Tag Archives: best buy

How Basis for Buying Decisions Is Changing

Building a business around speed and convenience is nothing new. Fast food drive-thrus, cell phones and FedEx overnight delivery services were just some of the predecessors to today’s Ubers, apps and same-day Amazon orders. But in most of these cases, purchase decisions were based upon simple factors — “I’m hungry,” or “We need delivery of a legal document,” or “Of course it would be nice to be able to make a call from my car.”

There were other services for which people understood that immediacy wasn’t an option. Many financial decisions took time. If you wanted to earn a little extra interest by using a certificate of deposit instead of savings, you would have to wait months or years for maturity. Securing life insurance was a multi-week (sometimes multi-month) underwriting process. Applying for a home loan with multiple credit and background checks took time. For the most part, people accepted these elongated processes and delays with resigned and good-natured patience. This was life. Important decisions required time, not only in the preparation, but also in the education and execution. Two hours with a life insurance agent would allow you to learn about all of the products available and understand their complexity, and it would help the agent to fit products to your needs. You valued the time spent learning, understanding and choosing based on the trusted relationship with your agent.

The convergence of generational shifts and technological advancement created a new mindset that rewrote expectations and priorities for many. Patience is no longer always considered a virtue. Insurance relationships are no longer always valued. Time-crunched people seek time-saving services. Value is seen in immediacy, uniqueness and ease.

See also: Innovation: a Need for ‘Patient Urgency’  

Enter the new generation of insurance companies redefining the insurance engagement. Lemonade, TROV, Slice, Haven Life and others who are redefining speed and value to a new generation of buyers … are placing traditional, existing insurers on notice.  From purchasing a policy in less than 10 minutes to paying a claim in less than three seconds … speed and simplicity are the new competitive levers.

Out of necessity, this has changed an insurer’s view of competition. Insurers used to know their competitors. They understood their distinctive value propositions. They debated on what were the real product differentiators. Insurers understood the reach of their agents, their geographic limitations and the customer and agent loyalty they could count on because of their excellent service.

While all of these factors still guide insurance operations, the competitive landscape has shifted to different factors critical to acquiring and retaining customers. Insurers are feebly groping for just a tiny bit of space in consumer minds —enough to plant the seed of need and just a little more to water the plant into engagement and completing a transaction — because today’s consumer isn’t going to listen well enough to grasp distinctive details. He or she is looking for an easy and quick fit.

A 2015 study of Canadian consumers estimated that the average attention span had dropped to 8 seconds from 12 seconds in 2000, driven at least in part by consumers’ constant connections through digital devices.

Need. Purchase. Done. Happy.

A 2012 Pew survey of technology experts predicted what is now coming true, “the impact of networked living on today’s young will drive them to thirst for instant gratification, settle for quick choices and lack patience….trends are leading to a future in which most people are shallow consumers of information.”

Only five years later, insurers are feeling the impact.

A key reason many of the new, innovative companies are appealing to consumers and small and medium-sized businesses (SMBs) is because they simplify and remove some of the cognitive effort required to make decisions about insurance. In his book, Thinking, Fast and Slow, the Nobel Prize-winning behavioral economist Daniel Kahneman described human decision making and thinking as a two-part system. Greatly simplified, System 1 thinking produces quick (i.e. instantaneous and sub-conscious) reflexive, automatic decisions based on instinct and past experiences. These are “gut” reactions. System 2 thinking is slow, deliberate, reason-based and requires cognitive effort.

In general, most of the decisions we make each day are through System 1, which can be both good and bad; good because it increases the speed and efficiency of decision making, and because in most instances the outcomes are acceptable. However, not all outcomes are good, and many could have been improved had System 2 thinking been engaged. The problem with System 2 is that it takes effort, and humans naturally try to minimize effort.

See also: Insurtech: Unstoppable Momentum  

So, a traditionally complex industry is intersecting with a cognitive culture that is mentally trying to simplify, reduce effort and be more intuitive. This has consequences for decisions throughout the customer’s journey with an insurance company. Good decisions about complex issues like insurance should be based on System 2 thinking. However, during the research and buying processes, the cognitive effort to do so can lead many people to choose other paths like seeking shortcuts to in-depth research and analysis or delaying a decision altogether.

In a recent report, Future Trends 2017: The Shift Gains Momentum, Majesco examined how impatience is driving a shift in behavior that is causing insurers to look at the anatomy of decisions. What behaviors are relevant to purchase? To renewals? To service? How can insurers still provide risk protection to individuals who won’t take the time to learn about complex products? We’ve drawn some of these insights out of the report for consideration here.

