• NEWS
  • Topics
  • May 2008
  • April 2008
  • March 2008
  • More
• EVENTS
  • Upcoming Live Events
  • Upcoming Web Events
  • Recent Events
  • On-Demand Web Events
• TOOLS
  • Buyer's Guides
  • Videos
  • Podcasts
  • Blog
  • Back Issues
• CAREERS
• RESOURCE CENTERS
  • Outsourcing
  • Policy Administration
  • CIO Strategy Center

Insurance & Technology: The Blog

« January 2008 | Main | March 2008 »

February 26, 2008

Vulnerability in Encrypted Info

Having just written about how insurers' view information security, I took special interest in a recent New York Times article, entitled Researchers Find Way to Steal Encrypted Data, that reported that a Princeton University group has discovered a frighteningly simple way to steal encrypted data stored on computer hard disks. You know, like the encrypted data that some insurance carrier employees have on their laptops.

from the New York Times:

The technique, which could undermine security software protecting critical data on computers, is as easy as chilling a computer memory chip with a blast of frigid air from a can of dust remover. Encryption software is widely used by companies and government agencies, notably in portable computers that are especially susceptible to theft.

...

The move, which cannot be carried out remotely, exploits a little-known vulnerability of the dynamic random access, or DRAM, chip. Those chips temporarily hold data, including the keys to modern data-scrambling algorithms. When the computer's electrical power is shut off, the data, including the keys, is supposed to disappear.

This got me thinking about something WellPoint vice president and chief security officer Shamla Naidoo told me when I spoke with her for my recent feature: "What we see as challenges today may no longer have the same priority in three to five years if insurers find there are new risks they haven't considered yet."

Could this recent news regarding the vulnerability of encrypted data be one of the new risks to which Naidoo was referring?

Whenever I interview insurers about new mobile initiatives, including those that involve laptops, I always ask how they plan to keep their customers' private information secure. And 99% percent of the time, the only security measure that's in place is encryption.

That used to be enough, it seems, but perhaps that's not the case anymore. A few insurers have already taken the next steps to secure sensitive data on laptops and mobile devices. Some have the capability to remotely wipe a device that is reported stolen or missing. Others have leveraged biometrics to make it exceedingly more difficult to access a device.

Hopefully, others will follow suit. There are many technology areas where it is advantageous for a carrier to be proactive rather than reactive, but none where it is more critical than information security.

Posted by Nathan Conz at 03:25 PM | Comments

Forget About Global Warming

At least up until 2005, global warming was often cited as the likely culprit of increasingly devastating Atlantic hurricanes, as with other weather and climate phenomena. Rising ocean temperatures were thought to provide more energy, powering increasingly powerful storms. It’s a simple enough formula, and rising insurance claim costs seemed to bear it out. However, according to a recent announcement from the National Oceanic and Atmospheric Administration NOAA, it's simply not the case.

There may be ample reason to believe that climate change is occurring and that it is taking the form of warmer temperatures worldwide. However, the NOAA says, increased hurricane-related losses are due not to stronger storms but to greater concentration of people and more valuable property in storm-prone areas:

“We found that although some decades were quieter and less damaging in the U.S. and others had more land-falling hurricanes and more damage, the economic costs of land-falling hurricanes have steadily increased over time,” said Chris Landsea, one of the researchers as well as the science and operations officer at NOAA’s National Hurricane Center in Miami. “There is nothing in the U.S. hurricane damage record that indicates global warming has caused a significant increase in destruction along our coasts.”

The NOAA source goes on to cite a report in Natural Hazards Review (which sounds more sensational than it reads) that finds that economic damage has been doubling every 10 to 15 years. In a passage minus the global warming but reminiscent of the apocalyptic tone of many global warming-related statements, NOAA's curiously named Landsea says,

“Unless action is taken to address the growing concentration of people and property in coastal hurricane areas, the damage will increase by a great deal as more people and infrastructure inhabit these coastal locations."

Perhaps the only adequate action would be to cease subsidizing the folly of people who insist living in danger zones. But that's not likely to happen. In the meantime people will continue to dwell on the beauty of their chosen landscape and nurse deep denial of the hazards. The temptation can be great; more a mountain than a beach person myself, I was captivated by the possibility of living in Government Camp, Oregon, while staying there for a couple of nights in January. Then I thought of the potential sudden changes to which that landscape is prone.

Assuming that more homeowners and commercial property owners gravitate to dangerous beauties, insurers' best bet is continue to refine their use of geographic information systems both to manage their concentration of risk and to more precisely assess natural hazards within any given territory. Carriers that can both locate lower risk segments of small areas and more accurately identify and price pockets of hazard will have a leg up on their competitors.

The key to getting the most out of GIS, as with other technologies that leverage predictive analytics, is data.

"The latest advancements have nothing to do with improved GIS technology per se. The advancements are coming from better data," says Bill Raichle of ISO. "Out of the box, a GIS is about as exciting as a blank Excel spreadsheet. But when an insurer can add their mix, their internal policy and business level data with high-quality, real-world, GIS risk and market data, new views of the business become possible."

