'IoT for authentication' can trade too much danger for convenience

Register now

The internet, mobile and connected devices support efficient, all day, anytime access to payments and finances. But firms need to be careful not to ask consumers to give up too much security in the name of convenience when considering authentication in the IoT world.

Access control is part of the equation when considering connected payments and other IoT deployments as firms must consider the economic value to the customer, or the maximum amount a consumer will give up in exchange for innovation.

For example, the electric car requires you to give something up in exchange for fuel efficiency, financial gain and sustainability – you have to give up your time. That’s 30 minutes to fast charge your car versus 5 minutes to fill up with conventional fuels.
For authorization via connected devices for payments or general access, the efficiency gain of an access control door is immediately recognizable.

It's a high traffic door in an office building where a card access system can record users in and out and can restrict the flow of people based on time of day rather than the key they hold is clearly a step forward.

But there are also security risks. Does a system that can be compromised provide the same security as the British Standard mechanical key and lock case that you replaced?

Certainly, there is a convenience and efficiency benefit of card- or token-operated access-control systems as compared with a key-operated lock. In the majority of cases, however, security is lost or at best reduced.

Security can be difficult to sustain especially in very large businesses, the very moment you hand a key to an employee, control is lost.

Since there's a disconnect between the IoT world and the offline world, companies need to consider how to integrate systems to to provide sustainable security, not just as a means to control access but also as a means of saving time, which delivers operational efficiencies and health and safety assurances.

For reprint and licensing requests for this article, click here.
Internet of things Payment processing Authentication Security risk ISO and agent