What IoT Can Learn From The Payment Card Industry | Cypress Semiconductor
What IoT Can Learn From The Payment Card Industry
This is part one of a two part series.
The IoT industry is evolving past the proliferation-at-all-costs phase and into a phase focused on profitability. Engineering teams are responding by critically examining every added piece of hardware that isn’t viewed as critical to the intended purpose of the smart device. Interestingly, many think of privacy and security – which are both highly visible topics in the news – as a cost and not a value-added feature. It seems that consumers have not transitioned their general privacy concerns into a preference for secure IoT devices. That said, a breach of an IoT product’s security can kill it, perhaps more quickly than almost any other failing; such is the public’s heightened sensitivity to privacy breaches and online crimes.
This puts the IoT industry between the proverbial rock and a hard place. The good news is there are lessons from the payment card industry that can be applied to the IoT to help reconcile the dilemma.
Managing the cost of an IoT device extends beyond the bill of materials (BOM). Allocated costs can affect the profitability of an IoT device just as much as the BOM cost. Secure manufacturing is one such allocated cost. The total cost of ownership for provisioning secure IoT devices includes capital investment for controlled access facilities, isolated equipment, and special custom inventory. Given that a particular IoT device on average will sell less than one million units per year, and in fact, possibly less than five hundred thousand units, the per unit cost burden of this investment is prohibitive. For OEMs, managing this cost likely means outsourcing to a third-party that is aggregating volume over many customers.
Whether it’s in-house or outsourced, aggregating volume for secure provisioning fundamentally requires a common approach across different applications. The Payment Card Industry (PCI), where the billions of dollars’ worth of transactions are securely conducted, can offer some clues on how to develop this approach.
Rather than foster independent transaction processes, Europay, MasterCard and Visa came together in 1993 to standardize the process for secure transactions. This normative influence yielded tremendous efficiency in the design and operation of payment networks and manufacturing of credit cards. The high cost of constructing controlled facilities and procuring secure, qualified programming equipment is amortized across millions of units aggregated across payment networks and banks so that the per-unit cost is very low.
The question for embedded OEMs: Is this evolution happening for the IoT?
Part two of this blog will examine what this looks like. **Spoiler! It’s already available!**