Tag Archives: point of sale

‘Do You Want Fries With That? Insurance?’

By now, most of us are so familiar with McDonald’s “do you want fries with that?” strategy that it’s easy to forget how brilliant it is. Let me refresh your memory. In 1993, McDonald’s implemented a new policy: Every time a customer placed an order that didn’t include fries, the cashier would ask if the customer wanted fries with that.

The result: an added 15% to 40% in annual revenue.

Just as important: The boost didn’t require any expensive training or investments from the company.

So how does all of this apply to insurance sellers? Turns out, many insurance companies can implement a similar point-of-sale upselling strategy to increase market penetration and revenue. Here, I’ll offer examples of several other companies doing this successfully and offer takeaways for those in the insurance industry.

1: Partner to Be Present at the Point of Sale

One of the biggest struggles for insurance sellers is getting customers to come to us. Even when they want and need insurance, it’s easy to forget to make the purchase, which isn’t good for anyone.

The solution is to be present at the point of sale for the item that needs to be insured.

One company that’s been doing this for a long time is Expedia, an online travel agency. The site helps you search, compare and purchase your plane tickets, rental car and hotel stay. At several points during the checkout process, you’re offered the opportunity to add travel insurance to back up your trip. As you approach the “Complete Purchase” button, this coverage only seems to make more sense.

This strategy is brilliant because it makes life easier for everyone: the customers who are about to make a big purchase (which could be derailed by bad weather); the airlines, which want to make sure their customers have a great experience; and the insurance provider, for obvious reasons.

Of course, not everyone will buy right away. To make this strategy as effective as possible…

  • Ask for contact information from those who don’t buy so you can follow up later.
  • Be explicit about your plans for contacting people; otherwise, they may ignore your communications or mark them as spam.
  • Remind customers of your connection when you contact them. Mention the company you partnered with in your first communication.

Of course, many insurable purchases are still made in person. When it’s not possible to integrate via an app, it’s time to…

See also: How to Keep Humanity in Online Sales  

2: Unite Disconnected Systems

The classic example here (and one that my company, BriteCo, addresses) is buying an engagement ring. In a typical transaction, the seller may be able to offer an appraisal, which buyers must then take to their homeowners or renters insurance provider to see if they can get the ring scheduled.

That’s not ideal for a number of reasons, chief of which is that the purchaser is likely to forget to follow up (and may even lose track of the appraisal), meaning that the valuable asset goes uninsured.

We’ve found success by creating a software system to handle the entire appraisal and insurance flow. First, our jeweler partner logs in to a simple-to-use, cloud-based platform to create an appraisal in minutes. That appraisal triggers an insurance engine, which generates a customized insurance quote. A customer who buys from a BriteCo jeweler partner will get a digital copy of the appraisal via email or text, immediately followed by a separate message with the insurance quote for the appraised piece(s). The customer can purchase insurance right then and there, on a smartphone, and leave the store fully covered.

Many buyers won’t immediately be ready to purchase insurance, but with the ability to access a policy in their pocket (literally!), they can easily follow up later. This removes much of the confusion about the insurance process that can cause customer dropoff and, of course, helps prevent valuable jewelry from going uninsured.

3: Add Value for All Parties

As you cultivate partners who can help you connect with customers, it helps to be able to offer tangible benefits to everyone involved.

For example, human resources software giant ADP has a partnership with the small business insurance agency Insureon that lets ADP customers easily apply for business insurance, which nearly every business needs and which tends to be difficult for small-business owners to find.

Everyone wins in this partnership: Business owners get access to essential coverage that can prevent major financial losses, ADP manages its risks by helping its customers get insured (including for professional liabilities such as workplace discrimination), and Insureon gets an opportunity to sell to those in ADP’s large customer database.

Just as important, the partnership offers business owners a third-party vote of confidence as they make a decision about commercial insurance, a product that many have little or no experience with and so often feel uncomfortable evaluating independently.

4: Aim to Be Subtle and Persistent

Once you start looking for masterful upselling, you’ll see it everywhere. Apple gently offers AppleCare as an add-on throughout its checkout process, without ever shifting into a hard sell. Amazon and Office Depot surface additional warranty coverage for higher-ticket and tech products in checkout as you complete your purchase.

