Tag Archives: biometrics

Disruption of Rate-Modeling Process

How emerging technologies may transform insurance rate modeling

Insurance rate modeling for mass-market consumer products such as P&C, health and life relies heavily on macro risk factors, the “law of large numbers” and building pools of risk. Broadly speaking, outside of specialized lines, relatively little customer-specific data is used in developing rates. Incentives, such as “safe behavior” discounts, are used primarily to encourage good behavior and to help ensure that low-risk prospects do not feel unfairly represented by their premiums. A practical reason for limiting the process to mostly high-level analysis is that large volumes of data are both hard to collect and to analyze on a discrete level. But emerging technologies are starting to remove some of these limitations, potentially creating ways to optimize risk portfolios in consumer-oriented insurance products.

I have written several articles now talking about the potential for the Internet of Things (IoT) in loss prevention and claims facilitation. While much of my focus has been on technologies related to smart homes, arguably more progress has been made in auto telematics and wearables. Data on driving behaviors and personal biometrics of an extraordinary number of people are now being tracked in real time. These data sets may be used to do more than determine the fastest route to work or calculate the remaining target steps you need to take in a day – the data may be a treasure trove of environmental and behavioral information for insurers. Similarly, smart home devices such as connected smoke alarms and leak sensors, along with home security systems, wireless door locks, etc. are beginning to paint a picture of the risk profile in the home at a level never seen before.

But the technology advancements do not stop at the increase in data availability; much of the emerging opportunity has to do with new computing models and “the cloud.” Not long ago, the resources needed to model to an individual rating outweighed the value. But we are now in a world where additional computing resources can be launched with the simple click of a button and disparate databases can easily be joined together for comparison. In other words, the discrete data now exists, and the computing power needed to analyze on an individual level is finally within reach.

See also: How Tech Is Eating the Insurance World  

Tiptoeing in

Recognizing that technology may enable improvement on both sides of the risk pool by potentially better identifying both low- and high-risk candidates, insurers are beginning to evaluate options to model risk on a more discrete level. This enhanced lens on data may be one of the most interesting opportunities in the insurance market to-date. The availability of this data, and the associated computing power to process it, is arguably one of the core pillars of the insurtech revolution – but this discussion is for another article. In the meantime, we are seeing early tests toward enhanced data sets in four key markets: health, life, auto and home.

1) Health and Life – Early tests around wearables conducted by major health and life players seemed more to be assessments around consumer comfort with insurers potentially getting a peak into your lifestyle. For example, there have been several examples of fitness trackers given away as affinity products to members of a plan. Initially, there was broad skepticism that consumers would have interest, recognizing that insurers were testing the waters around one-day having access to more detailed lifestyle data. However, early sentiment proved positive, and the market is now seeing the use of individual diagnostic data expanding in the role of premium calculations. Automated collection of this data is not hard to imagine.

2) Auto – Many auto insurers are exploring real-time driving data analysis along with innovative safe driver rates through OBD data collection – with some starting to require it for certain program participation. Consumers, eager to lower their insurance costs, seem to be more than willing to share how fast they drive or how hard they turn when less expensive rates are in play.

3) Home – It’s easy to see how early wins in health, life and auto may translate into the homeowners market. Already, new smart home rates are entering the market, and in these cases smart home products may “self-verify” their presence, removing doubt of whether a customer truly has safety devices installed in the home. As various IoT devices in the home begin to communicate with one another, the insurer has lots of new data that can be used to adjust risk down to a specific premise.

A Virtuous Circle?

In today’s world of rating, there is an imbalance of information that puts insurers at a disadvantage with insureds. Insureds must represent the value of their property, the current state of the property, the cause of loss when it happens, etc. Generally forced to assume that all statements are true, insurers must price uncertainty into the risk. But moving toward greater data transparency may very well be a win-win for both the insurer and the insured. Low-risk customers may be offered rates more in line with their risk profile. High-risk customers may receive higher premiums, but they may also have clear visibility into the factors affecting their rates and potential corrective actions. Insurers may have less volatility in their portfolio with a better understanding of where the losses may occur. Perhaps this increased data availability will result in lower rates for insureds at maintained or even improved margins for insurers.

