The card reader on the fuel pump, toll tag on the windshield and apps to pay for parking or an electric vehicle charge may soon go the way of the credit card imprinter.
Outfitted with the necessary sensors, software and communicative hardware, connected vehicles could soon function as rolling wallets, streamlining many of the simple but nagging payments that add “friction” to the car-owning experience, said Peter Virk, vice president of product and ecosystem for Ivy, BlackBerry Ltd.’s connected-vehicle platform.
Like tap functionality for credit cards and contactless payments via smartphones, “when something works and it becomes sticky, then it’s hard to live without,” Virk said.
But there’s a hitch. Vehicles sending signals to authorize fuel pumps or automatically pay for parking would save drivers time, but cybersecurity experts warn that vehicle-based mobile wallets come with their own set of risks.
While convenient for consumers, automakers and service providers need to take stock of the cybersecurity vulnerabilities as vehicle-based wallets are given greater latitude to make payments, said Mitra Mirhassani, co-director of the Shield Automotive Cybersecurity Centre of Excellence at the University of Windsor in Ontario.
“I would prefer not to have a car that is connected to anything,” she said, “but it’s a trend in the market. You sometimes don’t have any way around it.”
Vehicle-based payments are an emerging area, and many in the auto sector are still working through the basics, said AJ Khan, CEO of automotive cybersecurity company Vehiqilla Inc.
Early steps include establishing how sensitive payment information is stored, whether payments will be made through the vehicle itself or smartphone apps, and how potential breaches will be handled, Khan said.
Real-time monitoring is needed, he said, because unlike with a lost credit card, mobile wallet users may not know they have been compromised.
“If your vehicle and your third-party apps are being monitored for any such thing, then you’ll be notified,” he said. “Attention is the first part toward prevention.”Ford Motor Co. launched an app-based mobile wallet known as FordPay in 2016. But the company now says it was a proof of concept and it never followed up. It can’t be used for third-party purchases now.
Some EV makers have adopted the Plug & Charge system. The system has software operating in the background that authorizes an EV at a charging station to identify itself to the network and provide a payment mechanism.
BlackBerry, meantime, is ramping up work on Ivy. The Waterloo, Ontario, tech company is collaborating with several unidentified automakers and Tier 1 parts suppliers to integrate Ivy into next-generation vehicles.
Vehicle-based payments are just one part of the cloud-based Ivy platform, undergoing co-development by BlackBerry and Amazon Web Services. The platform processes data transmitted by vehicle sensors and connects it with independent product or service providers running on the Ivy “ecosystem.”
Financial technology company CarIQ Inc. is working with BlackBerry to enable vehicles to autonomously pay for fuel, tolls and parking, among other expenses. When run through Ivy, the solution creates a “digital fingerprint” allowing vehicles to connect to banking networks, validate spending and make payments.
Topping off the fuel tank is one example. Instead of a driver manually punching in a credit card PIN at the pump, authentication on Ivy is carried out by vehicle sensors, Virk said.
Constantly self-aware, the vehicle will know it has pulled into a filling station, sense how much fuel it needs and track who is driving.
With the driver authenticated via cameras and other parameters met, the vehicle can authorize the pump, Virk said.
“What we want to do with Ivy is use all the data touch points in the vehicle to help join these together so it becomes easier to make a payment,” Virk said. “But it has traceability … so we can ultimately reduce fraud.”
Mirhassani, however, is skeptical that automakers and parts suppliers are prepared. The expert in hardware security said the sector needs to enhance its cybersecurity protocols for all parts going into North American vehicles.
Until automakers and parts suppliers take the proper steps, she said, “none of the hardware is safe.”