Although we are in the early stages of such interconnected devices, known as the 'internet of things', if they can fully integrate with the cloud, big data, artificial intelligence and biometrics, we could see a new 'internet of payments', which will bring with it a whole host of legal and regulatory issues.
All around us, and increasingly with us, are devices that collect and transmit data, often with inbuilt sensors to detect whether predetermined thresholds have been met and prompt automatic actions. These devices join together to form the 'internet of things' (IoT) – a network of interconnected devices.
The IoT revolution
The IoT is growing at great pace. By 2025, there could be around 75 billion connected devices globally, according to research by Statista in November 2019. Most of those devices could incorporate payments functionality and the number that actually do will be limited only by the purpose of each device, rather than by the technical ability to include and support payments functionality.
We’re waiting for more innovation, but at the moment connected devices generally use exiting payment technology and infrastructure. For example. they could:
- link to a debit/credit card or e-wallet – tokenised card or wallet data could be generated and used by the device to initiate payments, much like payments are made from mobile phones and smart watches using Apple Pay or Google Pay; or
- link to a server – data could be sent to the supplier’s server, so that payment data is held there rather than on the device and the payment is initiated from the server. This is how Hewlett Packard’s printer ink refill service works. When the printer runs out of ink, it sends a signal to an HP server and the payment transaction is initiated by HP, using the customer’s payment information it already holds.
Secure payment capability for connected devices
Big players in the financial services market are starting to develop and refine solutions that allow device manufacturers to embed secure payments functionality into the build of connected devices.
The automotive industry in particular was quick to see the potential for the IoT in streamlining payments and has been producing connected vehicles for a number of years, with the worldwide automotive IoT market forecast to grow to 470 million connected devices in 2020, a 24% increase from 2019 (Gartner, August 2019).
Use cases for payments within the IoT will vary on a country/region basis, with innovations in smart metering for household utilities likely to see more uptake in the UK and the rest of Western Europe.
A question that we can’t yet answer is whether IoT payments will simply displace payments that would have been made in another way, or increase the volume and nature of payment transactions.
If I want to pay for a parking space, right now I would typically use a card at a card reader at the car park or make a payment through an app on my phone. Once my car becomes an IoT connected device, it might find me a parking space and initiate the payment for it, using tokenised card details. There is no new payment transaction, just a payment transaction initiated through a new medium.
On the other hand, new ways of making payments might lead to new payments. When my fridge orders milk for me, perhaps connecting to the server of a supermarket which stores my card details, this could lead to many smaller size payments than if the milk just formed part of my weekly shop with one overall payment. Or I could, for example, trigger micro-payments to an environmental charity each time I buy paper for my printer.
A new internet of payments
We are in the early stages of the IoT with the number of devices that can connect to the internet growing by the day. If it truly integrates with the cloud, big data, artificial intelligence and biometrics, we could see a whole new internet of payments. This will inevitably give rise to multiple legal and regulatory issues, such as intellectual property, contract, data protection and data security, payments regulation and consumer protection law.
We’re likely to have some of the same debates we had over the introduction of the internet, and then mobile payments, about whether the IoT requires new law/regulation or whether it just involves the application of existing principles to new scenarios. The answer is likely to the be same: there will be much that can be addressed by applying existing principles but there will be areas requiring development of the legal and regulatory framework to address new issues. We have yet to achieve technological neutrality in the law.