An Exploratory Analysis of the Security Risks of the Internet of Things in Finance

The Internet of Things (IoT) is projected to significantly impact consumer finance, through greater customer personalisation, more frictionless payments, and novel pricing schemes. The lack of deployed applications, however, renders it difficult to evaluate potential security risks, which is further complicated by the presence of novel, IoT-specific risks absent in conventional systems. In this work, we present two-part study that uses scenario planning to evaluate emerging risks of IoT in a variety of financial products and services, using ISO/IEC 20005:2008 to assess those risks from related work. Over 1,400 risks were evaluated from a risk assessment with 7 security professionals within the financial industry, which was contrasted with an external survey of 40 professionals within academia and industry. From this, we draw a range of insights to advise future IoT research and decision-making regarding potentially under-appreciated risks. To our knowledge, we provide the first empirical investigation for which threats, vulnerabilities, asset classes and, ultimately, risks may take precedence in this domain.

[1]  T. L. Lewis,et al.  mHealth and Mobile Medical Apps: A Framework to Assess Risk and Promote Safer Use , 2014, Journal of medical Internet research.

[2]  Athanasios V. Vasilakos,et al.  A survey on trust management for Internet of Things , 2014, J. Netw. Comput. Appl..

[3]  Xinghuo Yu,et al.  Smart Electricity Meter Data Intelligence for Future Energy Systems: A Survey , 2016, IEEE Transactions on Industrial Informatics.

[4]  Florian Michahelles,et al.  A mobile product recommendation system interacting with tagged products , 2009, 2009 IEEE International Conference on Pervasive Computing and Communications.

[5]  Dong Wang,et al.  A Content-aware Fridge based on RFID in smart home for home-healthcare , 2009, 2009 11th International Conference on Advanced Communication Technology.

[6]  Thomas J. Chermack,et al.  Organizational ambidexterity: Integrating deliberate and emergent strategy with scenario planning , 2010 .

[7]  Hannu Tenhunen,et al.  Two-Layered Wireless Sensor Networks for Warehouses and Supermarkets , 2009, 2009 Third International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies.

[8]  Ben Walters,et al.  QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[9]  Sudarshan S. Chawathe,et al.  Beacon Placement for Indoor Localization using Bluetooth , 2008, 2008 11th International IEEE Conference on Intelligent Transportation Systems.

[10]  Esmaeil S. Nadimi,et al.  Monitoring and classifying animal behavior using ZigBee-based mobile ad hoc wireless sensor networks and artificial neural networks , 2012 .

[11]  P. Schoemaker Scenario Planning: A Tool for Strategic Thinking , 1995 .

[12]  Raúl Parada,et al.  Enhancing the shopping experience through RFID in an actual retail store , 2013, UbiComp.

[13]  Teresa Ribeiro,et al.  Technological Forecasting & Social Change Scenario planning in public policy : Understanding use , impacts and the role of institutional context factors ☆ , 2009 .

[14]  George Wright,et al.  Exploring e-government futures through the application of scenario planning , 2004 .

[15]  Mei-Shiang Chang,et al.  A scenario planning approach for the flood emergency logistics preparation problem under uncertainty , 2007 .

[16]  Dimitris Gritzalis,et al.  A Risk Assessment Method for Smartphones , 2012, SEC.

[17]  Konstantinos Markantonakis,et al.  Towards trusted execution of multi-modal continuous authentication schemes , 2017, SAC.

[18]  Soundar Kumara,et al.  Sensors, networks and internet of things: research challenges in health care , 2011, IIWeb '11.

[19]  Tatsuya Inaba Impact Analysis of RFID on Financial Supply Chain Management , 2007, 2007 IEEE International Conference on Service Operations and Logistics, and Informatics.

[20]  Clarissa Cassales Marquezan,et al.  Future Internet Technology for the Future of Transport and Logistics - (Invited Paper) , 2011, ServiceWave.

[21]  Upkar Varshney,et al.  Pervasive Healthcare and Wireless Health Monitoring , 2007, Mob. Networks Appl..

[22]  Günter Schreier,et al.  Feasibility of mHealth and Near Field Communication technology based medication adherence monitoring , 2012, 2012 Annual International Conference of the IEEE Engineering in Medicine and Biology Society.

[23]  Joaquín B. Ordieres Meré,et al.  Smart factories in Industry 4.0: A review of the concept and of energy management approached in production based on the Internet of Things paradigm , 2014, 2014 IEEE International Conference on Industrial Engineering and Engineering Management.

[24]  David Wright,et al.  Flying 2.0 Enabling automated air travel by identifying and addressing the challenges of IoT & RFID technology , 2010 .

[25]  Igor Linkov,et al.  Scenario and multiple criteria decision analysis for energy and environmental security of military and industrial installations , 2011, Integrated environmental assessment and management.