March 4, 2020
Data Security to Be Found in the Cloud
by Gary Barnett
By handling payments in the cloud, insurance providers can dramatically reduce the amount and types of sensitive data they process or store.
As the insurance industry continues down the path toward digital transformation, it is being inundated with data being generated by many different connected devices and systems. Enterprise data is growing so rapidly that analysts at IDC predict the worldwide volume of data will increase ten-fold to 163 zettabytes by 2025.
With the rise in volume and accessibility of data, comes an increased risk of data breaches. In the first half of 2019 alone, nearly 4,000 data breaches occurred, resulting in more than 4 billion records being compromised. On top of these challenges, insurers are also subject to an ever-changing list of complex regulatory requirements and industry standards meant to strengthen data security and consumer privacy. From the EU’s General Data Protection Regulation (GDPR) to the Payment Card Industry Data Security Standard (PCI DSS), the New York Department of Financial Services’ (NYDFS) Cybersecurity Regulation to the Insurance Data Security Model Law, insurers face a complex regulatory landscape.
Strategically moving some core business functions to the cloud can provide insurers with many benefits that can address these challenges head-on, including increased data security, business flexibility and scalability, better ease of compliance and reduced infrastructure and capital expenditure costs.
The insurance industry has been hesitant about cloud adoption, due in part to the widespread use of legacy technologies, a desire for single-handed control of data and the nature of being a highly regulated industry. Yet, when done right, moving key systems and IT functions to the cloud can benefit insurance firms in spades. Innovations in the cloud can make it easier for organizations to not only comply with industry standards but also better safeguard customer data, all while providing a great customer experience.
How the Cloud Can Help
According to Gartner, expenditures toward cloud-based enterprise IT offerings are increasing at almost triple the rate of spending on more traditional, non-cloud solutions. The firm also found that more than $1.3 trillion in IT spending will be affected, directly or indirectly, by the shift to the cloud by 2022. This trend underscores the many benefits that organizations are reaping from the shift to the cloud.
To realize these benefits, insurance organizations must start joining the pack and look to migrate key parts of their business and IT infrastructure to the cloud. For example, providers can strengthen data security and ease compliance with PCI DSS by moving their payments systems to the cloud. Because insurers process and store tremendous amounts of sensitive consumer data and personally identifiable information (PII) – like Social Security numbers, bank account numbers, dates of birth and payment card numbers – insurers are prime targets for hackers. Traditionally, when a customer calls an insurer to make a payment, the customer speaks with a service representative and reads payment card details aloud over the phone. Likewise, if the customer uses the website to make a payment, sensitive payment card information is collected via a web form or e-commerce platform integrated into the insurance company’s computer network. In both scenarios, as soon as the sensitive data enters the organization’s network infrastructure, the insurer is responsible – both from a compliance perspective and in terms of customer expectations – for protecting that data. By making the shift to a secure, cloud-based payments processing solution, organizations can keep sensitive payment card data out of their infrastructure completely, thus reducing the risk of a data breach and minimizing the scope of compliance for numerous regulations.
See also: The Cloud Concept That Many Miss
How Cloud-Hosted Payments Solutions Can Strengthen Data Security
Let’s say a customer chooses to call an insurer to make a payment. Cloud-based, dual-tone multi-frequency (DTMF) masking solutions, for example, allow callers to give their payment card data securely over the phone. The customer simply enters the card number directly into the telephone keypad. The DTMF tones of the telephone keypad are replaced with flat tones, making them indecipherable to an agent on the line or to a nefarious eavesdropper. Alternatively, the agent could send an SMS text message with a secure payment hyperlink to the caller’s mobile phone. The caller simply clicks on the hyperlink and enters payment information. In either scenario, the agent is able to stay on the line in full voice communication with the customer for the duration of the transaction, helping to troubleshoot, if necessary, and providing a frictionless and secure customer experience. Because a cloud-based payments solution sits between the telephony carrier and the contact center’s network, the payment card data is encrypted and securely routed directly to the payment service provider (PSP) for processing – keeping the sensitive data out of the organization’s network infrastructure completely.
