Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trust and Privacy in Digital Business

TrustBus 2017: Trust, Privacy and Security in Digital Business pp 164–179Cite as

An Exploratory Analysis of the Security Risks of the Internet of Things in Finance

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10442))

Abstract

The Internet of Things (IoT) is projected to significantly impact consumer finance, through greater customer personalisation, more frictionless payments, and novel pricing schemes. The lack of deployed applications, however, renders it difficult to evaluate potential security risks, which is further complicated by the presence of novel, IoT-specific risks absent in conventional systems. In this work, we present two-part study that uses scenario planning to evaluate emerging risks of IoT in a variety of financial products and services, using ISO/IEC 20005:2008 to assess those risks from related work. Over 1,400 risks were evaluated from a risk assessment with 7 security professionals within the financial industry, which was contrasted with an external survey of 40 professionals within academia and industry. From this, we draw a range of insights to advise future IoT research and decision-making regarding potentially under-appreciated risks. To our knowledge, we provide the first empirical investigation for which threats, vulnerabilities, asset classes and, ultimately, risks may take precedence in this domain.

This is a preview of subscription content, log in via an institution.

Notes

  1. 1.

    AdhereTech is one example of sensor-enabled pillboxes (https://adheretech.com).

  2. 2.

    Beacons track users’ in-store location and push notifications to connected mobile devices. Beaconstac is one such example (http://www.beaconstac.com/retail).

References

  1. BS ISO/IEC 27005:2008 Information technology - Security techniques - Information security risk management. British Standards (BSI), June 2008

    Google Scholar 

  2. Flying 2.0 - Enabling automated air travel by identifying and addressing the challenges of IoT & RFID technology. Technical report. European Network and Information Security Agency (ENISA) (2010)

    Google Scholar 

  3. ENISA EFR Framework - Introductory Manual. Technical report. European Network and Information Security Agency (ENISA) March 2013

    Google Scholar 

  4. Accenture: Connected commerce hits the road (2016). https://www.accenture.com/be-en/success-visa-connected-commerce-car

  5. Alahakoon, D., Yu, X.: Smart electricity meter data intelligence for future energy systems: a survey. IEEE Trans. Industr. Inf. 12(1), 425–436 (2016)

    Article  Google Scholar 

  6. Bodwell, W., Chermack, T.J.: Organizational ambidexterity: integrating deliberate and emergent strategy with scenario planning. Technol. Forecast. Soc. Chang. 77(2), 193–202 (2010)

    Article  Google Scholar 

  7. Cairns, G., Wright, G., Bradfield, R., van der Heijden, K., Burt, G.: Exploring e-government futures through the application of scenario planning. Technol. Forecast. Soc. Chang. 71(3), 217–238 (2004)

    Article  Google Scholar 

  8. Capgemini: Wearable Devices and their Applicability in the Life Insurance Industry. April 2014. https://www.capgemini.com/resource-file-access/resource/pdf/wearable_devices_and_their_applicability_in_the_life_insurance_industry.pdf

  9. Chang, M.-S., Tseng, Y.-L., Chen, J.-W.: A scenario planning approach for the flood emergency logistics preparation problem under uncertainty. Transp. Res. Logistics Transp. 43(6), 737–754 (2007)

    Article  Google Scholar 

  10. Chawathe, S.S.: Beacon placement for indoor localization using bluetooth. In: 11th International IEEE Conference on Intelligent Transportation Systems, pp. 980–985. IEEE (2008)

    Google Scholar 

  11. DHL: Internet of Things in Logistics (2016). https://www.scribd.com/document/285437514/DHL-TrendReport-Internet-of-Things

  12. Franklin, R., Metzger, A., Stollberg, M., Engel, Y., Fjørtoft, K., Fleischhauer, R., Marquezan, C., Ramstad, L.S.: Future internet technology for the future of transport and logistics. In: Abramowicz, W., Llorente, I.M., Surridge, M., Zisman, A., Vayssière, J. (eds.) ServiceWave 2011. LNCS, vol. 6994, pp. 290–301. Springer, Heidelberg (2011). doi:10.1007/978-3-642-24755-2_27

