TMG Fraud Expert Releases White Paper On Securing The ‘Internet Of Banking Things’

(Des Moines, Iowa – January 31, 2017) – “If there’s one thing we’ve learned about the evolution of fraud, it’s that criminals almost always take the path of least resistance,” writes TMG Fraud Prevention Manager Ashley McAlpine in a new white paper for community financial institutions. That path, McAlpine says, is increasingly paved with unprotected Internet-enabled devices for the home, car and office. Gadgets that will one day power the Internet of Banking Things, these connected devices are full of potential to deepen financial institutions’ relationships with consumers, yet too new to have been fully vetted for security vulnerabilities, McAlpine asserts. 

Payment fraud experts are monitoring the development of the Internet of Things (IoT) with a watchful eye. This is largely due to the likelihood IoT solutions will change dramatically the way consumers buy and pay for goods and services. “Because financial payments are one of the daily tasks keeping people from things they would rather be doing, many IoT solutions are likely to connect to payment systems,” McAlpine writes. Examples McAlpine points to are smart meters that pay a customer’s monthly water bill or parking apps that automatically pay the garage or meter fees.

“Financial institutions, too, are beginning to explore how plugging into the growing IoT can improve relationships with consumers,” writes McAlpine. Early IoT banking moves she cites in the paper are Capitol One’s partnership with Amazon Echo and Mastercard’s collaboration with Samsung to power grocery orders made by smart refrigerators. “As more financial institutions jump into IoT products and services, security must be at the top of the consideration list,” she writes.

Four early best practices for securing IoT solutions are included in the paper:

SECURE IN LAYERS – Using multiple factors for authentication, where one of the factors is biometric in nature, is gaining traction as a best practice. However, only 30 percent of businesses plan to increase multifactor authentication through 2017 – a signal there continues to be hurdles to greater adoption of the strategy.

CHANGE PASSWORDS AND INSTALL UPDATES – It’s increasingly important for device owners to change the default passwords that come with their IoT devices. One survey found 20 percent of organizations have never changed their default passwords on privileged accounts, nor the systems and machines connected to them. Just as important is installing device updates, which often contain patches for known security vulnerabilities, as they become available.

THINK BEYOND THE DEVICE – The IoT dictates we think about the security not only of the gadget, but also of the apps loaded to it, the network powering it, the servers connected to it and the technology driving it (e.g., cloud-based solutions).

REMEMBER THE BASICS – Connected devices are only as safe as the router and/or WiFi network they are attached to. IoT technology users have to practice basic WiFi and network connection security, such as good passwords, solid encryption and frequent software updates.

McAlpine concludes the paper with this thought: “Financial institutions are right to optimistically explore the IoT’s potential to improve experiences and deepen relationships – so long as that exploration includes the security and controls consumers expect.”

Credit unions and community banks are encouraged to download the paper, “Security Concerns in the Internet of Banking Things,” at