Likewise, if a customer uses the insurer’s website to make a payment, cloud-based digital payments solutions can make the transaction more secure and provide a better customer experience, all while streamlining regulatory compliance. Say a customer is interacting with a customer service representative via web chat. When the customer wants to make a payment, the agent can send a secure payment hyperlink to the customer right in the chat window. The customer clicks on the link and is presented with a secure web form, where the customer can enter payment card information. Again, the sensitive payment data is routed directly to the PSP and never enters the insurer’s network.
In all the scenarios described above, both the insurance provider and the payment channel (telephone, SMS, the webchat solution, etc.) are kept out of the scope of compliance for GDPR, PCI DSS and other regulations. At the same time, these cloud-based digital payments technologies can relay real-time progress updates that inform the agent when the link has been opened, when payment information has been collected and whether the payment was approved by the PSP, providing the business with powerful insights into the status and success of collected payments.
By handling payments in the cloud, insurance providers can dramatically reduce the amount and types of sensitive data they process or store – making themselves less of a target for hackers and reducing the scope of compliance for numerous industry standards and regulations. Moreover, by moving their payments to the cloud, organizations can reduce costs by eliminating the capital expenditure related to hardware, and enable greater productivity across their IT teams by offloading the task of maintenance and updates to third-party service providers.
Additional Benefits of Moving to the Cloud
Cloud-based technologies offer unmatched flexibility, scalability and nimbleness compared with traditional, on-premises IT solutions. Here are just a few benefits of adopting a cloud-based solutions:
- Greater Resiliency and Reliability – because many cloud solutions are able to accommodate thousands of customers at once, these platforms offer a greater level of reliability at a lower cost than insurers could typically afford independently.
- Geo-redundancy – cloud-based payments solution providers have geo-redundant data centers, resulting in an additional level of backup in the rare case that the main payments system fails – a necessity for companies to consistently and reliably ensure customer satisfaction.
- Scalability – cloud solutions enable organizations to quickly and easily scale up on-demand, without requiring additional investment in on-premises hardware.
- Cost Control – tightly tied to flexible scaling options, cloud payments solutions often result in better cost control and allow organizations to take advantage of economies of scale, compared with investing in on-premises infrastructure. This ability to save on up-front hardware costs is especially important for fast-growing businesses.
- Less Equipment – depending on the deployment option, firms can migrate their payments systems to the cloud and have little to no equipment to maintain, allowing their IT and infrastructure teams to focus on more strategic projects.
- Quick and Easy Implementation – cloud implementations are typically faster and less complex to get up and running than on-premises deployment models.
- Easier Software Updates and Bug Fixes – because cloud payments solutions are most often managed by service providers, insurance companies can relieve themselves of the burden of having to manually update software and patch bugs.
Security Comes First – Cloud or No Cloud
While the insurance industry has traditionally been hesitant to migrate important functions such as IT or payments systems to the cloud due to security concerns, it is important to remember that the challenge is not in the security of the cloud itself. In most cases, data breaches are the result of a user – not the cloud provider – that has failed to follow or enforce appropriate security policies and controls. As long as the organization enacts proper security policies and trains its employees on the importance of following them, it should have no worries about cloud solutions adding security risks.
That said, security should always be a top priority for companies, whether they are using on-premises or cloud-based solutions. It’s important to carefully select a provider that adheres to the highest security and compliance standards. When choosing among cloud-based payments solution providers, make sure they have achieved industry-accepted certifications like ISO 27001, PA DSS and PCI DSS Level 1 certification. (Here is a helpful guide that explains the different PCI compliance levels).
See also: Why the Cloud Makes It All Happen
As insurance organizations struggle to keep pace with an increasingly dynamic business landscape, a deluge of sensitive customer data and ever-more-complex regulatory requirements, they will find that migrating their critical systems and functions to the cloud will provide the nimbleness and flexibility they need to remain competitive. Cloud payments solutions can help optimize costs and provide scalability, while enabling stronger security, easier compliance and a superior customer experience.