Tag Archives: kba

Time for E-Signatures, Doc Management

If you want to know why insurance companies need electronic signatures and document management, you must first look at the regulatory landscape.

In the past 10 years, this climate has changed considerably, and most insurance companies are struggling to do one of two things to handle these changes: 1) make internal policies to comply with these changes without sacrificing profitability; and 2) find creative ways to outpace competitors looking for the same solutions to these problems.

Neither is an easy feat.

The National Association of Insurance Commissioners (NAIC) has even devoted a large portion of its industry report to addressing one of the myriad ways insurance companies are striving to transcend regulatory difficulties—through the efficiency of the internet.

This is a major reason why insurance companies need both electronic signatures and document management. Used separately, they are ineffective at delivering that the solutions insurance companies need. Together, their interplay makes navigating regulatory changes easy, especially those administered and upheld by the Federal Insurance Office (FIO) and NAIC.

Understanding E-Commerce and Insurance Sales Problems

Most states in the U.S. require those applying for insurance services over the internet to complete an electronic signature, whether it is used as a standalone technology or integrates with document management technologies. Although the approach may seem like common sense, its advent does away with the use of a witness or notary and brings into question the legitimacy of signatures.

See also: The Most Valuable Document That Money Can Buy  

Despite digital signatures being more efficient (after all, if e-signatures existed in 1776, all 56 U.S. delegates could’ve signed the document on the day our nation was founded; instead, it took roughly a month to collect all the signatures), they require additional authentications. This can be automated by document management tools.

Legitimizing Electronic Insurance Applications

ACORD, the Association for Cooperative Operations Research and Development, achieved this automation by making digital forms available on its domain. Application of electronic signature technology situated in document management solutions just needs to be applied during the final stages of the process.

Why the Need Is Paramount

Above all else, these are the features that create an effective interplay between document management technologies and electronic signatures.

Authentication Procedures

Inclusion of a KBA challenge question helps authenticate the digital signature process. This ensures that the party attempting to sign a document is who he or she says he or she is.

IP Address Verification

IP address verification is an extra layer that can bolster the legitimacy of a signed document if a legal dispute over its authenticity ever arises.

Form Fill Automation

There are new and exciting ways to automate the form fill process for recurring client-based and document related processes. Zonal OCR makes this possible, eliminating manual processes and reducing document workload to a bare minimum.

See also: E-Signatures: an Easy Tech Win  

Bar Code Authentication

Although a bar code authentication in an electronic signature should never be a standalone backup, it does add a layer of legitimacy. A bar code is a stamp of individuality that reveals its purpose and origins quite clearly.

Ensuring Data in Documents is Unaltered

It becomes obvious that electronic signatures are more useful if applied through document management technologies, as these technologies ensure documentation is not altered.

What’s more, the role-based user permissions of a document management system can trace who changed what within a system, ensuring that those who alter data without authorization can be held accountable for their actions.

Fighting Fraud With Multifactor ID

Insurance companies, like many other businesses, are extremely concerned – and rightly so – about cyberattacks that could result in the theft of the personal information of customers and employees. To protect themselves against data breaches and other threats, they companies are implementing physical and network security controls that include both the latest technology-based solutions and security awareness training for employees, who are all too often the weak link.

But while these security measures are certainly necessary, they are not enough, because insurance companies also face a second type of risk: the risk that criminals who have gained access to customer information from other sources will use it to hijack accounts.

Most account takeovers occur via social engineering, where fraudsters use hacked customer data they have purchased on the dark web or information they have gleaned from social media to impersonate legitimate customers and trick call agents into making account changes. To prevent this type of fraud, insurers need more robust customer authentication processes.

Many insurance companies continue to rely on so-called knowledge-based authentication (KBA) to grant access to accounts, meaning that customers verify their identity by demonstrating knowledge of personal information such as their account number, date of birth, mother’s maiden name and so on. But any business that protects financial assets by authenticating customers in this way is vulnerable to fraud because, thanks to data breaches, criminals have easy access to that information. And the rise of social media means that even the answers to common challenge questions (for example, “What was the name of your first pet?” or “Where
did you attend elementary school?”), are often readily available to skilled and patient fraudsters.

See also: Draining the Swamp of Insurance Fraud  

The proliferation of customer information on the dark web and on social media means that insurance companies need to rethink how much, if at all, they will rely on customers’ knowledge of personal information to verify their identities. Because criminals have such easy access to customer data, insurers need to implement more reliable ways to identify their customers, whether the contact is via the web, a mobile app or phone.

So how can insurance companies make sure that a person logging in to change account details or calling customer service to initiate a claim is a legitimate customer?

Multifactor authentication is a best practice that adds an extra layer of security to the identity verification process. This approach requires that knowledge (something the user knows, such as a Social Security number or account number) be combined with inherence (something the user is, such as a voice print or retina scan) or ownership (something the user has, such as a trusted phone or a driver’s license). ATM access is a good example of a type of transaction requiring multifactor authentication: Bank customers must use both a physical debit card and a PIN.

For increased security, insurers should apply this same principle to their customer authentication processes. Apps and websites, for instance, should not grant account access based simply on user IDs and passwords – both pieces of information that can be hacked. A wide variety of more secure authentication methods are available, and many of them, such as dynamic PIN code generators and one-time password lists, are not particularly costly or complicated to implement.

Compared with online access, the phone channel continues to lag when it comes to security. Identity interrogation is still the dominant means of authentication used by customer call centers, and this obviously poses a significant risk in the age of increasingly sophisticated fraudsters who are adept at social engineering.

Fortunately, new tools are emerging that make reliable multifactor authentication possible. One approach is to use the caller’s phone as a physical ownership-based authentication token. With this method, a network forensics system analyzes the phone call within the global telephone network and verifies that the customer is calling the call center from his or her personal phone. The process is virtually invisible to callers (it requires no action or enrollment) and allows callers to be automatically authenticated before their calls are even answered. With this technology, the only way a fraudster could spoof a call would be to physically steal and unlock the customer’s mobile phone or break into the home to use a landline. These are not easy tasks to accomplish.

Multifactor authentication can also use biometrics – voice prints, specifically, in the case of phone calls. Voice-biometric systems compare a caller’s voice with a previously enrolled recording of the account holder’s to make an authentication decision. Biometric voice authentication will be one of the ways callers are authenticated in the future, but today there remain several sizable roadblocks to widespread adoption. Most notably, it is a lengthy task for contact centers to gain the permission and initial recording from their entire base of members.

Remaining stagnant and continuing use of single-factor authentication based on KBA may seem simpler in the moment, but the risks – not only losses to fraud, but also potential penalties from regulators and lawsuits from affected customers – greatly outweigh the short-term discomforts associated with technology change, which will ultimately bring with it reduced costs and complexity.

See also: Global Trend Map No. 11: Fraud  

Consumers are living more and more of their lives online, and they clearly value the convenience and connectedness of the digital world. However, the steady stream of headlines about data breaches in every industry, as well as social media companies’ improper handling of personal information, is rapidly eroding trust. Many consumers have little confidence that their information will not be hacked and fall into the hands of criminals. If insurance companies wish to retain customer trust, they must take information security seriously and implement multifactor authentication.

The good news is that many of the new authentication technologies are not only more accurate than identity interrogation but also result in a better immediate customer experience. Customers who call their insurance company are often already stressed, and they just want to resolve their problem without having to jump through hoops. Reducing reliance on identity interrogation also reduces operating costs as agents can spend more time helping customers
instead of grilling them about their identity. Selecting the right authentication technology can thus be a win-win that results in more satisfied customers and decreased costs.