See also: Bold Prediction on Customer Experience

Think about these experiences from a customer point of view: There aren’t obnoxious pop-up windows you have to click past. Instead, the add-ons are part of the array of available support being offered as a part of an extremely fluid sales process.

That’s an important model to follow for an industry that hasn’t always had the friendliest reputation.

The Worst They Can Say Is “No”

Remember: McDonald’s managed to increase revenue by at least 15% by asking a simple question at checkout. Part of this strategy’s brilliance is that not everyone has to buy fries – or insurance – for it to work. Even if many customers decline the offer, the ones who accept it will make a difference.

As hockey legend Wayne Gretsky once famously quipped, “You miss 100% of the shots you don’t take.”

Questionable statistical analysis aside, the man has a point.

Changing Point of Sale for Insurance

The world of insurance is changing rapidly. From transformational advancements driven by insurtech, artificial intelligence, robotics process automation, blockchain and wearables, to changes in the way insurance companies design and implement new products (e.g., design thinking, minimum viable product and behavioral economics), innovation is happening all around us. As Karen A. Morris said in her article “Innovation Lessons From the Flock,” “The feather in every innovator’s cap is the ability to question, relentlessly and with energetic humility.” There is no doubt that insurance companies across the country are questioning the impact of changes on their ability to compete.

However, the insurance industry may need to spend a little more time thinking about how their customers are purchasing insurance and how the point of sale is potentially changing. This article will share some examples of areas where insurance companies may need to rethink how they attract and retain insurance customers in the very near future as purchasing habits evolve.

The Rise of Subscription Models

In the CNBC article titled “The ‘Netflix’ Model of Car Ownership Is on the Rise for Drivers Who Need Wheels – Without the Debt,” the author discusses the growing trend of automakers, dealers and startups that are offering subscriptions as an alternative way to get into a vehicle. By subscribing to a vehicle, a person can avoid the traditional leasing of a vehicle or financing the vehicle through the auto manufacturer, used car dealer or bank.

For insurance companies, perhaps the most important feature to note about a subscription model is that the automaker, dealer or startup will charge a flat monthly fee packaging together all the expenses associated with owning or leasing a vehicle. Included in that fee, you guessed it, is personal automobile insurance. The article mentions a number of companies offering subscription options. A visit to the news sections of these companies shows how fast dealership partnerships and car subscriptions are growing.

See also: Digitalization – the Great Disappointment  

Professional Employer Organizations (PEOs)

For the workers’ compensation line of business, insurance companies will need to monitor the impact of PEOs and aggregators of services that offer to own the insurance risk for multiple clients across multiple states. Through the law of large numbers, mobile claim reporting apps, strategic partnerships with pharmacy benefit managers, third party administrators and insurance companies, PEOs are able to sell the fact that they are better equipped to handle the workers’ compensation claim life cycle. As you can tell from reading the financial results of a number of the largest PEOs, they are growing rapidly… translating into more and more companies where somebody other than the insurance companies competing in the open market are owning the insurance relationship directly through a relationship with the PEO.

Why the Point of Sale Matters

For insurance companies that are relying on their traditional sales channels of agents and direct sales to renew their current customers or attract new business, they may be in for a surprise some day soon. As subscription models and PEOs continue to attract and rapidly grow their customer base, traditional insurers will lose customers who are shifting to these new low-hassle business models. A good analogy in this case would be the boiling frog in a pot. If you place a frog in a pot of boiling water, it will jump out immediately. If you put a frog in a warm pot and slowly raise the temperature, the frog will continue with business as usual. In a similar manner, if insurance companies don’t recognize that these new models are slowly but surely taking away business, an insurance company could some day wake up and find that a lot of customers have disappeared from the market.

Researching Who Owns the Relationships

There is no doubt that some companies have gotten out ahead of the curve when it comes to recognizing that the point of sale for insurance has started to change for auto liability, workers’ compensation and a few other lines of business. Although we won’t name the insurance partners of subscription companies and PEOs, there are some easy ways one can find out the information.