But how does the overall market respond with more symmetrical information and greater transparency? More importantly, how do consumers respond when they realize the insurer now knows more specific details about them? What if the rating bar moved from basic personal information, like credit score and claims history, to allowing consumers to opt in for very granular inputs such as: how many steps you took today; whether you sped to work; whether you activated your alarm system before leaving your home? Putting aside the regulatory restrictions, the privacy concerns and the general creepiness of this concept, would consumers be willing to give insurers this very personal data in return for big discounts? If “yes,” would it further ensure good behavior of those that did opt in? Could a “positive self-selection” of sorts start to occur?

In consideration of these potential impacts, there are three economic phenomena that insurers model into rates that may be affected:

1) Adverse selection – People who most need insurance are most likely to buy it, and people less likely to have loss will opt out – e.g., older folks may opt for more health insurance, or safer drivers may choose less coverage than their daredevil counterparts. The bias of high-risk consumers to buy coverage over low-risk consumers results in higher loss ratios and raises premiums of those who participate. But if rates were lowered by removing the risk padding, would lower-risk customers be motivated to participate? Would the risk/reward ratio reach a point where self-insurers feel like the better bet is to participate with the marketplace?

2) Morale hazard – There is risk that insurers bear that insureds, knowing that they have insurance, will be lazy about protecting their belongings. Why lock your doors if insurance would cover a theft? But when behaviors can be monitored, do consumers act differently? Would “safe” people open up data on their personal lives in return for discounts? Perhaps let the insurer know how many nights a week the alarm is armed or the doors are locked for a lowest-rate option?

3) Moral hazard – This phenomena is when insureds take on riskier behavior when coverage is obtained. In other words, a driver who chooses to increase coverage then goes on to take greater driving risks, again, rationalizing the change in behavior as they are “paying for coverage.” Again it’s worth contemplating if behaviors would change by exposing behavioral data.

See also: Embrace Tech Before It Replaces You  

Arguably, through increased transparency, a virtuous circle may be created where better information leads to lower rates. Lower rates drive lower-risk candidates into the market; as more lower-risk candidate participate, losses are lessened, which further drives down rates. Additionally, the lowest-risk candidates are the most likely to participate in high-transparency markets, compounding the loss reduction and further driving down rates. Even better, bad actors who know they may not be able to change their behaviors may opt out.

I recognize I am ignoring huge hurdles for this type of transparency: regulatory constraints, privacy issues, consumer interest, etc., but I do feel strongly that early entrants into these types of products may see very interesting results. Basically, better information becomes the great equalizer…

Conclusion

New, high-resolution data sets along with the computing power needed to make them useful are finally here. While having this added information doesn’t necessarily serve as the silver bullet to perfect rate modeling, it certainly offers insurers an opportunity to refine their analysis and reduce the guesswork. Obviously, the effort to operationalize these new data sets may be significant, and, as noted above, there are certainly consumer and regulatory concerns as this highly personal data is used, but the potential is certainly compelling to consider. At the least, now is the time to start considering where these data sets would be useful as the industry contemplates a move toward highly individualized risk opportunities.

Workplace Wearables: New Use of Big Data

Wearables continue to be the hottest topic in smart technology, because of gadgets like Fitbits, Apple Watches and Nike Fuelbands. But what about a wearable that uses big data to revolutionize workplace safety? In a world where almost 1,000 workers don’t come home each day due to workplace injury, understanding how workplace incidents happen and taking steps to prevent future injuries should be a company’s top priority. Insurers want to provide the most efficient workers’ compensations and P/C policies, and now they can from the data and machine learning of wearables.

Wearables are providing efficiencies in gathering data that can then be processed to provide insights for workplace injury trends. Automated collection of individualized worker safety data at scale is far more efficient than the traditional observation techniques used by safety experts to collect risk data. Wearables don’t require employees to log information or have their cell phone constantly handy, and they offer a seamless information transfer between users, especially important in industries with high employee turnover rates.

At MākuSafe, we’re developing a wearable solution that collects and tracks environmental data, which is processed through MākuSmart, our cloud-based machine learning platform, to help manufacturing facilities build a culture of safety.

See also: Workplace Wearables — Now What?  

So, we understand that wearables are essential for the safety management of an organization. But wearables can provide data just as valuable to insurance carriers. Manufacturing companies and warehouses across the world are losing time and money on avoidable safety hazards and compensation. Data from workplace wearables creates remediation steps to help streamline reducing worksite risk and allow carriers to generate tailored advice for policies and more efficiently justify premiums.

