The challenges financial services face with IoT adoption 

Robert Prendergast discusses the untapped potential for IoT to benefit customers and optimise banks’ customer service delivery.

Credit: Shutterstock

Interactions between customers and connected devices yield two primary business avenues for financial services companies. The first is the ability to embed products and services into user interfaces and applications, ultimately boosting revenue. The second is the treasure trove of customer insights that can be extracted from user-generated data and the subsequent opportunities for more nuanced personalisation.  

While there is scope for incumbent financial services companies to sell proprietary IoT devices like mobile point-of-sale (mPoS) systems or telematics equipment for cars, the majority of IoT integration across the sector occurs via third-party consumer electronics devices like mobile phones, laptops, and smartwatches. This places a greater emphasis on software as opposed to hardware, for which the natural prowess lies with Big Tech players like Google, Apple, and Samsung Electronics.  

Some companies have had more ambitious visions in this respect. Mastercard and Visa, for example, both share the vision of making all connected devices payment-enabled. However, more ‘things’ connected to the internet have blurred the product and provider boundaries further, empowering Big Tech players while relegating incumbents to more functional or modular plays.  

Furthermore, IoT devices create more data points for financial services companies to capture, which may not have been explicitly permitted by users and customers. IoT also leads to more endpoints for potential cyberattacks, exacerbating what is already a widespread issue for the sector.  

IoT is already disrupting the financial services landscape. Most use cases across the sector have been explored. Combining IoT with other technologies has created opportunities for further innovation. For example, some banking and payments companies, such as JPMorgan Chase, JCB, and Mastercard, have explored the interplay between IoT in blockchain. In addition, the growing sophistication of generative AI could prove crucial for effectively conveying insights from IoT devices in natural language to customers and clients. Increasing tech regulation will place continued pressure on financial services companies in this regard to provide transparency into how customer data is being used. 

There are several challenges for financial services when implementing IoT. 

Embedded finance and disintermediation 

Ongoing digitalisation, supported by regulatory initiatives like open banking, has enabled various over-the-top digital services from new entrants. For example, digital front ends for banks with no banking licence, non-FS corporates offering financial services, such as credit cards or loans, or buy now, pay later (BNPL) finance.  

In response, embedded finance enables new routes to market for incumbent banks, so they can protect themselves from disintermediation by those ahead of them in the value chain. Embedded finance also creates a more multi-dimensional view of the value banks can provide. The landscape has expanded beyond traditional lending products and now encompasses the ability to disaggregate and provide various fixed costs of tech infrastructure as service offerings. Related to this trend, banks are also seeking to orchestrate non-financial ecosystems around financial products and get paid at the interplay of these two scenarios.  


The pandemic accentuated the need for personalisation across all industries, with financial services being no exception. Algorithms that learn over time to inform product propensity models have helped providers develop customised engagement strategies to increase conversion rates. Meaningful personalisation that drives customer advocacy must extend beyond the next best product offer to all customer experience dimensions that help consumers achieve their financial goals. However, the financial services industry has taken longer to harvest the potential of what the modern internet can and should be to support a personalised, intuitive customer experience. With the gift of hindsight, the transition to online banking looked to have been drawn out much longer than needed. So, does this need for personalisation and implementing IoT align with the amount of time it would take to set up?

Cyber security and fraud risk 

The need to move quickly has created heightened cybersecurity and fraud risks for financial services providers. The pandemic created well-documented opportunities for fraudulent access to Covid-19 loans, the full extent of which will only become apparent in time. Financial institutions hold highly sensitive customer data, making them a prime target for cybercrime. Failure to properly secure customer data can result in regulatory violations that can be expensive and extremely damaging to a firm’s reputation. Legacy systems employed by financial institutions may prove ineffective at securing against breaches, as threats evolve faster than legacy technology.  

Cyber accumulation risks are also present, where a single event has a widespread impact on thousands of businesses. Many people are sceptical when it comes to new technology, most particular in financial services when there is money involved. Even if IoT was proven to be the safest thing in the world against Cyber security threat, there would still be a number of people reluctant to get on board based on their own gut instinct. Once again, we draw a comparison to online banking.  

Channel shift 

Covid-19 drove a decade of channel shift in as little as 12 months. However, even before the pandemic, banks were grappling with the speed at which channel shifts were occurring. The shift is away from traditional proprietary channels, like bank branches, to third-party platforms where the bank may be just one participant or voice, such as Instagram or TikTok. Each new platform raises questions of whether it is potentially a bank channel, somewhere providers are obliged to maintain a presence and deliver a service, and if so, what are the related risks? What are the technology dependencies? Those banks that guess wrong or decide late risk alienating current or prospective customers.

Data compliance 

With increasing volumes of sensitive data held on customers, insurers face pressure from regulators to ensure this data is used and stored appropriately. The EU’s General Data Protection Regulation (GDPR) came into force in 2018. Companies that do not comply with the regulation can face fines of up to €20m ($22m) or 4% of the company’s annual global turnover, whichever is higher. Non-compliant businesses should not expect their insurance to cover the associated fine unless they are in Norway or Finland, the only countries where GDPR fines are insurable. Collecting and using big data is essential for creating and evolving policies, but the fines for non-compliance with GDPR are huge and would cripple most start-ups. They would also damage larger insurers due to the scale of the fine and the associated reputational damage. Data regulation has become increasingly important due to increased cybersecurity risks. IoT imposes new hurdles to jump to adhere to this compliance.

Financial inclusion 

The ability to offer affordable and accessible financial services to underserved populations has been a significant hurdle for decades. GlobalData estimates that the need for greater financial inclusion is an issue affecting more than 2 billion people worldwide. In rural and remote areas of developing countries, traditional banking infrastructure like physical branches and ATMs is scarce. Furthermore, low-income individuals often encounter obstacles such as insufficient income, inadequate documentation, and limited credit history, making it difficult for financial service companies to assess their creditworthiness and grant loans, account openings, or insurance policies.