A refrigerator that knows when there isn’t enough milk for breakfast. Lightbulbs that react to motion and change color based on a programmed schedule. Smart speakers that know when it’s time to restock the dog food and buy more paper towels…. The connected life is here to stay.
What started with relatively simple technology to power smart phones and smart watches has quickly evolved into the exciting and challenging domain of the Internet of Things (IoT).
You may wonder what the IoT has to do with chargebacks and friendly fraud. While IoT technology has enabled fast and easy ways for merchants to support consumer demands of instant gratification, these same devices also pose serious security risks. Because there is limited regulation around the security protocols of IoT devices, apps, and developing technology, the connected home has become an ideal playground for fraudsters.
Accomplished hackers are working hard to penetrate connected devices, creating an entirely new level of fraud. Consider this scenario:
- A consumer has a smart device programmed to deliver groceries once a week.
- The consumer never has to log in or verify credentials, the credit card is charged, and she is never asked to review or confirm the charge.
- A hacker breaches the smart device security protocols and adds additional grocery orders that are sent to different addresses.
- Because there is an existing grocery order, the merchant may not question these new transactions and never confirms them with the consumer.
- Later, the consumer reviews her credit card statement and is shocked to see multiple grocery orders that she did not authorize.
- Frustrated, the consumer files a chargeback and abandons the merchant. To make matters worse, she posts about the experience on social media. Now the merchant is at risk of losing loyal consumers who fear their accounts will be hacked.
Connected Device Security
Unfortunately, just such IoT attacks happen frequently, with deep ramifications for merchants, manufacturers, and consumers. To drive home the severity and risk level of cyber-attacks against smart devices, Yossi Atias, General Manager of IoT Security at BullGuard, set up a smart home at the 2017 Mobile World Congress Americas. In his demonstration, Atias showed how easy it is to hack into a secure smart home that uses multiple IoT devices, including a smart alarm, smart lock, Amazon Echo, and an IP camera.
So, what does this mean for merchants? In order to be vigilant, they must put in place fraud protection solutions that feature the latest in technology and intelligence.
- Geolocation. Verifies the location of the consumer with the actual location of the active card
- Biometric analysis. Compares the consumer’s fingerprint with that of the cardholder
- Address verification service. The issuer compares the addresses provided during the transaction
- CVV. Acts as an additional credit card security code during final payment authorization
- IP intelligence. Provides deep analysis of the IP address used for the transaction to monitor possible risks associated with the IP location
- Device intelligence. Exposes specific identifying details of the connected device submitting the transaction through deep packet inspection and proxy piercing capabilities
- 3 Domain Secure. Works as a cardholder authentication protocol for e-commerce transactions and CNP purchases
- Merchant co-op. Compares new orders against millions of orders by other merchants contributing in-network and scrubbed for fraud risk
- SSL. Ensures secure encrypted communication protocols between devices and payment solutions
Merchants cannot rely on the inherent security of the connected devices their consumers use. It’s your responsibility to take extra security precautions to protect consumers and your business from fraudsters.
The technology and knowledge about IoT security is readily available, and we encourage you to be proactive against fraud threats. Contact the Verifi team to discuss your questions and concerns about IoT security – from mobile wallets, digital fingerprinting, smart speaker security, to multi-layered fraud protection and more.