You are here

What IoT Can Learn From The Payment Card Industry | Cypress Semiconductor

What IoT Can Learn From The Payment Card Industry

This is part one of a two part series.

The IoT industry is evolving past the proliferation-at-all-costs phase and into a phase focused on profitability. Engineering teams are responding by critically examining every added piece of hardware that isn’t viewed as critical to the intended purpose of the smart device. Interestingly, many think of privacy and security – which are both highly visible topics in the news – as a cost and not a value-added feature. It seems that consumers have not transitioned their general privacy concerns into a preference for secure IoT devices. That said, a breach of an IoT product’s security can kill it, perhaps more quickly than almost any other failing; such is the public’s heightened sensitivity to privacy breaches and online crimes.

This puts the IoT industry between the proverbial rock and a hard place. The good news is there are lessons from the payment card industry that can be applied to the IoT to help reconcile the dilemma.

Managing the cost of an IoT device extends beyond the bill of materials (BOM). Allocated costs can affect the profitability of an IoT device just as much as the BOM cost. Secure manufacturing is one such allocated cost. The total cost of ownership for provisioning secure IoT devices includes capital investment for controlled access facilities, isolated equipment, and special custom inventory. Given that a particular IoT device on average will sell less than one million units per year, and in fact, possibly less than five hundred thousand units, the per unit cost burden of this investment is prohibitive. For OEMs, managing this cost likely means outsourcing to a third-party that is aggregating volume over many customers.

Whether it’s in-house or outsourced, aggregating volume for secure provisioning fundamentally requires a common approach across different applications. The Payment Card Industry (PCI), where the billions of dollars’ worth of transactions are securely conducted, can offer some clues on how to develop this approach.

Rather than foster independent transaction processes, Europay, MasterCard and Visa came together in 1993 to standardize the process for secure transactions. This normative influence yielded tremendous efficiency in the design and operation of payment networks and manufacturing of credit cards. The high cost of constructing controlled facilities and procuring secure, qualified programming equipment is amortized across millions of units aggregated across payment networks and banks so that the per-unit cost is very low.

The question for embedded OEMs: Is this evolution happening for the IoT?

Part two of this blog will examine what this looks like. **Spoiler! It’s already available!**

ALL CONTENT AND MATERIALS ON THIS SITE ARE PROVIDED "AS IS". CYPRESS SEMICONDUCTOR AND ITS RESPECTIVE SUPPLIERS MAKE NO REPRESENTATIONS ABOUT THE SUITABILITY OF THESE MATERIALS FOR ANY PURPOSE AND DISCLAIM ALL WARRANTIES AND CONDITIONS WITH REGARD TO THESE MATERIALS, INCLUDING BUT NOT LIMITED TO, ALL IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT OF ANY THIRD PARTY INTELLECTUAL PROPERTY RIGHT. NO LICENSE, EITHER EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, IS GRANTED BY CYPRESS SEMICONDUCTOR. USE OF THE INFORMATION ON THIS SITE MAY REQUIRE A LICENSE FROM A THIRD PARTY, OR A LICENSE FROM CYPRESS SEMICONDUCTOR.

Content on this site may contain or be subject to specific guidelines or limitations on use. All postings and use of the content on this site are subject to the Terms and Conditions of the site; third parties using this content agree to abide by any limitations or guidelines and to comply with the Terms and Conditions of this site. Cypress Semiconductor and its suppliers reserve the right to make corrections, deletions, modifications, enhancements, improvements and other changes to the content and materials, its products, programs and services at any time or to move or discontinue any content, products, programs, or services without notice.