Perspectives

Connected devices may not disconnect fraud

The Internet of things and its impact on fraud

What if your refrigerator had the ability to set temperatures depending on the perishables stored? Wouldn’t it be convenient and save money on electricity bills? You could spend your time in other meaningful pursuits. But what if the refrigerator malfunctioned and short circuited itself, based on erroneous data provided to it, clouding its judgement? This is the power and the pitfall of the Internet of Things connected devices with inbuilt sensors that allow data exchange with other machines, enabling them to take decisions with minimal human intervention.

Connected devices are programmed to collect huge amounts of real time data, process it, and act as per set algorithms. What they aren’t currently programmed for is to ascertain if the data provided is genuine or not.

An example of this was discovered in the banking industry. Several banks began using IoT-enabled ATMs to decentralize their ATM operations, but fraudsters discovered that these IoT-based systems could be a point of entry through which account balances could be accessed and manipulated. Through this control, they began to perpetrate any number of transactions, and programmed the accounts to show unchanged balance. This shows that vulnerabilities in computer networks (on which these IoT devices primarily function) and data privacy breaches are enough for devices to malfunction.
In many cases, physical dangers could also be a concern as machines increasingly make autonomous decisions at lightning speeds. For example, if network control points are not properly protected from a malicious attack, machines controlling airplanes, high-speed trains, cars, or pacemakers could be compromised and cause physical harm.

We believe the presence of these known vulnerabilities in the IoT ecosystem provides organizations with an opportunity to set the right internal controls in place so that they can leverage the benefits that connected devices offer, while mitigating risks. Some of these measures include:

  • Reviewing security and implementing data governance by re-looking at the gateways used
  • Setting data protocol standards including monitoring your connected devices in real-time and running diagnostics to identify and troubleshoot issues
  • Identifying the right business and technology partners in your IoT journey

    You can read more about the potential and pitfalls of IoT and connected devices here

    If you have any comments or would like to share your views, please write to us at inforensic@deloitte.com or on Twitter by following @deloitteindia.

Authored by: Jayant Saran, Partner, Deloitte India

Did you find this useful?