The Internet of Things Is Turning Into the Internet of Payments

According to the Federal Reserve, 39 percent of people have used their smartphones to make a payment. This number will surely continue to rise as people become more comfortable making payments with their devices.

Eventually, people will become comfortable with their devices making payments on their own. Cisco anticipates more than 50 billion devices connected to the internet by 2020. Many of these devices are becoming payments enabled, and not all of those payments will be initiated by human action. When the Internet of Things (IoT) turns into the Internet of Payments, new levels of oversight and monitoring will be needed.

Devices Decide on Purchases

One common scenario for devices that make purchases and payments is an internet-connected refrigerator that allows consumers to shop for groceries from home. In other scenarios, the devices make the ordering decisions on their own. Amazon’s Dash Replenishment Service lets devices order directly from Amazon when their supplies are running low. Printers can reorder ink and toner, and soap dispensers can stock up when they’re about to run out of sanitizer.

The devices aren’t limited to home or office use. Connected cars may be able to pay tolls, parking fees, and for gas and food at service stations. A smart tag on luggage might pay the baggage fees.

Not all the payments will be for one-time product purchases. Thermostats could interact with utility companies to pay based on usage. In one proposed scenario, smart devices will shop for their own maintenance contracts. Vehicles might pay for their insurance premiums, with rates based on metrics related to the vehicle’s usage history.

Issues Delaying Adoption of the Internet of Payments

While the vision may be appealing to some, technical and social factors need to be addressed before there will be wide-spread adoption of the Internet of Payments.

Security is the major concern. Because devices need to be tied to a person’s payment methods, users need easy ways to manage those associations, and the data needs to be protected. IoT devices, especially those designed for home user, have historically had weak security controls and there are multiple instances of IoT devices being hacked. Newer devices include security features embedded at the hardware level, which should help with protecting user info.

Ensuring that the payment method associated with the device was authorized by the correct person is also an issue. As devices can be sold or loaned to others, there cannot be a one-time, near-invisible setup process; stopping payments and reestablishing new methods must be easy. This will require IoT devices to improve the web or mobile interfaces associated with the device.

Users will need to be able to establish limits on the purchases the device can authorize, whether by volume, frequency, or amount. There will need to be a way to limit and correct any erroneous orders the device makes due to sensor failures; who absorbs the cost of these orders needs to be determined.

Monitoring and Managing Device-Initiated Payments

For payment departments, the spread of IoT devices will create many more potential sources of payments that need to be reviewed and monitored. Typically, IoT devices are connected without oversight from the IT department, so the standard network security measures the company takes to protect other connected computer equipment may not be in place.

Companies will need to determine who is authorized to connect these devices and connect them to company cards. The charges will need to be reviewed, like any other charge; charges from a device should be identified as being associated with the device so the company can make sure the charge is consistent with the device’s function. Because the devices are vulnerable to hackers, the cards or payment methods associated with the device should have a high level of scrutiny for fraudulent charges.

In addition, companies will also have to determine how policies can be enforced with devices. Will the device be allowed to sign up for its own maintenance contract?

That question is mostly theoretical for now, but as the IoT and IoP evolve over the next few years, companies will need to create ways to oversee the activity of these semi-autonomous devices.