The insurance industry has always been quick to secure their customers’ assets – after all, their business depends on it.

In today’s data-driven era, however, the world has come to realise that personal and financial information can be as valuable and therefore requires the same care when it comes to security.

Traditionally, banks have excelled at protecting their customers’ information and access to their funds. Many business leaders in other industries, however, insurance included, do not yet fully understand the value and extensive operational benefits that come with embracing multi-factor authentication (MFA), says Pieter de Swardt, senior vice-president: sales operations at Entersekt.

“When compared to the bigger banks, many insurance companies tend to be in the earlier phases of their digital transformation journey. Until now, the key driver for insurers has been to enable self-service customer channels.

“But to achieve this, there must be layers of security installed on their digital platforms to ensure that customers accessing system information are who they say they are. More than just protecting transactions, such as claims payments, insurance leaders must also take a close look at how robust their security is when it comes to keeping fraudsters from accessing personal information.”

De Swardt explains that the broader insurance industry has access to a large amount of personal information that, if in the wrong hands, can easily be used to defraud patients. In many cases this sensitive information is currently only secured by a username and password which is woefully inadequate.

Protecting the whole ecosystem

The insurance industry has a fairly large ecosystem and when it comes to protecting personal information, business and security leaders need to give thought to how they will ensure that all the necessary checks and balances are in place throughout that ecosystem.

“Not only are we getting more enquiries from insurance companies themselves, but also their service providers, including brokers, doctors, pathologists and others. By having access to patients’ personal information, the risk profiles of service providers are increased, causing them to seek stronger security measures to mitigate operational risks,” de Swardt says.

He explains that this requirement is also driving the adoption of multi-factor authentication across the broader insurance ecosystem.

Focussing on security as a foundation and enabling strong authentication is the first step to securing data, according to De Swardt. Strong authentication to prove who is accessing the data is a must, as well as a system that is optimised to detect if an imposter is attempting to access user information.

Multi-factor authentication (MFA) is an effective way to control access to data by requiring a user to present credentials from at least two of the following categories: Something only they know, such as a PIN; something only they have, such as a smart card or mobile phone; and something the user is, which includes biometric data.

By requiring at least two, or a combination of these authentication factors, MFA makes it extremely difficult for a hacker to access the data.

De Swardt also points to the very large reputational risk that comes with a data breach, especially in healthcare, which can be exceptionally costly. In the US alone, more than 40-million patient records were compromised in 2021, with some hospitals facing damaging legal action as a result. This has placed a spotlight on the very urgent need for the entire healthcare sector, including the many health insurance companies working closely with the hospitals, to better protect user data.

“The sensitivity of medical information means a data leak can be catastrophic for a healthcare company, and rightly so. Our personal information is valuable and should be protected. While there is a need to ensure a low-friction environment for authorised professionals, it is vitally important that providers do everything possible to protect their customers’ data.”

So much more than just security

De Swardt goes on to explain that far more than just providing strong security, MFA can impact operational efficiencies as well.

“Call centres are very important channels in the insurance and healthcare space. Multi-factor authentication methods can be used effectively to drive down time spent verifying callers and establishing positive caller ID. Rather than clients having to go through a raft of knowledge-based questions, agents can quickly send a mobile identity request via a push notification, which the customer can accept and then the call can proceed.

“This streamlined process significantly reduces the time an agent has to spend verifying a caller, and at the same time drastically improves the customer experience,” he says.

What’s more, de Swardt adds that using MFA in call centre engagements also ticks a very big regulatory box since there is an auditable record of each customer interaction. These iron-clad records also cut down on the number of disputes where customers claim they didn’t authorise actions, when in fact, they did.

“It’s hard to deny the benefits of a security solution that can have such a positive effect on the user experience,” de Swardt concludes. “Some of our clients are saving countless operational hours and at the same time their end-customers benefit from stronger security with a better user experience. The right solution can truly be a win-win.”