Posted by Anthony O'Donnell at 03:23 PM | Comments

February 19, 2008

For Insurers, Customer Satisfaction Is A Moving Target

Just when I'd forgotten that I've been with Insurance & Technology for a full year now, I discovered - in my e-mail inbox - the recently released American Customer Satisfaction Index (ACSI) report for the fourth quarter of 2007. Around this time last year, I wrote my first story for I&T on ACSI data from the fourth quarter of 2006.

Last year, the ACSI showed that health and life insurers had made big customer service improvements. And at the time, I wrote (well, I quoted ACSI leader Claes Fornell) that contact center improvements had a lot to do with the industries' improved customer satisfaction scores:

From the March 2007 issue of I&T:

From a value standpoint, premiums remained relatively flat, according to the study. While that certainly helped customer satisfaction scores, Fornell says, the quality of service -- a big part of which is call centers -- also improved. "Insurance companies don't have that many points of interaction," Fornell explains. "When they do have them, in large measure, it would be at call centers."

Looking at this year's ACSI (and keeping the sentiments of my colleague Anthony O'Donnell's recent blog post in mind), I'm reminded of just how intangible the concept of customer satisfaction can be. It's price, it's service, it's reputation and, more than likely, it's several other things no one has considered.

In this year's results, life and health insurers saw their ACSI scores drop 1.3 and 1.4 percent from the year previous. Last year both those industries saw large gains of more than 5 percent.

Commentary provided by Fornell says that, on the health side, last year's increase was due in part to slower growth in premiums. Fornell writes that such momentum has slowed.

from Fornell's analysis:

Not only are premiums and co-pays now rising faster than inflation, but fewer employers are providing group health coverage. As a result, healthcare (and health insurance) has become an out-of-pocket expense for a larger number of households, something likely to negatively affect the satisfaction of customers.

While 2006's big winners, life and health, faltered slightly in 2007, the P&C side saw an impressive 2.6 percent improvement over last year's score.

Most notable among those insurers was Progressive, which jumped up 8 percentage points - the highest increase among any company in any industry measured.

from Fornell's analysis:

This is a large increase. Progressive made improvements to its award-winning website and offered significant rate cuts on insurance for RVs, motorcycles and boats.

So what have I learned in a year? Well, I know now that improved contact centers -- while still a key for any insurer with a customer service improvement initiative underway -- isn't the silver bullet when it comes to keeping customers satisfied. In fact, I'm not so sure that customer service improvement initiatives, in the traditional sense, are the best idea. Initiatives have a beginning and an end, while the myriad of factors that influence customers' satisfaction levels will continue to change -- with no end in sight.

Posted by Nathan Conz at 04:41 PM | Comments

Banks Might Try Differentiation Through Honesty

Sometimes I get a little fatigued hearing people complain about the insurance industry's reputation for questionable claims practices. Therefore it was with a certain grim satisfaction that I found out that banks are apparently setting a new standard for screwing their customers. However, the example should serve as a cautionary tale to insurers as well as bankers about fair dealing.

My impression about banks' ill-treatment of their customers developed as the result of three recent, unconnected conversations where acquaintances and friends reported to me that they had been stuck with sudden and drastic credit card interest rate increases. My first correspondent — a Bank of America customer — described herself as a very reliable customer who had made a late payment for the first time. The other two — one a JPMorgan Chase customer, the other WaMu — reported sudden, very high rate increases for no reason in particular.

The WaMu customer reported a conversation with WaMu that went something like this:

Customer: Could you explain why you raised my rate over 10 percent?

Service Rep: Well, your FICO score must have changed.

C: I happen to know that my FICO score has not changed.

SR: Well, we notified you that your rate would change.

C: First of all, since I make payments automatically, I don't necessarily read every bill beyond the payment amount; secondly, the contract I signed when I transferred the balance was for a certain rate for the life of the loan.

SR: Well, if you looked at the fine print you'd see that we reserve the right to change the rate at any time.

C: Then was your offer of a single rate just a lie?

Bank of America has received a great deal of bad publicity not merely for its use of industry standard "risk-based" pricing whereby rates are increased by criteria that are not likely to be clear to customers, but for "hiking rates base on no apparent deterioration in their credit scores at all," according to this report. Based upon my correspondents' reports, B of A isn't alone.

In the opinion of author and columnist Bob Sullivan, the banking industry isn't alone either. Sullivan's book, "Gotcha Capitalism: How Hidden Fees Rip You Off Every Day — and What You Can Do About It," addresses what the author characterizes as:

The constant bait-and-switch tactics that layer on fees and surcharges long after we're in a position to bargain over them. It's about rampant false advertising, about the explosion of small print and asterisks and about the seeming disappearance of federal authorities working to keep our marketplaces fair.

Whatever the merits of Sullivan's work, it points to rising resentment at what consumers regard as sharp practice. It doesn't help that in this instance, as the above-linked article suggests, responsible customers feel they're being opportunistically scorched by bankers trying to make up for their own lousy decisions.