For one thing, insurers clearly recognize that the trends affecting them are far broader and bigger than the insurance industry. Businesses and startups across all industries are capitalizing on the lucrative opportunity afforded by meeting the ever-increasing demands for speed and simplicity made possible by technology and re-imagined business processes. Amazon Prime, Netflix, Spotify, Uber/Lyft, ApplePay/Samsung Pay, Rocket Mortgage (Quicken Loans), Twitter, Instagram and other technology-based businesses represent contemporary offerings that have simplified the customer journey.

Retailers such as Walmart, Best Buy, Staples, Amazon and even eBay are testing same-day delivery for items ordered online. Simplifying a customer’s entire journey with a company by making it “easy to do business with” is more critical than ever for insurers.

What is the good news in the world of impatience? Insurers are quickly finding ways to counter the disparity between the need for speed and the need for good decisions. They are also using a bit of psychology to positively influence decisions, and they are buying back some brain space with techniques that both inform and engage.

In Part 2 of this series, we will look at these techniques as well as product adaptation, framework preparation and planning for transformation that will meet the demand for quick decisions. For more in-depth information on behavioral insurance impact, download the Future Trends 2017 report today.

Who Will Make the IoT Safe?

After reading about the “distributed denial of service” (DDOS) attack that shut down major sites across the internet in late October, it is amazing to me that, conceptually, my refrigerator could be used by evildoers to attack servers in the cloud. I miss the old birdcage refrigerator that we had in our basement.. but I sure like looking on the internet to see just how old the milk is when I am in the grocery store.

To my knowledge, this is the first such attack using internet-connected devices, or the Internet of Things (IoT).

One weakness to the Internet of Things is that (as we have attached more of our home devices to the internet), there was no one overriding body responsible for creating a minimum security level to limit access by the wrong people to our microwave ovens.

But if such a body is created, then it could be more difficult for small and creative companies to make anything. Another problem with a central body creating security levels is that it really would only increase manufacturing costs. And, knowing oversight bodies, I’m sure we would then be using outdated technology in all of the devices, without really making anything secure, My internet espresso maker could then cost $1,200 instead of $1,000 and still would make bad cappuccinos when I went on my phone from by bedroom and turned it on.

See also: Insurance and the Internet of Things  

Finance companies such as banks and credit card companies, medical organizations, the phone companies and computer companies have significant financial incentives to create secure devices. Yet they have had significant problems keeping their information and systems secure from the internet mischief makers.

(A quick digression: The U.S. government severely punishes private companies when there is a breach. Not only did their data go away, not only did their sales drop because of a reputation problem, not only did their customers sue them, but then, as a cherry on top, rather than helping the victim of the data breach the government fines them. Yes, I know the company should have been more diligent with the data, but…. Note that a hack of the IRS hack has cost the U.S. government more than $30 million in payments on fraudulent tax returns, and the IRS has yet to fine itself for the breach.)

Most of the people I know who have spent any time thinking about about purchasing self-driving automobiles have said they worry that hackers could take over their car (their underlying concern seems to be that it will then be driven into the San Francisco Bay, where they could not open the doors or roll down the windows to get out). There is (and should be) far more concern over the loss of control of a car than loss of control of a pizza oven, but to me it is all really part of the same problem.

So my first question was: “Is there a locus or specific place where we can plug in some type of security to help stop the mischief?”

Looking for insight, I charged down to Best Buy and asked one of the Geek Squad folks if there was such a place or way to limit outside access or control to my internet-connected electronic toothbrush? (I did come out of Best Buy with a brand new, three-year software internet security program for my new computer for only $49.95, discounted to $9.95 because I was going to look at the possibility of purchasing an internet-connected pet feeder)

The Geek Squad person said that the best opportunity for such security is the routers in homes, but, no, there is no Ronco device ($19.99 and… if you call in the next two minutes… you can have TWO Ronco internet security devices. He also said that, fortunately, my floss is still not internet-connected, so I would not have to worry about one of my teeth being yanked out by an evildoer from Nigeria who was trying to get that pesky $25 million out of the country….)