IoT capabilities fill this picture in even further, with the ability to alert safety managers to potential risks or even take automated steps to help mitigate risks based on identified trends. With insurance companies often only having limited visibility into the risks policy holders’ workers are experiencing, IoT devices give risk reduction professionals the eyes and ears they need to understand what environmental conditions could be contributing to worker hazards. That means quicker intervention when data shows leading indicators of risk are present, instead of waiting for an injury or claim.

Armed with this more complete picture of workplace risk, thanks to more accurate and precise trend data, insurance carriers can target, select and price risk more specifically for policyholders and accelerate time to value on policies. The individualized view of risk permits safety and risk mitigation experts to precisely prescribe remediation steps that are specific to worker risks and better measure the remediation efficacy.

None of this data is biometric—rather, workplace wearables like the one from MākuSafe track the environment around an employee, not from the employee. It is intended to generate a 360-degree view of a worker’s risk exposure. Through data analytics and machine learning, wearables can transform from an informative personal health-monitoring device to an essential workplace data tool, without invading employee privacy.

See also: The Case for Connected Wearables  

The predictive value of individualized workplace safety data can clearly expose risks before they turn into an injury. With this in mind, insurance companies should be looking for companies like MākuSafe to provide solutions for their manufacturing clients, while warehouses and manufacturing companies should be jumping at the chance to test these money/time/life-saving devices. By building a strong partnership between data-driven intelligence, workers and the resources that can be deployed by insurance companies and other safety providers, workplace risks can be reduced and, ultimately, more workers will make it home safely to their friends and families each day.

It’s Time to Accelerate Digital Change

For global insurers, digital transformation and disruptive innovation have gone from being vague futuristic concepts to immediate action items on senior leaders’ strategic agendas. New competitive threats, continuing cost pressures, aging technology, increasing regulatory requirements and generally lackluster financial performance are among the forces that demand significant change and entirely new business models.

Other external developments — the steady progress toward driverless cars, the rapid emergence of the Internet of Things (IoT) and profound demographic shifts — are placing further pressure on insurers. A common fear is that new market entrants will do to insurance what Uber has done to ride hailing, Amazon has done to retail and robo advisers are doing to investment and wealth management.

Yes, “digital transformation” has become an overused term beloved by industry analysts, consultants and pundits in the business press. Yes, it can mean different things to different companies. However, nearly every insurer on the planet — no matter its size, structure or particular circumstances — should undertake digital transformation immediately. This is true because of ever-rising consumer expectations and the insurance sector’s lagging position in terms of embracing digital.

The good news is that many early adopters and fast followers have already demonstrated the potential to generate value by embedding digital capabilities deeply and directly into their business models. Even successful pilot programs have been of limited scope. By addressing narrowly defined problems or one specific part of the business, they have delivered limited value. Formidable cultural barriers also remain; most insurers are simply not accustomed or equipped to move at the speed of digital. Similarly, few, if any, insurers have the talent or workforce they need to thrive in the industry’s next era.

Because the value proposition for digital transformation programs reaches every dimension of the business, it can drive breakthrough performance both internally (through increased efficiency and process automation) and externally (through increased speed to market and richer consumer and agent experiences). Therefore, insurers must move boldly to devise enterprise-scale digital strategies (even if they are composed of many linked functional processes and applications) and “industrialize” their digital capabilities — that is, deploy them at scale across the business.

This paper will explore a range of specific use cases that can produce the breakthrough performance gains and ROI insurers need.

From core transformation to digital transformation

Recognizing the need to innovate and the limitations of existing technology, many insurers undertook core transformation programs. These investments were meant to help insurers set foot in the digital age, yet represented a very first step or foundation so insurers could use basic digital communications, paperless documents, online data entry, mobile apps and the like. These were necessary steps, as the latest EY insurance consumer research shows that more than 80% of customers are willing to use digital and remote contact channels (including web chat, email, mobile apps, video or phone) in place of interacting with insurers via agents or brokers.

More advanced technologies, which can enable major efficiency gains and cost improvements for basic service tasks, also require stronger and more flexible core systems. Chatbot technology, for instance, can deliver considerable value in stand-alone deployments (i.e., without being fully integrated with core claims platforms). However, the full ROI cannot be achieved without integration.