For publicly traded companies, searching for insurance keywords in the company’s 10-K/10-Q is a fine place to start. For both public and private companies, searching their website and visiting areas that address frequently asked questions related to accidents and filing a claim can also be helpful. For one subscription company, the authors identified the startup’s insurance partner by downloading the app and visiting the FAQ section. By looking for answers related to questions about accidents and insurance, we found the number for the insurance provider, dialed it and heard the name of the insurance partner. For one PEO, we were able to visit the insurance resources section of the website and learn everything about the workers’ compensation program (e.g., certificate of insurance form, claim reporting form, pharmacy benefits provider, etc.).

See also: Reinventing Sales: Shifting Channels  


As Larry Keeley said in his book, “Ten Types of Innovation – The Discipline of Building Breakthroughs,” “Successful innovators analyze the patterns of their industry. Then they make conscious, considered choices to innovate in different ways.” Based on the trends and patterns we have described, it will be important for insurance companies to rethink where they should focus their energy when it comes to the point of sale for certain lines of business. As the competitive landscape continues to evolve, those who adapt first and recognize shifting points of sale will likely have a first mover advantage from a data analysis, relationship and diversification perspective.

The State of Cyber Insurance

Cyber attacks are escalating in their frequency and intensity and pose a growing threat to the business community as well as the national security of countries. High-profile cyber incidents in 2014 reflected the expanding spectrum of cyber threats, from point-of-sale (POS) breaches against customer accounts to targeted denial-of-service (DoS) attacks meant to disable a company’s network. Businesses in ever-greater numbers sought financial protection through insurance, buying coverage for losses from data breaches and business outages.

Boost in Cyber Insurance Demand Drives Insurers’ Response

Healthcare facilities, universities and schools continue to be on cybercriminals’ radar, but attacks in the hospitality and gaming, power and utilities and other sectors reveal that no organization is immune to a cyber attack or failure of technology.

Healthcare and education clients had the highest cyber insurance take-up rates in 2014, followed by hospitality and gaming and services. Universities and schools present attractive targets because they house a vast array of personal information of students, parents, employees, alumni and others: Social Security numbers, healthcare information, financial data and research papers can all be compromised.

The broader scope of hacktivists contributed to the increase in cyber insurance purchases in 2014. Sectors that again showed notable year-over-year increases in the number of clients purchasing cyber coverage included hospitality and gaming and education. Other areas that stood out in 2014 included the power and utilities sector, with more clients buying standalone cyber coverage. Power and utilities companies frequently cite the risks and vulnerabilities associated with the use of supervisory control and data acquisition networks — which control remote equipment — and the cost of regulatory investigations as driving factors behind their cyber coverage purchases.

The reasons for purchasing cyber coverage vary from board mandates seeking to protect corporate reputations to companies looking to mitigate potential revenue loss from cyber-induced interruptions of operations. Insurers responded to this demand by offering broader cyber insurance coverage in 2014, including coverage for contingent business interruption and cyber-induced bodily injury and property damages. They also expanded availability of loss-control services, including risk-assessment tools, breach counseling and event response assistance.

Cyber Limits Rise

Companies with revenues of more than $1 billion have increased their cyber insurance limits worldwide by 42% on average since 2012, according to Marsh Global Analytics estimates. Over the same time period, healthcare companies have bought 178% more cyber insurance, and power and utilities firms have expanded their coverage by 98%.

Rising spending on cyber insurance

Source: Marsh Global Analytics. Percentage increase in spending by companies with more than $1 billion in revenues on cyber-risk insurance from 2012 through 2014.

Cyber Rates and Coverage

Increases in the frequency and severity of losses and near-constant headlines about attacks and outages kept cyber insurance premiums generally volatile in 2014. Average rate increases at renewal for both primary layers and total programs were lower in the fourth quarter than in the first. The increased loss activity prompted pricing challenges for some insureds, particularly retailers, where renewal rates rose 5% on average and as much as 10% for some clients.

Market capacity also varied according to industry. Most industries were able to secure cyber coverage with aggregate limits in excess of $200 million, while the most targeted industries, like retailers and financial institutions, faced a challenging market.

Insureds also face heightened due diligence from underwriters seeking to drill down beyond simple reviews of the company’s general information security policies. For example, insureds in the retail sector are being asked about their deployment of encryption and EMV (credit card) technology. And all insureds are now routinely asked whether they have formal incident response plans in place that outline procedures for protecting data and vendor networks and, more importantly, if such plans have been tested.