So here are some follow-up questions:

  1. Should there be an oversight body for all devices that will be responsible for creating a minimum standard for security for all of the internet-connected heating systems in the world? (The NSA will still want back-door access to all of the data from your garage opener.) If there is an oversight body, and it creates a minimum security program or level, will it be enough to keep the evildoers out of my kitchen? (I think not.)
  2. Who will go on Shark Tank with the next device (Ronco??) to help create some sort of security for all of the devices in your home? This seems like a great opportunity for someone.
  3. Perhaps it is the cable operators (those who supply the infrastructure of the connections) who should be held responsible for identifying viruses as they go across the cables and stop them. (That is where the NSA gets all of its data, anyway.)
  4. Will I ever be able to look at my internet Ronco coffee maker the same way and not wonder if it is actually a drone for a hacker in Uzbekistan? Will the hackers burn my pizza for me instead of me burning it? Or, worse, will they undercook things? Will a hacker drive my car (in two years, Uber’s car) off the Golden Gate Bridge? (And will I actually be in the car when he does?)
  5. Will the evildoers now open my garage door and take my Xmas stuff i have on the back wall? (There is really a serious question of personal security that will get larger as the bad guys find out how to easily get into businesses and buildings.)
  6. Will the government take over my sprinkler systems and stop me from wasting water? (In California, this is a serious issue, and the underlying question of how much will or can the federal state and local government eventually do with the Internet of Everything will be an interesting battleground for the next 15 years.)
  7. Who has the data, and where are all of the devices? Information is king (and queen) nowadays, and knowing where the devices are will allow the evildoers to attack the weakest links. I bet they first hacked the companies who sell the devices to find out where they are. (Should you sign up for a warranty if that information will result in telling the mischief makers where you are and how you are connected?)
  8. Just how safe is the cloud? The attack in October was a distributed denial of service attack, but can the evildoers use my internet-connected fireplace to hack the cloud?
  9. Will all of these security problems have anything to do with privacy issues? What if the miscreants leak my information to Wikileaks about the fact that I have peanut butter in the refrigerator?

As the saying goes: Inquiring minds want to know.

There is an amazing amount of mischief that can be created if we do not have secure devices.

See also: How the ‘Internet of Things’ Affects Strategic Planning  

Think about it… and perhaps unplug your internet-connected litter robot until you know it will only be used by your cat for its original purpose.

IoT Is Game Changer for Insurers

The Internet is now an integral part of our daily lives, and we would struggle to imagine life without it. However, to date, growth has largely been driven by access to content and by speed.

We are now moving into the new phase of growth where the everyday “things” around us will be connected to the Internet. This is the Internet of Things (IoT) – it will have a profound impact on our daily lives and change the way we interact with our environment. It will also have a big impact on how industries operate and relate with their customers. This is particularly true for insurance companies, where there is an opportunity to move from being passive and reacting to losses, to being proactive and helping prevent them.

In short, the IoT will be a game changer for insurers.

In the commercial sector, we are familiar with the benefits of connectivity in smart buildings. When we go to a hotel, door locks are controlled with smart cards, and there are links to lighting and air conditioning to save energy and improve security. Fire systems are networked to sprinklers. Indeed, I’m not sure I’d book a hotel that gave me a metal key. More significantly, most modern commercial buildings would struggle to get insurance coverage without new technology.

The IoT will bring this same level of intelligence to the home.

Standard devices such as light switches, thermostats and door locks are being networked. Smartphones allow us to monitor and control air conditioning, as well as access and monitor security and lighting, with alerts if there is a problem. The first wave of connected appliances is now starting to roll out. Just as with commercial buildings, “interoperability” will become standard in homes because it makes them safer, more energy-efficient and easier to manage.

The smart home is already going mainstream. Big-box stores like Lowe’s, Home Depot, Best Buy, Target and Sears have started to offer their own DIY smart home solutions. They are competing with the major service providers such as AT&T, Comcast, TWC and others that have developed their own consumer offerings. The entry of Apple, Google and Microsoft into the space with different consumer strategies is a clear sign that the market has arrived.

Many of these new entrants have recognized that data will be key to their future success in a connected world where devices will generate as much as we can handle and the ability to refine and exploit it will decide the winners and losers in many industries. This data is going to be particularly important to insurers, which have traditionally based their pricing on risk assessment. If a competitor has better data on which to base judgments, it will have the edge.

The IoT and access to data will reshape industry boundaries and create opportunities.

The IoT will allow insurance companies to move from the traditional passive role of underwriting risk to take a more active position by supplying smart home products and services. Other industries have already adopted this type of strategy. For example, the major cable companies and telcos now offer smart home products over the top of their broadband. These provide new revenue streams, leverage their core competencies, increase customer loyalty and provide a platform for growing new value-added services. Insurance companies could take a page out of the service providers’ playbook and offer their own solutions to realize similar benefits.

The IoT and smart home can give insurers a more direct relationship with the consumer through daily interaction using touch points in apps and messaging. Insurers could also become more competitive by adopting pricing strategies that include direct sourcing and bundling with policies. Contrast this to consumers’ traditional negative experience of bill paying on an annual or semi-annual basis for something they most likely didn’t use.

