You are here

What IoT Can Learn From The Payment Card Industry | サイプレス セミコンダクタ

What IoT Can Learn From The Payment Card Industry

This is part one of a two part series.

The IoT industry is evolving past the proliferation-at-all-costs phase and into a phase focused on profitability. Engineering teams are responding by critically examining every added piece of hardware that isn’t viewed as critical to the intended purpose of the smart device. Interestingly, many think of privacy and security – which are both highly visible topics in the news – as a cost and not a value-added feature. It seems that consumers have not transitioned their general privacy concerns into a preference for secure IoT devices. That said, a breach of an IoT product’s security can kill it, perhaps more quickly than almost any other failing; such is the public’s heightened sensitivity to privacy breaches and online crimes.

This puts the IoT industry between the proverbial rock and a hard place. The good news is there are lessons from the payment card industry that can be applied to the IoT to help reconcile the dilemma.

Managing the cost of an IoT device extends beyond the bill of materials (BOM). Allocated costs can affect the profitability of an IoT device just as much as the BOM cost. Secure manufacturing is one such allocated cost. The total cost of ownership for provisioning secure IoT devices includes capital investment for controlled access facilities, isolated equipment, and special custom inventory. Given that a particular IoT device on average will sell less than one million units per year, and in fact, possibly less than five hundred thousand units, the per unit cost burden of this investment is prohibitive. For OEMs, managing this cost likely means outsourcing to a third-party that is aggregating volume over many customers.

Whether it’s in-house or outsourced, aggregating volume for secure provisioning fundamentally requires a common approach across different applications. The Payment Card Industry (PCI), where the billions of dollars’ worth of transactions are securely conducted, can offer some clues on how to develop this approach.

Rather than foster independent transaction processes, Europay, MasterCard and Visa came together in 1993 to standardize the process for secure transactions. This normative influence yielded tremendous efficiency in the design and operation of payment networks and manufacturing of credit cards. The high cost of constructing controlled facilities and procuring secure, qualified programming equipment is amortized across millions of units aggregated across payment networks and banks so that the per-unit cost is very low.

The question for embedded OEMs: Is this evolution happening for the IoT?

Part two of this blog will examine what this looks like. **Spoiler! It’s already available!**

このサイトに掲示されているすべてのコンテンツと資料は、「そのままの状態」で提供されます。サイプレス セミコンダクタとその関連サプライヤは、これらの資料について、いかなる目的への適合性をも表明することはありません。また、これらの資料について、すべての保証や条件を放棄します。これには、暗示的な保証および条件、商用性、特定の目的への適合性、すべてのサードパーティの知的財産権に対する権利と非侵害などが含まれますが、これらに制限されることはありません。サイプレス セミコンダクタにより、明示または暗示にかかわらず、禁反言などによるライセンスは、付与されないものとします。このサイトに掲示されている情報の使用には、サードパーティまたはサイプレス セミコンダクタからのライセンスが必要となる場合があります。

このサイトのコンテンツには、特定のガイドラインや使用制限が含まれている場合があります。このサイトにおけるすべての掲示やコンテンツの使用は、サイトの利用規約に準じて行われるものとします。このコンテンツを使用するサードパーティは、制限やガイドラインに従い、このサイトの利用規約を遵守するものとします。サイプレス セミコンダクタとそのサプライヤは、コンテンツや資料、その製品、プログラム、サービスに対し、いつでも修正、削除、変更、改善、向上、その他の変更を加える権利を有します。また、いかなるコンテンツ、製品、プログラム、サービスを予告なく変更または閉鎖する権利を有します。