Tech-savvy users are striving to bring automation and digitization in their lifestyle to make life more comfortable and efficient; Internet of Things (IoT) is an enabler in this direction. Technology advancements and new business opportunities are rapidly changing the IoT adoption landscape, and thereby security and privacy concerns have also started raising and realizing. The increasing number of IP enabled electronic devices, enormous data generation, and communication traffic have enhanced the attack surface for security and privacy violators. Many security attack scenarios are the result of poor identification and authentication mechanisms of communicating entities. In this paper, we present a secure scheme to perform a business transaction initiated by a smart device in the IoT environment. Scheme performs dynamic authentication of a business transaction while ensuring the privacy of the associated user(s). This scheme relies on Message Authentication Code (MAC) and dynamic key generation method to achieve a secure workflow. In this paper, we present a pluggable Roaming Smart Meters (RSM) concept to demonstrate the applicability of the proposed authentication scheme.