    Chapter  Google Scholar 

  13. Gartner, Inc.: 6.4 Billion Connected ‘Things’ Will Be in Use in 2016, Up 30 Percent From November 2015. http://www.gartner.com/newsroom/id/3165317

  14. Gren, M.: Finance stock watch on Google play (2016). https://play.google.com/store/apps/details?id=com.mathck.android.wearable.stoc

  15. Gu, H., Wang, D.: A content-aware fridge based on RFID in smart home for home-healthcare. In: 11th International Conference on Advanced Communication Technology. ICACT 2009, vol. 2, pp. 987–990. IEEE (2009)

    Google Scholar 

  16. IBM: IBM Watson IoT for Insurance (2016). http://www.ibm.com/internet-of-things/iot-solutions/iot-insurance/

  17. Inaba, T.: Impact analysis of RFID on financial supply chain management. In: IEEE International Conference on Service Operations and Logistics, and Informatics, pp. 1–6 (2007)

    Google Scholar 

  18. Karvetski, C.W., Lambert, J.H., Linkov, I.: Scenario and multiple criteria decision analysis for environmental security of military and industrial installations. Environ. Assess. Manag. 7(2), 228–236 (2011)

    Article  Google Scholar 

  19. Kumara, S., Cui, L., Zhang, J.: Sensors, networks and internet of things: research challenges in health care. In: Proceedings of the 8th International Workshop on Information Integration on the Web, p. 2. ACM (2011)

    Google Scholar 

  20. Lewis, L., Wyatt, J.: mHealth and medical apps: a framework to assess risk and promote safer use. J. Med. Internet Res. 16(9), e210 (2014)

    Article  Google Scholar 

  21. Marinos, L.: ENISA threat taxonomy - a tool for structuring threat information. Technical report. European Union Agency for Network and Information Security (ENISA) (2016)

    Google Scholar 

  22. Melià-Seguí, J., Pous, R., Carreras, A., Morenza-Cinos, M., Parada, R., Liaghat, Z., De Porrata-Doria, R.: Enhancing the shopping experience through RFID in an actual retail store. In: Proceedings of the 2013 ACM Conference on Pervasive and Ubiquitous Computing, pp. 1029–1036. ACM (2013)

    Google Scholar 

  23. Morak, J., Schwarz, M., Hayn, D., Schreier, G.: Feasibility of mhealth and near field communication technology based medication adherence monitoring. In: 2012 IEEE International Conference on Engineering in Medicine and Biology, pp. 272–275. IEEE (2012)

    Google Scholar 

  24. Nadimi, E.S., Jørgensen, R.N., Blanes-Vidal, V., Christensen, S.: Monitoring and classifying animal behavior using ZigBee-based mobile ad hoc wireless sensor networks and artificial neural networks. Comput. Electron. Agric. 82, 44–54 (2012)

    Article  Google Scholar 

  25. NXP Semiconductors, FreeScale and ARM. What the Internet of Things (IoT) needs to become a reality (2013). http://www.nxp.com/assets/documents/data/en/white-papers/INTOTHNGSWP.pdf

  26. Schoemaker, P.J.H.: Scenario planning: a tool for strategic thinking. Sloan Manag. Rev. 36(2), 25–40 (1995)

    Google Scholar 

  27. PwC: Connected insurance (2016). https://www.pwc.com/it/it/publications/assets/docs/connected-insurance.pdf

  28. RAC Limited: Black box car insurance (2017). http://www.rac.co.uk/insurance/car-insurance/black-box-insurance

  29. Salesforce: Introducing Salesforce IOT Cloud (2016). http://www.salesforce.com/uk/iot-cloud/

  30. Saripalli, P., Walters, B.: Quirc: a quantitative impact and risk assessment framework for cloud security. In: 3rd International Conference on Cloud Computing, pp. 280–288. IEEE (2010)