A Growing Concern

In 2015, managing cyber risk is clearly a top priority for organizations. For example, business interruption (BI) drew a lot of attention in 2014, a trend likely to continue throughout 2015. While BI has historically been thought of as the effect of a critical system going down for an extended period, technology failures and cyber attacks can create far-reaching outages affecting secondary systems, clients and even vendors. Such events can also lead to higher recovery costs, which are becoming a concern for boards of directors and senior management.

There is also concern stemming from the expansion of regulation and litigation. Regulators were active in policing cyber risks in 2014, and oversight is likely to expand significantly in coming years. With cyber risk seen as a critical issue on both sides of the aisle in Washington, D.C., companies will face regulatory challenges in 2015 and beyond.

Sectors that have already seen significant regulatory activity — for example, healthcare, financial services and education — will likely face more stringent regulations and larger fines. All industries should pay attention to existing and impending regulations, tighten controls and prepare to present and defend their compliance regime. Civil litigation in the wake of a breach or disclosure of a cyber event also escalated in 2014, with class actions at times following the disclosure of a breach by mere hours.

As demand for cyber insurance grows, remember that risk transfer is only part of the solution. Enhanced information sharing between industry and government is another step toward having a comprehensive risk-mitigation strategy. Insurers and brokers are expanding the availability of loss-prevention and risk-mitigation services such as risk-assessment tools, breach preparation counseling and breach response assistance. The expanded roster of services and enhanced coverage can provide additional value from policies, usually without a specific added premium.

How Stolen Credit-Card Data Is Used

Reports of high-profile data breaches have been hard to miss over the past year. Most recently, it was a breach involving 56 million customers’ personal and credit card information at Home Depot.

This is just the latest volley in a wave of sophisticated electronic thefts including Target, Neiman Marcus, Michael’s, P.F. Chang’s and Supervalu. Much like in the other attacks, the suspected culprit in the Home Depot data breach is a type of malware called a RAM scraper that effectively steals card data while it’s briefly unencrypted at the point of sale (POS) to authorize a transaction.  Reports of this type of attack have become increasingly common in the months since the Target breach.

Whether the cause is a RAM scraper or an “older” threat like a physical skimmer placed directly on a POS machine used to swipe a credit or debit card, a phishing attack storing customers’ card information insecurely, the result is the same: Credit card data for millions of people winds up in the hands of criminals eager to sell it for profit. How does that process unfold? And how can you – or people you know – get sucked into it?

The Basic Process: The journey from initial credit card data theft to fraudulent use of that data to steal goods from other retailers involves multiple layers of transactions. The actual thief taking the card numbers from the victim business’ POS or database doesn’t use it him or herself.

First, a hacker – or a team of them – steals the credit card data electronically. Most of these schemes begin in Russia or other parts of Eastern Europe, and much of what you might call the “carding trade” is centered there.

Next, brokers (also referred to as “re-sellers”) buy the stolen card numbers and related information in bulk and trade them in online carding forums. A hacker may also sell the card data directly to keep more of the profits, though that’s riskier and more time-consuming than using a broker. These exchanges are found on the dark net (aka the dark web). That’s a part of the Internet you won’t find through Google, where all manner of illegal and unsavory things can take place. Online prices vary depending on:

  • The type of card,
  • Credit limit (if known),
  • How much additional data is available (CVV codes from the backs of cards and associated Zip codes make stolen cards more valuable),
  • The card owner’s geographic location (a fake card used in the vicinity of the legitimate card holder is less likely to raise suspicion), and
  • How recently the cards began appearing in the carding forums (which relates to the likelihood of card cancellation).

Prices for the individual cards have come down significantly in the past few years because of the sheer amount of records available, though brokers can still do quite well from bulk sales of card data. Despite being on the dark web, many of the brokers conduct themselves like regular online businesses and will provide replacements or the equivalent of store credit if cards purchased from them don’t work.

The people who buy the card data from the brokers are called “carders.” Once the carders have the stolen card data, there are at least two distinct variations on the scam:

1) Physical, in-store purchases using fake credit cards.

2) Stolen card numbers used to charge pre-paid credit cards that are, in turn, used to purchase store-specific gift cards (which are less suspicious than general gift cards). Purchases are made online.

