Payments seem to be spreading to more and more connected objects. Are we entering a new era in payments with the Internet of Things?

The Internet was the first digital evolution of payments. Obviously, the ongoing evolution is mobile payment and we are seeing the concept expanding to every connected device. Wearables are going to be the next evolution, with markets expected to grow to between 210m and 340m between 2018 and 2020. For instance, we are proud to enable payments with the Ticwatch by Mobvoi, a famous smart watch brand in China, and we are equally proud to be embedding the latest payment technologies in watches produced by Swatch, the renowned Swiss watchmaker. In the future, most of the devices that are going to be connected are also going to be able to pay, to some extent. In these cases, IoT is not the name of the game, it’s actually Payment of Things.

How would you define the “Payment of Things”?

Multiple terms are already used to describe this concept: IoT-based payment, Internet of payments, Internet of Commerce. All these terms cover the same idea. Personally, to express this convergence of the IoT and of Payments, I prefer the term “Payment of Things”. And there will be two different steps in this phenomenon. Let’s take the example of the Amazon Dash Replenishment Service. The principle is to simplify the ordering of supplies for a given device, leveraging the network of Amazon. In the first step of the Payment of Things, you have the WiFi-enabled Dash button integrated to your washer, your printer, your water pitcher, or any connected home appliance, and you only need to push the button to order supplies. The payment is completed using your chosen online payment mode and you no longer need to go on your computer or your mobile to make the purchase and pay. In this case, the payment is still triggered by you, when you push the button.

But the system can go further. Some of your appliances are already on-boarding sensors to detect when supplies are running low. Using this data, your equipment could decide, by itself, to order the missing consumable. And, in this second case, it’s the thing itself that initiates the transaction. This is the second step of the Payment of Things. And this is only one example; a lot of devices could actually be enabled to trigger payments autonomously. We could imagine many more use cases, provided the security is there.

Do you foresee the emergence of new business models?

With these new types of devices that can handle payments autonomously, we are going to see a new step in the digital transformation of banks, beyond the smartphones and wearables. The Payment of Things will further embed digital payments into customers’ daily lives. It will change the way people consume and influence spending patterns. These new payment use cases will mainly be based on service usage and will rely on recurring bills or pay-per-use subscription models.

All these micro-transactions are likely to boost online purchasing and they will of course aim at further eliminating the boundaries between the purchase and payment to achieve frictionless payment. The connected objects are also a powerful tool to better know consumer habits. But again, the main transformation here will happen when the Things will become the actors of the transactions. This is how the IoT, and more specifically the Payment of Things, will create a new layer of the economy, with service and usage driven payment models.

What about humans in all this? For sure we will have to keep control of all these transactions initiated by the objects around us?

Of course, we must secure the authentication of the devices, but the authentication of the owners of the devices will remain critical too, notably at the time of service subscription. And in this domain I see another revolution taking place. As users of all these connected objects, we will need to “connect” to them and become, in some way, a part of the Internet ourselves. I call this phenomenon the “Internet of Humans”. The more critical the transaction we want to make, the more we need to identify ourselves. And the most obvious way to prove who we are is to use our own body. Of course I’m referring here to biometric identification. Payment is one of the use cases and, for instance, we are developing biometric payment cards integrating a fingerprint sensor so you won’t need to use a PIN number. And digital identity security will also be critical for access control use cases, be it to enter your car or cross borders. Through their fingerprint, iris, voice or facial recognition, humans will “connect” to the Internet of Things and become part of it. And this is another revolution that we will see happen at the same time as the Payment of Things revolution. Our role at OT is to improve the security while keeping it as transparent as possible in order to optimize the customer journey.

Very interesting. And when do you see this Payment of Things revolution happening?

It has already started. The automatic reorders triggered from connected home appliances are already possible and in the US you can also order and pay your groceries in the comfort of your own kitchen, on a screen of your fridge. We have started down the path of the Payment of Things, at least with the multiplication of payment-enabled devices.

Technically, adding payment capabilities to objects, connected or not, is what OT is doing every day with banks, Original Equipment Manufacturers or mobile operators. And as we transform everyday objects into new means of payment, and this applies even more when payment is delegated to the objects themselves, security is the key enabler. There will be no massive adoption of IoT and of PoT until security is guaranteed. Before even considering automated payments, we must ensure that the connectivity of the devices, more and more managed remotely, is secure and that they can be authenticated safely. Our mission at OT is to protect you when you connect, authenticate or pay and this means not only securing all the devices that you use, or will use, but also, ultimately, to secure the devices that will connect, authenticate or pay all by themselves..