For many insurers, core transformation programs are still underway, even as insurers recognize a need to do more. Linking digital transformation programs to core transformation can help insurers use resources more effectively and strengthen the business case. Waiting for core transformation programs to be completed and then taking up the digital transformation would likely result in many missed performance improvement and innovation opportunities, as well as higher implementation costs.

One key challenge is the industry’s lack of standardized methodologies and metrics to assess digital maturity. With unclear visibility, insurance leaders will have a difficult time knowing where to prioritize investments or recognizing the most compelling parts of the business case for digital transformation.

But, because digital transformation is a long journey, most insurers are best served by a phased or progressive approach. This is not to suggest that culturally risk-averse insurers be even more cautious. Rather, it is to acknowledge that complete digital transformation at one go can’t be managed; there are simply too many contingencies, dependencies and risks that must be accounted for.

See also: The Key to Digital Innovation Success  

Insurers must be focused and bold within their progressive approach to digital transformation, as it is the way to generate quick wins and create near-term value that can be invested in the next steps. Each step along the digital maturity curve enables future gains. Rather than waiting to be disrupted, truly digital insurers move boldly, testing and learning in pursuit of innovation and redesigning operations, engaging customers in new ways and seeking out new partners.

Digital transformation across the insurance value chain: a path to maturity and value creation

Digital transformation delivers tangible and intangible value across the insurance value chain, with specific benefits in six key areas:

It’s important to emphasize speed and agility as essential attributes of the digital insurer. Even the most innovative firms must move quickly if they are to fully capitalize on their innovations — a concept that applies across the entire value chain. The idea is to launch microservices faster and embrace modernized technology where possible. For instance, deploying cloud infrastructures will enable some parts of the business to scale up and scale down faster, without disrupting other parts of the business with “big dig” implementations.

The dependencies and limitations of legacy technology are also worth reiterating. Insurers that can integrate process innovations and new tools with existing systems — and do so efficiently and without introducing operational risk — will gain a sustainable competitive advantage.

The following digital transformation scorecards reflect how the benefits apply to different technologies and initiatives.

Omni-channel

Today’s consumers are naturally omni-channel, researching products online, recommending and talking about them with friends and contacts on social media and then buying them via mobile apps or at brick-and-mortar retail locations. Basically, they want a wide range of options — text, email, web chat, phone and sometimes in-person. A better omni-channel environment may also enable insurers to place new products in front of potential customers sooner and more directly than in the past.

Insurers must look beyond merely supporting multiple channels and find the means to allow customers to move seamlessly between channels, or even within channels (such as when they move from chatting with a bot to chatting with a human agent). It is difficult to overstate how challenging it is to create the capabilities (both technological and organizational) to recognize customers and what they are seeking to do, without forcing them to re-enter their passwords or repeat their questions.

There are many other subtleties to master, including context. For example, a customer trying to connect via social media to voice concerns is not likely to respond well to a default ad or up-sell offering. Omni-channel is increasingly a baseline capability that insurers must establish to achieve digital maturity.

Big data analytics

The application of advanced analytical techniques to large and ever-expanding data sets is also foundational for digital insurers. For instance, predictive analytics can identify suitable products for customers in particular regions and demographic cohorts that go far beyond the rudimentary cross-selling and up-selling approaches used by many insurers. Big data analytics also hold the key for creating personalized user experiences.

Analytics that “listen” to customer inputs and recognize patterns can identify opportunities for new products that can be launched quickly to seize market openings. Deep analysis of the customer base may make clear which distribution channels (including individual agents and brokers) are the best fit for certain types of leads, leading to increased sales productivity.

The back-office value proposition for big data analytics can also be built on superior recognition of fraudulent claims, which are estimated to be around 10% of all submitted claims, with an impact of approximately $40 billion in the U.S. alone. Reducing that number is an example of how digital transformation efforts can be self-funding. Plus, the analytics capabilities established in anti-fraud units can be extended into other areas of the business.

Big data is also reshaping the risk and compliance space in important ways. As insurers move toward more precise risk evaluations (including the use of data from social channels), they must also be cognizant of shifting regulations regarding data security and consumer privacy. It won’t be easy ground to navigate.

