February 23, 2022 - Eduardo Guraieb

Risk and Payments in the Internet of Things (IoT) Part Two – Getting Ready for IoT Payments

In our previous article about risk and payments in the internet of things, we discussed:

  • The intersection between payment systems and IoT-enabled devices
  • The most noteworthy use cases that demonstrate that it is not too early to start discussing the subject
  • The main fraud and financial crime challenges of IoT payment implementation 

In today’s digital world, fraud and risk teams really have their work cut out for them. And, as they know all too well, innovation often comes with unintended consequences in the form of vulnerabilities exploited by fraudsters. This article discusses the conversations and actions that fraud teams should have in mind to future-proof their fraud strategies for payments in a future where connected cars, smart speakers, smart cities, connected supply chain management, smart homes, and smart devices are the norm.

What Fraud and Risk Teams Can Do About IoT Payments Today

  1. First-party fraud considerations

Retailers’ policies around returns and other customer-facing interactions will need revision in the light of IoT-enabled payments. Upon setting up connected devices, manufacturers and app developers require users to accept terms and conditions that may contain authorizations to initiate payments if certain conditions are met. These conditions can be objective, such as when a machine orders supplies once stocks are low, or subjective, such as upon receiving express authorization by voice or through other means. 

Retailers should take a look at their policies to identify risks of promotion, return, and policy abuse in these scenarios. For example, the number of items returned because they were “ordered by accident” could increase substantially in the case of IoT devices that do not require express confirmation before each order is sent and it would be valid for retailers to ask themselves if this policy should be amended to reflect this. 

Read everything you need to know to become your company’s ace in the fight against first-party fraud here: The Dummy Handbook on Promotion and Policy Abuse

      2. Compliance considerations 

It is well known that innovation always outpaces regulation. Legislators are always playing catch-up with technology and are sometimes far behind their mark; however, laws and regulations do not cease to apply if new technologies are implemented. This is especially important for financial institutions, perhaps the most heavily regulated type of business. 

In the case of IoT security, companies in ecommerce and financial services should make sure to understand the laws and regulations that could come into conflict with technologies designed to minimize users’ involvement in transactions. Some examples are the regulations around consent for a transaction, account opening and KyC requirements, customer data protection, and privacy statutes. 

Start your research on artificial intelligence and machine learning compliance for financial services with this free handbook.

      3. Customer touchpoint control

As the number and types of devices that are capable of initiating transactions increase exponentially, teams will need to pay special attention to their customer touch points for fraud considerations and beyond. Their need to control and understand the different interactions that customers have with their systems will continue to grow and become of central importance for teams across organizations.

Specifically, IoT payments will highlight the importance of reducing false positives when it comes to detecting fraud as part of company-wide efforts to focus on improving customer experience design. 

Here’s a guide with everything you need to know about how to eliminate false positives in fraud management. 

  1. Chargebacks

Retailers should prepare for a future in which chargeback rates increase due to the number of purchases made without direct customer intervention or confirmation. This can come from commands or settings being misunderstood by users who are unaware that specific actions will trigger payments which will be reflected in their credit card statements. 

Upon receiving these “unexpected charges” the clients will likely initiate chargebacks with their issuers and the latter will then involve the respective retailers. Unless the latter have teams who understand IoT payments, protocols, and technologies in the context of payments, they will have a hard time defending their company’s position against claims made by clients. 

      2. Data management implications 

They say that data is the new gold. But unlike gold, too much data can be really difficult to manage, especially without the right technology that can clean, maintain, and make sense of large datasets.

The proliferation of devices connected to the internet will generate increasingly large quantities of data for all parties involved, including those who process and receive IoT-initiated payments. Financial institutions, IoT developers, and retailers alike should evaluate their fraud data management policies and make sure that they have the tools needed to use the most data to stop digital criminals without getting buried by it.

about Eduardo Guraieb
Eduardo is a Product Marketing Manager at DataVisor with experience working with fintech startups and top-tier international financial institutions. Eduardo is passionate about marketing, financial inclusion, coffee, and bicycles. He holds a law degree from the Technological Institute of Mexico (ITAM) and an MBA from Berkeley Haas.
about Eduardo Guraieb
Eduardo is a Product Marketing Manager at DataVisor with experience working with fintech startups and top-tier international financial institutions. Eduardo is passionate about marketing, financial inclusion, coffee, and bicycles. He holds a law degree from the Technological Institute of Mexico (ITAM) and an MBA from Berkeley Haas.