What are the implications for the financial services industry?

The Payment of Things will multiply payment touch points and allow banks and merchants to get better insight into consumer behaviors. This will allow them to develop customized reward programs. And, as I said, from a consumer perspective, it will first provide the convenience of paying with whatever object you prefer, and secondly it will also ease your recurrent purchases to the point where you will no longer have to worry about them. But, again, we will not get there, and end-users will not adopt the technology, unless there is a real service-driven use case on top of the devices and unless security is guaranteed. Security will be even more crucial as we will delegate the ability to pay to the connected objects.

Most devices today are vulnerable to potential security threats and we are seeing breaches exposed by high profile cyber-attacks. If we do not secure these connected objects before we turn them into payment-enabled devices, we may introduce new risks into the payment ecosystem.

What is at stake for banks and device manufacturers?

Looking back at the history of payment, we know that fraud always migrates to the weakest point of the ecosystem. In most countries (Europe, UK, Canada, Australia) about 70% of the total amount of fraud comes from Internet payments, as EMV is widespread to secure card present payments. We are now putting a new technology on the market called OT MOTION CODETM, which provides a very simple fix to fighting online fraud by enabling the CVV number to change on the back of the card. As we continuously increase the security with innovative payment card technologies, fraud is bound to migrate to the IoT. The challenge for the banks will be to scale up their infrastructure and incorporate IoT into their digital payment strategy, to address the multiplication of payment means. And for the OEM it will be crucial to embed the security in end-point devices. Their brand will be the first to be affected in the event of a major security breach. To help OEMs and service providers secure all the digital services that will emerge from the IoT, such as new payment or access control use cases, there will be a need for a new generation of trusted third party able to grant in real time the authorizations to use these services and manage the associated credentials remotely.

Is the payment industry ready for this IoT tsunami?

IoT is intrinsically a dynamic and complex ecosystem. It involves many players, many types of devices, and promises many services that are yet to be invented and, of course, financial institutions together with schemes and tech players will have an essential role to play in this ecosystem. Banks have already set their course on the digital payment path with mobile wallets. They are also testing hands-free payments with wearables as well as payment extension to new form factors such as wristbands, pieces of jewelry, key-fobs, or whatever is more convenient to users. I believe there is a real appetite for the IoT and all the possibilities it will offer. At OT, we keep innovating in payments together with the 1,250 financial institutions around the globe which put their trust in us, and we are actively involved in the IoT space too, with OEMs to embed security in the devices, and also with MNOs to secure connectivity. It is all the more obvious for us to be offering support to our customers as the two technologies converge.

Why is security so critical?

Let’s take the example of the car industry. There will be no boom in driverless cars unless you provide a completely foolproof solution for the potential security problems, both in terms of global communication and each critical sub-element of the car. And why are we doing all that? We’re doing it to enable services: the purchase of navigation systems, payment of fuel or other items directly from the dashboard, access to the speedometer for the insurance company (with the driver’s permission) in order to reduce insurance costs. But we’re also doing all that for the driverless car industry. I did a very simple calculation to measure the impact of that technology. If tomorrow morning, we enabled driverless cars, what would be the impact on society? Let’s take an example with the largest market in the world in terms of GDP, the US market. Every single American, on average, spends one hour a day driving his car. In the future, these drivers will have one additional hour a day to do other things in their car, rather than driving. Given that consumption is roughly two-thirds of the GDP of a country, and if you take the assumption that a fraction of that time in a driverless car will be dedicated to buying, it means that enabling driverless cars, with the required security, is going to generate at least two additional points of GDP growth for the US. And that is only accounting for the additional time that the users will have to consume; it does not take into account the transactions that could be initiated autonomously by the cars themselves. By enabling IoT and by securing it, we have a societal role, not only the role of a technology enabler. We are going to enable the growth of both the industry and of society. As an industry we can feel very proud, but we also have to feel very wary about what we have in our hands. Together, we have the possibility to change the world, and to enable global growth on our connected planet.

What should the overall ecosystem be focused on now to ensure the success of this new industrial revolution of the Internet of Things?

This is an ecosystem game. Nobody can succeed alone. As I said, the enablers (network operators, OEMs, and us) together with financial institutions and service providers all need to work together in order to enable the IoT ecosystem in a safe way for everybody’s benefit. Standards are very important too. IoT and PoT are going to be successful only if we can ramp up and scale very quickly and we will only be able to achieve this with common practices across the whole range of devices.