Internet of Things (IoT)

The onset of smart homes gives insurers a unique opportunity to adopt more advanced and effective risk mitigation techniques. For instance, intelligent sensors can monitor the flow of water running through pipes to protect against losses caused by a broken water pipe. Similar technology can be used to monitor for fire or flood conditions or break-ins at both private homes and commercial properties.

The IoT clearly illustrates the new competitive fronts and partnership opportunities for insurers; leading technology and consumer electronics providers have a head start in engaging consumers via smart appliances and thermostats. Consumers, therefore, may not wish to share the same or additional data with their insurers. Insurers may also be confronted by the data capture and management challenges related to IoT and other connected devices.

Telematics

Sometimes grouped with IoT, data from sensors and telematics devices have applications across the full range of insurance lines:

  • Real-time driver behavior data for automotive insurance
  • Smart appliances — including thermostats and security alarms — within homeowners insurance
  • Fitness trackers for life and health insurance
  • Warehouse monitors and fleet management in commercial insurance

The data streams from these devices are invaluable for more precise underwriting and more responsive claims management, as well as product innovation. Telematics data provides the foundation for usage-based insurance (UBI), which is sometimes called “pay-as-you-drive” or “pay-as-you-live.” Premium pricing could be based on actual usage and driving habits, with discounts linked to miles driven, slow or moderate speeds and safe braking patterns, for instance.

Consider, too, how in-vehicle devices enable a fully automated claims process:

  • Telematics data registers an automobile accident and automatically triggers a first notice of loss (FNOL) entry.
  • Claims information is updated through text-based interactions with drivers or fleet managers.
  • Claimants could be offered the opportunity to close claims in 60 minutes or less.

Such data could also be used to combat claims fraud, with analysis of the links between severity of the medical condition and the impact of the accident. Some insurers are already realizing the benefits of safe driving discounts and more effective fraud prevention. These telematics-driven processes will likely become standard operating procedure for all insurers in the near future.

Voice biometrics and analysis

Audio and voice data may be the most unstructured data of all, but it too offers considerable potential value to those insurers that can learn to harness it. A first step is to use voice biometrics to identify customers when they call into contact centers, saving customers the inconvenience of entering policy numbers and passwords, information that may not be readily at hand.

Other insurers seeking to better understand their customers may convert analog voice data from call center interactions into digital formats that can be scanned and analyzed to identify customer emotions and adjust service delivery or renewal and cross-selling offers accordingly. The manual quality control process checks for less than 1% of the recordings, which is insufficient. Through automation, the entire recording can be assessed to identify improvement areas.

See also: 4 Rules for Digital Transformation  

Drones and satellites

Early-adopting insurers are already using drones and satellites to handle critical tasks in underwriting and claims. In commercial insurance, for instance, drones can conduct site inspections, capturing thermal imagery of facilities or work sites. Their reviews can be as specific as looking for roof cracks, old or damaged boilers and other physical plan defects that can pose claims risks.

Within homeowners lines, satellites can capture data to analyze roofs, chimneys and surrounding terrain so that insurers can determine which homeowner they want to add to underwrite, as well as calculate competitive and profitable premiums. When linked to digital communications tools, drone and satellite data can even trigger notifications to customers of new price options or policy adjustments.

Within claims, drones and satellites can handle many tasks previously handled by human adjustors across all lines of business. Such remote assessments can reduce claims processing time by a considerable degree. This method is particularly effective in situations such as after floods, fires and natural disasters, where direct assessment is not possible.

While many transformation programs that use drones and satellites remain in the experimental stages due to operational challenges, it is possible that they can improve the efficiency and accuracy of underwriting and claims information gathering by 40%.

Blockchain

Blockchain provides a foundation for entirely new business models and product offerings, such as peer-to-peer insurance, thanks to its ability to provide virtual assistance for quoting, claims handling and other tasks. It also provides a new level of information transparency, accuracy and currency, with easier access for all parties and stakeholders in an insurance contract. With higher levels of autonomy and attribution, blockchain’s architectural properties provide a strong digital foundation to drive use of mobile-to-mobile transactions and swifter, secure payment models, improved data transparency and reduced risk of duplication or exposure management.

