comes the task of managing storage, access, security, and the right to be forgotten (for GDPR). You must manage data and the accompanying security risks in the IoT environment across multiple layers, including mobile applications, cloud platforms, and endpoint devices.

4) Outdated Devices

Smart devices often are not updated to protect against threats that target newly exposed vulnerabilities, nor are updates always properly tested before they are deployed.

“Whether you’re patching in-branch IoT devices or customer wearables, it’s important to monitor and test the stability of each update (and device models) to ensure their security posture is watertight,” IT firm RedPixie suggests in a blog post on IoT security challenges in finance. “Since customers can always opt out of updates, consider enrolling automatic updates or retiring outdated models.”

5) Identity Theft

RedPixie also notes that not all IoT devices that hold important financial and personal information are secure enough to prevent identity theft and security breaches. For example, only 50 percent of smartwatches allow users to set a pin code or pattern. If a payment device such as a smartwatch is lost, financial information could be compromised if it is unlocked or unencrypted.

The Internet of Things has brought great benefits for financial services firms. But it also has brought great dangers, as cybercriminals have exploited the popularity of smart devices and their vulnerability.

Understanding these five risks will help you improve your IoT security so that your company and customers can maximize the benefits while mitigating the risks.