Blog

PSD2 and The Internet of Things

[fa icon="calendar"] 07-Jul-2017 06:20:00 / by Matt Townsend

IoT PSD2.jpg

I can remember clearly, in one of the first English lessons after moving school, we were taught certain rules. The rule that sticks in my mind today is "Never use the word 'Thing'". Using the word 'thing' in your written work will result in an instant de-merit. For some of my fellow students, this became a challenge, to try and use 'thing' and get away with it.

How times have changed, now I spend a great deal of time reading and writing the word 'Thing'. Just reading an article on the "Internet of things" (IoT) reminds me of the childlike thrill of sneaking illicit words into an essay.

Today it's almost impossible to read a financial services innovation article that does not mention the IoT. So what is a "thing"? A thing is any item that can contain some form of internet-connected computing device. A thing in the IoT could be anything from a RFID tag in a door security card, or a fitness tracker talking to your phone.

The power of the IoT is not the things themselves but the unlimited number of interactions between the things, and the services available to them. PSD2 in Europe is (by design, or good fortune) a starting point for the opening up of banks and payment providers into the IoT, something I will be writing about in my next blog.

As a bank, opening up your services to the IoT raises security concerns. While the embedded Operating Systems may have been designed to be secure, there are no guarantees that the manufacturers have really secured them effectively.

Repudiation methods for financial transactions will have to adapt. If the interaction with the bank is verbal, using an Alexa or Siri-style interface how would you implement multi-factor authentication? I am sure we all remember that the BBC recently fooled HSBC's new Voice Recognition software. Are security teams ready for the challenges of the IoT?

Despite all of this, a financial institution not being able to offer a secure responsive open API service into the IoT could be the difference between being in the game or being sat on the sideline. Today we can switch off lights, change the temperature back at home and be reminded to buy more milk. These actions are not vital to our existence, but they do make our lives more productive.

It doesn't take that much of a stretch of the imagination to conceive of a world where, on receiving an email invoice from a supplier, your phone asks "Would you like me to pay the invoice for you?" and simply by answering yes the interaction with the bank is started. "OK, I have arranged for €2000 to be sent, debiting £1,759 from your Sterling account, is it OK to proceed?". “Yes” seals the deal and it is done. An interaction that takes seconds, rather than tens of minutes.

Solutions like Eurobase's siena provide financial institutions with secure, scalable, real-time API's that can quickly expose an institution's services to the IoT without the worry of exposing legacy systems. While we cannot be certain how the uptake of the IoT is going to play out, it's certainly going to trigger a few child-like reactions from technology bloggers to the general public alike. We are moving to a point where technology and services are becoming invisible to the end-user.

The Internet of Things is a big thing! A thing, full of smaller things, communicating with other things that will likely change everything!.

Topics: Banking, Blog, PSD2, IoT, the internet of things

Matt Townsend

Written by Matt Townsend