Insurance companies are interested in converting selected policies from an existing book to a peer-to-peer market. A blockchain network is developed as a mechanism for integrating this peer-to-peer market with a distributed transaction ledger, transparent auditability and “smart” executable policy.

E-aggregators are another emerging business model that is likely to gain traction, because it is appealing to both insurers and the customers. Insurers can offer better pricing due to reduced commissions compared with a traditional agent-based distribution model, while customers gain freedom to compare different policies based on better information. Of course, e-aggregators (whether fully independent or built through an existing technology platform) will require a sophisticated and robust digital platform for gathering information from different insurance companies to present it to consumers in the context of a clear, intuitive experience. It is also important for insurance companies to transfer information to e-aggregators rapidly; otherwise, there is the risk they will miss out on sales opportunities. This is why blockchain is the right technology for connecting e-aggregators and insurers.

To see the full report from EY, click here.

Is It Time to Buy a Biometric Scanner?

Identity theft is still out there, keeping pace with the latest innovations and security measures and snaring new victims every day. With the advent of cheaper, standalone, easy-to-integrate biometric technology for authentication, is it time to buy a fingerprint scanner?

What’s a biometric scanner?

Biometric technology uses physical or biological information, like a fingerprint, retinal scan or heartbeat, to authenticate a person’s identity. You can currently purchase the most commonplace biometric scanner—that is, one that uses a fingerprint—starting at around $50. The scanner can be used to protect computers and other devices that support biometric scanning technology.

Do biometrics provide additional security?

The short answer: Yes.

Authentication can effectively use three things to keep the wrong people out: something you know, something you have and something you are. We’re all familiar with the first line of defense. “What you know” takes the form of security questions, passwords and a security picture, and there are various strategies to keep it all straight.

Some choose to use password managers or proprietary systems like Apple’s iCloud Keychain. Others prefer to have an encrypted personal security list (logins, passwords) stored on a cloud server. Still others put “what they know” (but couldn’t possibly remember) on a USB stored on a keychain or in a safe if the information is not encrypted. And, yes, some go a little further, choosing to use a fingerprint-encrypted drive (i.e., biometrics). How you manage what you know comes down to personal preference, but the first line of defense is not fail-safe. In fact, there are hacks and breaches all the time. (If you believe you were the victim of a hack, you can view two of your free credit scores on Credit.com for signs of identity theft.)

See also: Are Passwords Finally Becoming Passé?  

The second line of defense, “something you have,” could be access to an email account, a key fob or your mobile phone. You need to have your phone in hand, for instance, to receive the verification code so you can get waved through some digital security checks. This is called two-factor authentication—and, yes, it’s more secure than simply protecting accounts with an alphanumerical password.

The last line of defense, “something you are,” is a really hot topic right now. As I mentioned earlier, in sophisticated systems, this might include a scan of your retina, your finger- or handprints, your body weight (including ups and downs), your height, your face or all of the above. This information is clearly specific to you—and not so easily replicated—so, again, it’s miles more secure that the old standard password or even two-factor authentication.

Needless to say, were you to implement a security protocol that combined all three of the above protocols of authentication, a) criminals would have a really hard time making any money, but b) we would all be frustrated.

Does it have a place in the home?

Biometric authenticators have been the security mode for quite some time in the military and wherever large amounts of money or gold or drugs or weapons are stored, as seen in countless spy and heist movies, but they are slowly making their way into people’s homes.

From smartphones to gun lockers to personal computers, a steady march of devices is offering a biometric element for the user-authentication process. One example comes by way of a new secure credit card being tested by MasterCard in a chain of supermarkets in South Africa. The card is able to store an encrypted copy of the user’s fingerprint, which would make it exceedingly difficult for a scammer to beat.

(Would it be impossible to beat? As with all great capers, only the crooks know for sure. There was a flurry of coverage not too long ago about how photos of people flashing a peace sign could lead to the theft of their fingerprints, thanks to the proliferation of high-definition cameras. But fact-checking website Snopes listed the story as “Unproven,” and for good reason. While it is theoretically possible, no criminals have been caught doing it.)

Should I buy a fingerprint scanner?

Here’s the rub: You won’t really need to.

Unless you were born a long time ago, you may not know what an 8-track is. It came before the cassette tape, which preceded the CD, which is the grandfather of the MP3. When you want to make a point about obsolescence, there are few better examples than those clunky old tapes. I bring them up because current standalone biometric scanners are without a doubt the 8-track of digital security devices.