    Google Scholar 

  31. Shepherd, C., Akram, R.N., Markantonakis, K.: Towards trusted execution of multi-modal continuous authentication schemes. In: Proceedings of the 32nd ACM Symposium on Applied Computing, pp. 1444–1451. ACM (2017)

    Google Scholar 

  32. Shrouf, F., Ordieres, J., Miragliotta, G.: Smart factories in industry 4.0: a review of the concept and of energy management approached in production based on the internet of things paradigm. In: IEEE International Conference on Industrial Engineering and Engineering Management, pp. 697–701. IEEE (2014)

    Google Scholar 

  33. Tata Constultancy: Banking, Financial Services: Pleasing Customers, Fighting Fraud (2016). http://sites.tcs.com/internet-of-things/industries/banking-and-financial-services/

  34. Theoharidou, M., Mylonas, A., Gritzalis, D.: A risk assessment method for smartphones. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IAICT, vol. 376, pp. 443–456. Springer, Heidelberg (2012). doi:10.1007/978-3-642-30436-1_36

    Chapter  Google Scholar 

  35. Varshney, U.: Pervasive healthcare and wireless health monitoring. Mobile Netw. Appl. 12(2–3), 113–127 (2007)

    Article  Google Scholar 

  36. Volkery, A., Ribeiro, T.: Scenario planning in public policy: understanding use, impacts and the role of institutional context factors. Technol. Forecast. Soc. Change 76(9), 1198–1207 (2009)

    Article  Google Scholar 

  37. Von Reischach, F., Guinard, D., Michahelles, F., Fleisch, E.: A mobile product recommendation system interacting with tagged products. In: Pervasive Computing and Communications, pp. 1–6. IEEE (2009)

    Google Scholar 

  38. Yan, Z., Zhang, P., Vasilakos, A.V.: A survey on trust management for IoT. J. Netw. Comput. Appl. 42, 120–134 (2014)

    Article  Google Scholar 

  39. Zhang, Z., Pang, Z., Chen, J., Chen, Q., Tenhunen, H., Zheng, L.-R., Yan, X.: Two-layered wireless sensor networks for warehouses and supermarkets. In: 3rd International Conference on Mobile Ubiquitous Computing, Systems, Services, and Technologies, pp. 220–224 (2009)

    Google Scholar 

Download references

Acknowledgements

The authors would like to thank those at Vasco Data Security, who initiated and supported this work; the participants of the user survey for their time and consideration; and the anonymous reviewers who provided their insightful and helpful comments. Carlton Shepherd is supported by the EPSRC and the UK government as part of the Centre for Doctoral Training in Cyber Security at Royal Holloway, University of London (EP/K035584/1).

Author information

Authors and Affiliations

  1. Information Security Group, Royal Holloway, University of London, Surrey, UK

    Carlton Shepherd, Raja Naeem Akram & Konstantinos Markantonakis

  2. Vasco Data Security, Wemmel, Belgium

    Fabien A. P. Petitcolas

Authors
  1. Carlton Shepherd
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fabien A. P. Petitcolas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Raja Naeem Akram
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Konstantinos Markantonakis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Carlton Shepherd .

Editor information

Editors and Affiliations

  1. University of Malaga, Malaga, Spain

    Javier Lopez

  2. Karlstad University, Karlstad, Sweden

    Simone Fischer-Hübner

  3. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Shepherd, C., Petitcolas, F.A.P., Akram, R.N., Markantonakis, K. (2017). An Exploratory Analysis of the Security Risks of the Internet of Things in Finance. In: Lopez, J., Fischer-Hübner, S., Lambrinoudakis, C. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2017. Lecture Notes in Computer Science(), vol 10442. Springer, Cham. https://doi.org/10.1007/978-3-319-64483-7_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-64483-7_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-64482-0

  • Online ISBN: 978-3-319-64483-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation