The Internet of Things: the good, the bad, and the ugly

August 31, 2018

When it comes to adopting new technologies such as the Internet of Things (IoT) some industries are more cautious than others. The adoption of modern technologies in Financial Services, for example, is a significant challenge due to legacy systems and strict regulation by authorities, resulting in a conservative approach when it comes to innovation. However, according to recent research by IDC Financial Insights and PricewaterhouseCoopers GmbH (PwC) Financial Services, primarily retail banks will heavily invest to leverage IoT technologies (FinTech Futures, 2016).



The Internet of Things – good for the customer and the business

The IoT is a win-win for both, business and customer because it enables Financial Services to collect, aggregate and analyse data in such a way that it allows them to:


  • Predict customer buying and spending trends.

  • Gain customer insights.

  • Create personalised customer experiences.

  • Offer new services and products.

  • Offer customised, on-demand value-added services.

  • Effectively leverage their resources (Infosys Limited, 2017; Yurcan, 2016).


The collection of data enables Financial Services to find out what their customers want, need, and more importantly, what their future desires may be – getting a 360-degree view of their customers. These data insights allow for targeted offers and opportunities to cross-sell services (Ng & Wakenshaw, 2015; OECD, 2016). For example, a customer that frequently buys goods from a pet shop may get a personalised offer the next time they log into their online bank account to recommend them the purchase of pet insurance. Alternatively, using geolocation-tracking, a customer walking into a car dealership might get a notification on their smartphone with a pre-approved loan offer. The collection and analysis of real-time customer and market data such as spending habits and insights from social media profiles improves the ability to determine financial risk better, and decisions such as pre-approved loans to be made almost instantly (Berg, 2016; Del Giudice, Campanella & Dezi, 2016; Goldstein, 2017; Infosys Limited, 2017).

The IoT also helps Financial Services to operate efficiently, using resources where they are needed, for example:


  • Analysis of usage data of ATMs to steer the installation or de-installation of ATMs depending on their usage.

  • Tracking inventory at a borrower’s warehouse to monitor their sales and deduct loan repayments when stock items are sold (Infosys Limited, 2017).


However, collecting all this data is a slippery slope, and Financial Services need to ensure they act in compliance with data protection and consumer laws, such as the General Data Protection Regulation (GDPR) (Infosys Limited, 2017; World Market Intelligence News, 2016; Yurcan, 2016).


The bad – privacy concerns clouding the benefits of IoT

Customers may benefit from real-time lending decisions and customised services, but is that enough to look past the privacy concerns resulting from the collection of personal information?


The GDPR is the European Union's (EUs) answer to address the increasing privacy concerns created by technologies such as the IoT, requiring firms to spend big money on getting infrastructure and systems aligned to comply. The regulation applies to all companies and is enforcing compliance regarding how, and for what reasons companies process personal data belonging to people based in the EU (EU GDPR Portal, n.d.).


This kind of regulation creates massive overheads because it touches every process involving personal data and firms must implement proper data management and security to achieve compliance (Infosys Limited, 2017). However, GDPR is only the tip of the iceberg. Due to the fast-growing nature of technologies such as the IoT and the requirement of Financial Services to keep up with the competition and innovate, new technologies are often quicker implemented than regulated, resulting in an ongoing compliance-battle (PwC Financial Crimes Unit, 2015; Soto, 2016).


The ugly part of the Internet of Things – when privacy concerns turn into issues

The possibilities for adopting IoT technologies in Financial Services are endless, but there are, in addition to complying with data protection laws, security risks that cannot be ignored (Infosys Limited, 2017; World Market Intelligence News, 2016).


In 2017, more than 8.4 billion IoT-devices were connected, 31 percent more than in 2016 (Gartner, 2017). More devices mean more threat agents, people or groups that could facilitate an attack, and exploit vulnerabilities in IoT-devices or its underlying infrastructure and applications (O´Neill, 2014). According to the research, IoT-devices themselves are often just the entry point to the underlying systems because they often do not have adequate security controls (Jeyanthi & Thandeeswaran, 2017; PwC Financial Crimes Unit, 2015).