See also: Biometrics and Fraud Prevention: Seeing Eye to Eye  

If you accept the similarity between biometric scanning devices and MP3 players, the answer to the question above will be crystal clear. These days, MP3s can be played by all the devices we use most. We’re seeing the same thing happen with biometric scanning.

Whether it’s a smartphone, a computer or MasterCard’s new fingerprint-encrypted cards, all stripes of products you use on a daily basis eventually will feature built-in biometric scanners. And, if you are buying something today and prefer devices with built-in (rather than bolt-on) security, don’t despair. There already are plenty of choices out there. Case in point: Anyone with the latest generation of a particular smartphone likely has the option of locking and unlocking the device with their thumb.

Personally, unless and until all devices that should be secure feature biometric scanners, I would suggest opting for those that do—much in the same way I’d advise you to refrain from using “1234” as your password. You can learn more about biometric technology, how it works (and whether it can be hacked) here.

Full disclosure: CyberScout sponsors ThirdCertainty. This story originated as an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

This post originally appeared on ThirdCertainty.

Are Passwords Finally Becoming Passé?

It looks like 2017 is continuing right where 2016 left off—with news of a massive data leak and thousands of passwords being exposed on the internet and cached by search engines.

This refers to the gaping security flaw recently discovered in the widely used Cloudflare service. It goes without saying that you should immediately change all your passwords, given how deeply embedded into the internet Cloudflare is. You also should seriously consider using a multifactor step-up capability to access your more sensitive websites and services.

Related article: Cloudflare bug spills passwords in plaintext

Your identity has become a “currency,” and criminals are able to sell it like other data. Unfortunately, many organizations are dragging their feet in adopting more advanced and secure methods for allowing customers to connect with their services. For the near term at least, passwords are here and will be here for the next few years.

See also: The 7 Keys to Strong Passwords  

In terms of security and availability, passwords are the lowest common denominator. They are cheap to deploy, users understand how to interact with them, and the risks associated with the username and password paradigm—while not fully understood—are accepted. But, there are three key factors converging that will replace these username and passwords in the future.

Many more savvy about security

First, policy- and decision-makers are becoming more sophisticated in their understanding of the risks and security profile that simple reliance on passwords presents. Recent announcements from Yahoo CEO Marissa Mayer and General Counsel Ronald Bell should be a bellwether in this regard. Following YAYB (Yet Another Yahoo Breach), Bell resigned without severance pay, and Mayer lost her annual cash bonus and equity award—which some reports estimate to be worth upward of $14 million.

Governmental regulations—such as the revised payment services directive (PSD2) in Europe—are requiring more stringent authentication requirements for financial institutions while the National Institute of Standards and Technology in the U.S. no longer recommends one-time passwords (OTPs) being delivered via SMS in its Digital Authentication Guideline. Password reliance and its associated pain is a global problem.

Advances in biometrics, other alternatives

Second, viable alternatives to the password are gaining widespread acceptance. Since the release of the fingerprint scanner on the Apple iPhone 5S, biometrics have exploded as an alternative to PINs and passwords.

Related article: China embraces FIDO Alliance standards

The FIDO Alliance has grown as an industrywide organization popularizing a set of specifications that increase privacy, increase security and increase usability while at the same time allowing the multitude of players from the authentication marketplace to ensure interoperability. Adoption of such alternatives is moving along at a solid clip with millions of users worldwide already using this technology.

Consumers demand more

Finally, users are fed up. They have learned of breach after breach after breach. The added features that complicate a password are not actually making it more secure, but they do make passwords significantly more difficult to input on the small touchscreens that are becoming our primary computing devices.

As these three forces continue to converge, passwords will be replaced in greater and greater numbers.

As a society, we need to overcome password pain and look to the future. Using a fingerprint or other biometric authentication measure helps users look beyond the failed username and password infrastructure. In time, the public will understand how flawed traditional password usage is. It’s both inconvenient and insecure.

See also: How to Make Smart Devices More Secure  

In 2017, we will see more companies erring on the side of security, removing passwords and implementing modern authentication strategies that eliminate the opportunity for large-scale password leaks and theft.

This post originally appeared on ThirdCertainty. It was written by Phil Dunkelberger.