There are no globally accepted standards for the internet of things (IoT) security. Fears around data breaches linger because the consequences of weak IoT security can be severe. Weak security around smart electricity meters can compromise critical national infrastructure, while inadequate IoT security in connected cars can lead to fatal accidents.

Listed below are the key regulatory trends impacting the IoT theme, as identified by GlobalData.

IoT regulation

The rapid growth of the IoT market has raised several security concerns. These typically revolve around the lack of regulation and the lack of common IoT standards. Legislation covering IoT security remains a fragmented patchwork of laws.

As IoT deployments grow, governments have started to focus on this issue. New governance measures are also gaining traction. In May 2020, the US’s National Institute of Standards and Technology (NIST) released the Foundational Cybersecurity Activities for IoT Device Manufacturers guidelines. Similarly, the European Telecommunications Standards Institute (ETSI) has released a technical specification guide on Cyber Security for the Consumer IoT segment, which outlines leading security practices for consumer IoT devices.

Data privacy

More ‘things’ connected to the internet creates more data points for commercial providers to capture, which may not have been explicitly permissioned by users and customers. Apple, as a handset provider, has done much to enable permission to be easily turned on and off within mobile devices by application, but when devices multiply and interact with each other, it is more difficult to provide informed consent, even if it is requested.

Also, with new technologies like IoT, data is recorded automatically, for example by sensors or CCTV linked to facial recognition or is produced or inferred from other data using more complex methods of analytics, such as machine learning (ML). The growing use of biometrics is generating additional data types, such as iris recognition and fingerprints, for which governance frameworks and methodologies do not always exist. ID Finance, for example, incorporates behavioural biometrics into its AI-based fraud scoring engine to boost loan approvals and reduce the incidence of non-performing loans.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Retail Banker International.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Another stumbling block toward the use of IoT in banking is the need to work with Apple, Google, Samsung, and other Big Tech companies to integrate any fintech IoT offering into a broader product ecosystem. This would only increase the complexity of data privacy and security.

Open banking IoT

The promise of IoT in banking is cross-sector automation, which drives much deeper customer insight and convenience. Whereas many customers today manage their financial lives through discrete applications, IoT promises to integrate these services and then automate them. Part of that is dependent on agreed standards for what data to share, when, and how.

In the US, aggregators like Plaid help break down the barriers between products and providers, so consumers can interact between different applications. But the next step is to automate process steps within each discreet application to ensure optimal consumer outcomes.

Consent management

The most useful data—whether it be customer location or enriched transaction data—has to be enabled or allowed by the customer, and this is not always forthcoming in the absence of some clearly defined benefit. Banks will need to formalise an approach here, train staff to handle objections, and clearly explain privacy laws and the benefits of sharing data. In addition to service calls, customer support will need to field calls related to deployed devices.

It is critical that customer consent is given freely, specific to the data usage intent, and is informed, unambiguous, and can be revoked at any time. Securing customer consent for new services is very challenging, particularly if the customer data will be shared with third parties. Emphasis must be placed on the fact that a customer’s consent can be revoked at any time, which means that data governance processes have to be in place to enable the deletion of such data.

A related issue is that many corporate data-privacy initiatives are too technical or legalistic for the everyday customer. Consent management as a function needs to be driven by teams that sit across technology, business, user experience, and compliance. To this end, some larger financial services providers have invested in full-time data relationship managers, who work specifically on delivering messages in a way that is not only understandable but also valuable to the end user.

This is an edited extract from the Internet of Things (IoT) in Banking – Thematic Research report produced by GlobalData Thematic Research.