Consumers would see insurance companies as a logical source for products and services that protect people and their property. Smart home systems can be DIY, offering protection for security, fire and flood. Moreover, they bring new levels of protection with innovation. For example, low-cost leak detectors and temperature sensors can automatically shut off the water supply when triggered.

The IoT is a real growth opportunity, and any business can scale as new connected devices come along. This can be done by offering devices and sensors that improve in-home healthcare and appliances that can be remotely monitored to reduce warranty support costs. These products and value-added services can drive new revenue streams, improve customer retention and reinvent the way consumers perceive their insurance provider. More importantly, the IoT secures access to the data from the things in the home that would help insurance companies manage risk.

If there is a nervousness to step outside the traditional industry boundaries, the alternative is to forge new partnerships with the companies that are deploying smart home solutions.

These companies have access to the data that will help insurance companies manage risk. For example, Lowe’s has partnered with a number of leading insurance companies to trade data from the Iris smart home system. Clearly, data privacy is a major issue, so customers have to approve sharing. This can be achieved by offering a benefit on the policy, usually in the form of a discount.

Clearly, the IoT market is moving extremely fast, and it will challenge conventional wisdom. Just five years ago, the only connected device in home improvement retail was a smart door lock, and now there are hundreds – even dog bowls and toothbrush are becoming connected. If the IoT grows as predicted, every powered device will be IP addressable in the next 10 years. Ignoring this market is not a smart move.

While competing in the smart home space by offering consumers new products and services may seem daunting, the IoT will disrupt traditional industry boundaries, and attack is sometimes the best form of defense. Moreover, actively entering the market has the biggest upside. At a minimum, there is a need to find ways to partner to protect your position and get access to data to remain competitive. The leading insurance providers will be those that embrace the IoT and its impact.

Bizarro World: Where Buying Can Be Fun

In the Bizarro world of insurance, the product that people buy hoping they never use it is replaced with products that people buy via an interactive and engaging learning experience.

Last Wednesday, Google opened its first retail store in London: a pop-up store within a British electronics retailer, called Currys PC World. The Google shop lets people play, experiment and learn about all Google has to offer. In a sense, the store is an interactive billboard that places profits at the backseat and lures customers in via a promise to entertain.

This concept of “play over purchase” isn’t unique, and can be found in Apple’s and Samsung’s business models. In fact, only two years ago, Samsung looked to emulate Apple’s success in the U.S. by launching its own chain of mini-stores in partnership with Best Buy.

Surely there is some room for play, not just purchase, in our industry.

To get a better idea of how this would work in Bizarro insurance world, picture a retail destination with insurance geniuses standing by, ready and eager to engage customers in the insurance experience all the way from consulting on insurance products to simulating claim-handling and the latest telematics gadgets. These insurance geniuses will welcome consumers and listen to them, to better understand the right combination of products and features to offer. Later, the geniuses will point consumers to different stations, such as “Seriously Real,” sponsored by Cyberith, where consumers can enter the virtual world of operating drones for disaster support, or “Hot Quotes,” sponsored by Bolt, where consumers can obtain auto insurance quotes faster than Jimmy John’s delivery guy can make a sub.

The result will be a house of insurance brands that come together under one roof to clearly communicate the value of insurance for the sake of a branded customer experience. Yes, I’m referring to the two most overused words in this industry – customer experience – which until now were largely defined by an automatic renewal letter sent once a year or perhaps an unused, “downloaded and forgotten” app.

We should also draw on the underused word “ecosystem”: in this setting, defined as a network of carriers, vendors and insurance startups that collaborate to educate and engage around insurance products via a one-stop shop.

To be continued when we revisit the Bizarro world of insurance….

How Stolen Credit-Card Data Is Used

Reports of high-profile data breaches have been hard to miss over the past year. Most recently, it was a breach involving 56 million customers’ personal and credit card information at Home Depot.

This is just the latest volley in a wave of sophisticated electronic thefts including Target, Neiman Marcus, Michael’s, P.F. Chang’s and Supervalu. Much like in the other attacks, the suspected culprit in the Home Depot data breach is a type of malware called a RAM scraper that effectively steals card data while it’s briefly unencrypted at the point of sale (POS) to authorize a transaction.  Reports of this type of attack have become increasingly common in the months since the Target breach.

Whether the cause is a RAM scraper or an “older” threat like a physical skimmer placed directly on a POS machine used to swipe a credit or debit card, a phishing attack storing customers’ card information insecurely, the result is the same: Credit card data for millions of people winds up in the hands of criminals eager to sell it for profit. How does that process unfold? And how can you – or people you know – get sucked into it?