Attacks could become a reality without robust baseline security across IoT-devices and systems (5 cybersecurity predictions for FSI, 2017; PwC Financial Crimes Unit, 2015). There are many ways that unauthorised access to confidential data can be gained and connected devices compromised. Attacks can range from distributed denial-of-service (DDoS) attacks and the installation of botnets to targeted cyber-attacks by professional hackers. The risk of such cyber-attacks is increased through a larger attack surface, that is, more connected devices. Leveraging the network effect, these attacks can compromise anything from a single device to an entire so-called “smart city” (Jeyanthi & Thandeeswaran, 2017; Lindqvist & Neumann, 2017; PwC Financial Crimes Unit, 2015). 


However, one of the biggest threats is human. People can also be the trigger for data and system compromise. On the one hand, insider attacks performed by disgruntled employees that manipulate systems, on the other hand, users that are unaware of security risks and policies (Delgado, 2015; Misra, Maheswaran & Hashmi, 2016; PwC Financial Crimes Unit, 2015).


This debate discussed only part of what could go wrong, and the mentioned risks are by no means exhaustive. Regulatory and compliance risks, operational risks regarding device management and also, third-party risk due to the substantial involvement of service providers in the provisioning and control of the IoT also exist (Jeyanthi & Thandeeswaran, 2017; Lindqvist & Neumann, 2017; PwC Financial Crimes Unit, 2015, Soto, 2016).



Based on my professional experience and the insights obtained from the research I conclude that the benefits of IoT for Financial Services regarding cost savings, increased efficiency, productivity and customer satisfaction outweigh the disadvantages. However, the challenge to keep customers’ data safe and private remains. Moreover, due to the sensitive and highly confidential nature of the data in Financial Services, IoT-security is not only a significant pain-point for Executives but also in focus of internal and external regulatory IT-audit teams. Furthermore, compliance with existing and emerging regulatory requirements and establishing a standard level of security is critical to not only overcome the challenges of the IoT in financial services institutions but also to leverage the IoT to its full extent.




5 cybersecurity predictions for FSI. (2017). Networks Asia. Retrieved from

Berg, H. (2016). How the Internet of Things will change banking. Retrieved from

C.L. Ng, I., Wakenshaw, S.Y.L. (2015). The Internet-of-Things: Review and research directions. International Journal of Research in Marketing, 34(1), 3-21.

Delgado, E. (2015). The internet of things: emergence, perspectives, privacy and security issues. Retrieved from

Del Giudice, M., Campanella, F., & Dezi, L. (2016). The bank of things: An empirical investigation on the profitability of the financial services of the future. Business Process Management Journal, 22(2), 324-340.

EU GDPR Portal. (n.d.). GDPR Key Changes. Retrieved from

FinTech Futures. (2016). IoT and the banking revolution. Retrieved from

Gartner. 2017. Press Release: Gartner Says 8.4 Billion Connected "Things" Will Be in Use in 2017, Up 31 Percent From 2016. Retrieved from

Goldstein, P. 2017. How Is IoT Impacting Banks and Financial Services? Retrieved from

Infosys Limited. (2017). IoT-enabled Banking Services [White paper]. Retrieved from

OECD. (2016). The Internet of Things: Seizing the Benefits and Addressing the Challenges. (Digital Economy Papers, 252). Paris, France: OECD Publishing.

Jeyanthi, N., & Thandeeswaran, R. (2017). Security breaches and threat prevention in the internet of things. Retrieved from

Lindqvist, U., & Neumann, P. (2017). The future of the internet of things. Communications of the ACM,60(2), 26-30.

Misra, S., Maheswaran, M., & Hashmi, S. (2016). Security challenges and approaches in internet of things. Retrieved from

O´Neill, M. (2014). The Internet of Things: Do more devices mean more risks? Computer Fraud & Security, 2014(1), 16-17.

PwC Financial Crimes Unit. (2015). Cyber: Securing your Internet of Things. Retrieved from

Soto, C. 2016. Top 3 Cybersecurity Challenges Facing the Finance Sector in 2017. Retrieved from

World Market Intelligence News. (2016). What should the banking sector look out for in 2016? Retrieved from

Yurcan, B. (2016, June 27). Banking on the internet of things: More than restocking fridges. American Banker. Retrieved from