An Exploratory Analysis of the Security Risks of the Internet of Things in Finance

Carlton Shepherd, Fabien Petitcolas, Raja Naeem Akram, Konstantinos Markantonakis

Research output: Chapter in Book/Report/Conference proceedingConference contribution


The Internet of Things (IoT) is projected to significantly impact consumer finance, through greater customer personalisation, more frictionless payments, and novel pricing schemes. The lack of deployed applications, however, renders it difficult to evaluate potential security risks, which is further complicated by the presence of novel, IoT-specific risks absent in conventional systems. In this work, we present two-part study that uses scenario planning to evaluate emerging risks of IoT in a variety of financial products and services, using ISO/IEC 20005:2008 to assess those risks from related work. Over 1,400 risks were evaluated from a risk assessment with 7 security professionals within the financial industry, which was contrasted with an external survey of 40 professionals within academia and industry. From this, we draw a range of insights to advise future IoT research and decision-making regarding potentially under-appreciated risks. To our knowledge, we provide the first empirical investigation for which threats, vulnerabilities, asset classes and, ultimately, risks may take precedence in this domain.
Original languageEnglish
Title of host publicationTrust, Privacy and Security in Digital Business
Subtitle of host publication14th International Conference, TrustBus 2017, Lyon, France, August 30-31, 2017, Proceedings
EditorsJavier Lopez, Simone Fischer-Hübner, Costas Lambrinoudakis
Number of pages16
ISBN (Electronic)978-3-319-64483-7
ISBN (Print)978-3-319-64482-0
Publication statusE-pub ahead of print - 27 Jul 2017
Event14th International Conference on Trust, Privacy & Security in Digital Business - Jean Moulin University Lyon III, Lyon, France
Duration: 28 Aug 201731 Aug 2017

Publication series

NameLecture Notes in Computer Science
PublisherSpringer, Cham
ISSN (Print)0302-9743


Conference14th International Conference on Trust, Privacy & Security in Digital Business
Abbreviated titleTrustBus 2017
Internet address

Cite this