The Basic Process: The journey from initial credit card data theft to fraudulent use of that data to steal goods from other retailers involves multiple layers of transactions. The actual thief taking the card numbers from the victim business’ POS or database doesn’t use it him or herself.

First, a hacker – or a team of them – steals the credit card data electronically. Most of these schemes begin in Russia or other parts of Eastern Europe, and much of what you might call the “carding trade” is centered there.

Next, brokers (also referred to as “re-sellers”) buy the stolen card numbers and related information in bulk and trade them in online carding forums. A hacker may also sell the card data directly to keep more of the profits, though that’s riskier and more time-consuming than using a broker. These exchanges are found on the dark net (aka the dark web). That’s a part of the Internet you won’t find through Google, where all manner of illegal and unsavory things can take place. Online prices vary depending on:

  • The type of card,
  • Credit limit (if known),
  • How much additional data is available (CVV codes from the backs of cards and associated Zip codes make stolen cards more valuable),
  • The card owner’s geographic location (a fake card used in the vicinity of the legitimate card holder is less likely to raise suspicion), and
  • How recently the cards began appearing in the carding forums (which relates to the likelihood of card cancellation).

Prices for the individual cards have come down significantly in the past few years because of the sheer amount of records available, though brokers can still do quite well from bulk sales of card data. Despite being on the dark web, many of the brokers conduct themselves like regular online businesses and will provide replacements or the equivalent of store credit if cards purchased from them don’t work.

The people who buy the card data from the brokers are called “carders.” Once the carders have the stolen card data, there are at least two distinct variations on the scam:

1) Physical, in-store purchases using fake credit cards.

2) Stolen card numbers used to charge pre-paid credit cards that are, in turn, used to purchase store-specific gift cards (which are less suspicious than general gift cards). Purchases are made online.

Variant 1 (“Mystery Shopper”): This variation starts with carders printing up the fake credit cards for use in stores. Once they have the stolen card data, the equipment needed to make the fake cards isn’t that expensive. The carder then usually works with one or more recruiters to find people to use the fake cards (though a carder may do the recruiting himself). The enticement to get people to use the fake cards will generally be in the form of email spam and ads in Craigslist or similar sites offering easy money to be a “mystery shopper” or “secret shopper” as part of a “marketing study” or some other semi-plausible justification.

Not surprisingly, the items purchased tend to have high resale value. After the physical purchases are made, the “mystery shopper” can either send items to the recruiter/carder (generally via a secure drop site like a vacant office) or directly to someone who has “purchased” an item via an auction site in response to a posting from the recruiter/carder. If sent straight to the carder, she then auctions the items directly on eBay, Craigslist or an underground forum on the dark web.

The people who actually make the purchases with the fake cards may have no clue what they’re involved in (though sometimes they’re active participants in the scheme or simply low-level criminals looking to use the cards for themselves). They are effectively the “drug mules” of the credit card scam, taking the most risk and getting paid the least.

You’ve probably seen one step retailers take to try and stop in-person card fraud. On a counterfeit credit card, the numbers on the magnetic strip and the front of the card generally don’t match — it’s too expensive to create individual fakes. Some retailers have their personnel type in the last four digits on the physical card into the register after the card is swiped. If the numbers don’t match, the card is rejected as a fake.

Variant 2 (“Re-shipping”): Rather than making physical cards, in this variation carders use the stolen card data to purchase pre-paid credit cards that are then used to buy store-specific gift cards (Amazon, Best Buy, etc.). As with the “mystery shopper” scheme, recruiters typically use ads and spam emails to entice people, though this time it’s people (especially in the U.S.) seeing “work from home” promises. Sometimes, the recruiters will employ a more personalized approach, even going so far as to start a fake “relationship” with the intended target. Then — wait, there’s more — the gift cards are used to purchase items online, and those items are shipped to the people responding to the ads, spam or “relationship” overtures. That’s where the “work from home” angle comes in.

The people initially receiving the packages directly from an online retailer are called “re-shippers.” People in the U.S. are used because U.S.-based addresses raise fewer red flags with the retailers. Like the “mystery shoppers,” the re-shippers are the drug mules here (and they are sometimes referred to as  “money mules” or “shipping mules”). And, as with the “mystery shopper” scheme, re-shippers can either send items to the recruiter/carder or directly to someone who has “purchased” the item through an auction site.

While this may sound a little convoluted, the shell game-like nature of using one card to buy another and then another makes it more difficult for stores to catch onto this scheme before the purchase has already been made and shipped out.  After that, it’s generally too late.