News




        "Or will the big banks get their way and have the agency   authentication, or creating integrity checks that the apps
        neutered?"                                              would perform to see if they've been altered to include
                                                                malicious code would all go a long way toward mediating
        IBM, Visa tackle IoT                                    the problem," Greenberg wrote.

                                                                Multifactor security schemes
        security                                                A December 2016 report published by the Financial

                                                                Services Information Sharing and Analysis Center, Retail
                                                                Cyber Intelligence Sharing Center and United States
              BM Corp. and Visa Inc. introduced a cross-platform   Secret Service urged the retail community to mitigate
              solution Feb. 16, 2017, designed to improve security   cyberattack  risks  by  adopting  the  stronger  encryption,
              on the Internet of Things (IoT) by aligning the global   end-to-end encryption and tokenization of card account
        I brands' patented technologies and capabilities. By    numbers.
        integrating IBM's Watson IoT Platform and Visa's Token
        Service, the companies will enhance security in payment-  Multibrand, multifactor solution
        enabled devices, including wearables, appliances and    Visa and IBM representatives stated the companies will
        cars, the companies stated.
                                                                leverage Visa Token Service, which replaces sensitive
                                                                account information found on payment cards with unique
        "The Internet of Things is not only driving a more      digital identifiers to process payments without exposing
        connected world; it's changing the way we live, shop and   actual account details. The service, part of the Visa Ready
        pay, by moving data and the point of sale to wherever the   partnership program, is used by third-party Visa-certified
        consumer wants it to be," said Jim McCarthy, Visa's Global   token service providers.
        Head of Innovation and Strategic Partnerships. "With
        the power of Watson's cognitive technologies and IBM's   The companies additionally plan to roll out Visa payment
        leadership in IoT and security, they are the ideal partner   services in the IBM Cloud, making Visa Tokens available to
        to help us deliver secure payments to 'virtually anywhere'   IBM's Watson IoT Platform customers, enabling merchants
        and on the enormous scale of the IoT."
                                                                and consumers to connect to billions of devices, sensors
        IoT's broad attack surface                              and systems worldwide. The partners are confident the
                                                                co-branded solution, combined with their immense global
        Marc-Roger Gagné, Principal at Ottawa, Canada-based     footprints, will help the solution rapidly scale.
        Gagné Legal Services and board member of the Privacy
        and Access Council of Canada, stated the IoT represents   Consumer technology experts have seen steady growth
        a broader attack surface for cybercriminals, providing   in connected cars and expect the trend to continue. The
        opportunities to exploit operating system weaknesses,   Watson IoT Platform is designed to enhance connected
        infect connected devices with malware and spoof         cars by securing information in the cloud and alerting
        legitimate apps to steal login credentials.             consumers when vehicles need updates and renewals.
                                                                "With this information, the driver can order parts with the
        "For security professionals, the difference between     push of a button or schedule a service appointment at their
        defending a corporate data structure from attack and    preferred local garage," IBM representatives stated. "The
        defending that same structure once it's connected to the   driver could even pay for gas through a direct interaction
        IoT is vast," he said. "Compare it to defending a bank and   between the car and the gas pump."
        defending a country."

        Indeed, Wired journalist Andy Greenberg reported Russian   OCC enters uncharted
        cybersecurity firm Kaspersky Lab found serious, distinct
        flaws in nine Android-connected car apps. In Android Phone   fintech waters
        Hacks Could Unlock Millions of Cars, published Feb. 16, 2017,
        Greenberg also cited independent security professional
        Samy Kamkar, who planted sniffing devices in cars to                 hile industry experts agree the Office of the
        hack their apps. These included the General Motors                   Comptroller of the Currency's proposal to
        Corp. OnStar, Fiat Chrysler Uconnect and Mercedes-Benz               consider granting fintech bank charters has
        mbrace. Once inside the app, Kamkar could locate and    W broad implications for the banking indus-
        unlock the cars, and sometimes start ignitions, Greenberg   try, they disagree on what those implications are. The
        stated.                                                 proposal was set forth in the OCC's December 2016, white
                                                                paper, Exploring Special Purpose National Bank Charters for
        "Encrypting or  hashing  the credentials stored on the   Fintech Companies.
        device, adding two-factor authentication or fingerprint



                                                                                                                11