Variant 1 (“Mystery Shopper”): This variation starts with carders printing up the fake credit cards for use in stores. Once they have the stolen card data, the equipment needed to make the fake cards isn’t that expensive. The carder then usually works with one or more recruiters to find people to use the fake cards (though a carder may do the recruiting himself). The enticement to get people to use the fake cards will generally be in the form of email spam and ads in Craigslist or similar sites offering easy money to be a “mystery shopper” or “secret shopper” as part of a “marketing study” or some other semi-plausible justification.

Not surprisingly, the items purchased tend to have high resale value. After the physical purchases are made, the “mystery shopper” can either send items to the recruiter/carder (generally via a secure drop site like a vacant office) or directly to someone who has “purchased” an item via an auction site in response to a posting from the recruiter/carder. If sent straight to the carder, she then auctions the items directly on eBay, Craigslist or an underground forum on the dark web.

The people who actually make the purchases with the fake cards may have no clue what they’re involved in (though sometimes they’re active participants in the scheme or simply low-level criminals looking to use the cards for themselves). They are effectively the “drug mules” of the credit card scam, taking the most risk and getting paid the least.

You’ve probably seen one step retailers take to try and stop in-person card fraud. On a counterfeit credit card, the numbers on the magnetic strip and the front of the card generally don’t match — it’s too expensive to create individual fakes. Some retailers have their personnel type in the last four digits on the physical card into the register after the card is swiped. If the numbers don’t match, the card is rejected as a fake.

Variant 2 (“Re-shipping”): Rather than making physical cards, in this variation carders use the stolen card data to purchase pre-paid credit cards that are then used to buy store-specific gift cards (Amazon, Best Buy, etc.). As with the “mystery shopper” scheme, recruiters typically use ads and spam emails to entice people, though this time it’s people (especially in the U.S.) seeing “work from home” promises. Sometimes, the recruiters will employ a more personalized approach, even going so far as to start a fake “relationship” with the intended target. Then — wait, there’s more — the gift cards are used to purchase items online, and those items are shipped to the people responding to the ads, spam or “relationship” overtures. That’s where the “work from home” angle comes in.

The people initially receiving the packages directly from an online retailer are called “re-shippers.” People in the U.S. are used because U.S.-based addresses raise fewer red flags with the retailers. Like the “mystery shoppers,” the re-shippers are the drug mules here (and they are sometimes referred to as  “money mules” or “shipping mules”). And, as with the “mystery shopper” scheme, re-shippers can either send items to the recruiter/carder or directly to someone who has “purchased” the item through an auction site.

While this may sound a little convoluted, the shell game-like nature of using one card to buy another and then another makes it more difficult for stores to catch onto this scheme before the purchase has already been made and shipped out.  After that, it’s generally too late.

Solution for Biggest Cyber Risk Is Emerging

As the demand for cyber insurance has skyrocketed, so, too, has the cost. One broker estimates that sales in 2014 will double from the $1 billion premium collected in 2013. Much of the increase in demand and cost has been a result of the widely publicized hacks of the point-of-sale systems at large retailers, and the primary emphasis of most cyber policies is to address liability arising from such events.

New payment technologies, however, will change the need for this type of cyber insurance. American Express recently announced a token service; Apple incorporated ApplePay into its new iPhones; and a group of retailers, the Merchant Customer Exchange, is working on the release of a new payment technology, as well. These technologies, although different in detail, eliminate the need for merchants to collect unencrypted payment card information from customers, significantly reducing the risk created by point-of-sale malware.

These technologies work by generating tokens or cryptograms for use at the point of sale. Financial institutions are able to determine whether the tokens or cryptograms are associated with a customer’s account, even though it is virtually impossible for a third party possessing the token or cryptogram alone to identify the account. The specifics of the technologies vary, but the result is that the merchant does not need access to the customer’s unencrypted account information, and any data obtained through the point-of-sale malware becomes virtually worthless.

As these payment technologies become prevalent in the U.S., the need for cyber insurance protecting retailers against point-of-sale malware should plunge.

There still will be a need for coverages protecting against other cyber risks, including other forms of malware and security breaches as well as against business interruptions arising from cyber events. However, the need and demand for cyber insurance covering privacy breaches should be reduced and the pressure on much of the current cyber insurance market removed.

This article first appeared on the Privacy and Information Security Law Blog.