Of course, customers are responsible for their contractual relationships to their lenders and thus must exercise due diligence when it comes to the wording of their contracts. However, the message many banks are sending their customers is, "Don't take your eyes off me or I'll pick your pocket."

Maybe it's a crazy idea, but perhaps the building consumer dissatisfaction with Bank of America and others creates the opportunity for some bank to use honesty and plain dealing as a differentiator. I can imagine the advertising campaign: "We're the bank that won't shaft you when we need some extra money."

Posted by Anthony O'Donnell at 11:54 AM | Comments

February 12, 2008

Practicing Web 2.0: Proceed With Caution

Thanks to its legal team, Horizon Blue Cross Blue Shield of New Jersey recently placed itself in the middle of a swirl of controversy about social networking Web sites and the privacy issues they create.

From Sarah Perez on ReadWriteWeb:

When Dawn and Bart Beye's 15-year-old daughter began showing signs of an eating disorder, they immediately took action. The Beyes enrolled the girl in a treatment program they thought was covered by insurance. Three weeks later, their insurance provider, Horizon Blue Cross Blue Shield of New Jersey, informed the couple they would no longer pay for the child's treatment. Horizon claimed the disorder is not biologically-based, but emotionally-based, and therefore, not their responsibility to cover. The Beyes sued. And in what could have been a dangerous precedent-setting lawsuit, Horizon subpoenaed the daughter's online writings from MySpace and Facebook to prove it.

Due to pending state legislation that could render the entire argument moot, Horizon recently moved to dismiss this particular case.

Certainly, cases like this do nothing to help the insurance industry's public reputation. (After all, it's difficult to side with a company seeking to deny coverage to a young girl with an eating disorder by invading her MySpace account). Yet, the lesson to be learned here isn't about public relations, it's about privacy.

As Perez points out, the carrier's actions provide further evidence that what an individual says online is not private. We should all be cognizant of that fact.

Many, however, are not. Take, for instance, this recent New York Times article, "How Sticky Is Membership On Facebook? Just Try Breaking Free."

from the NYTimes:

While the Web site offers users the option to deactivate their accounts, Facebook servers keep copies of the information in those accounts indefinitely. Indeed, many users who have contacted Facebook to request that their accounts be deleted have not succeeded in erasing their records from the network.

"It's like the Hotel California," said Nipon Das, 34, a director at a biotechnology consulting firm in Manhattan, who tried unsuccessfully to delete his account this fall. "You can check out any time you like, but you can never leave."

There's a couple things to take away from this.

1.) A 34-year-old biotech consultant isn't exactly a good representative of Facebook's user group. And that becomes abundantly clear when he starts making references to Eagles songs.

2.) This entire article is about how people are concerned that they can't fully erase personal data that they willingly volunteered to a public web site.

This, to me, seems ridiculous. Facebook users are 100 percent responsible for how much or how little personal data they share. Anyone who is even half-paying attention should realize that once something is posted to the Web, it can be exceedingly difficult to take it back.

As insurers increasingly embark on Web 2.0 projects, they should be careful in how they enroll people and what information they allow individuals to share.

As fickle as customers can be in reality, they're even more fickle in virtual reality. What an individual shares publicly online is, of course, not private. For some reason though, individuals tend to ignore this until what they share can be used against them. Then, they blame the nearest corporate entity for disregarding their privacy.

Regardless of what insurers' user agreements says (and Facebook's explicitly mentions that it will save the information in deactivated accounts), if customers feel like they've lost control of their own personal information, they won't be pointing at themselves.

They'll place the blame squarely on the shoulders of their insurer. So, if you're a carrier with a new Web 2.0 presence, proceed with caution.

Posted by Nathan Conz at 04:29 PM | Comments

A TSA Blog With a Comments Section? Why Not Rename It "Kick Me, Please"

The appearance of the Transportation Security Administration's blog occasioned a great deal of mirth both within and beyond the blogosphere. The TSA has been reviled, justly or not, for greatly increasingly air travelers' inconvenience while not necessarily increasing their safety to a proportionate degree. The TSA's launching a blog and one, moreover, that accepted comments, was like pinning a "kick me" sign to one's back.

Predictably, when the TSA blog opened shop, the kicking began. Not so predictably, the TSA accepted the kicking by maintaining a genuinely open comments policy. To give a little flavor, the following are from among the comments:

At least the clowns at the TSA are having some fun with this… … The real question is Why do we need TSA @ all? We don't, it is a complete waste of time… you check nothing, find nothing, and simply clog up air travel… … Let's face it--you are strikebreakers, not security people. As pleasant and patient as I try to be with your staff, they are still RUDE, and have the pseudo-official air of camp counselors or DMV workers for the most part. … You thought my banana was a bomb. It was not a bomb. It was a delicious and nutritious fruit. … Congratulations on beating the IRS to become the most hated government agency in America. You've earned it!! …

Some critics of the TSA think that inviting ridicule merits further ridicule. But they miss the point of the whole exercise. By opening the blog, the TSA has acknowledged problems and made a good faith gesture in the direction of addressing them. By saying, in effect, "Let's talk about it," the TSA simultaneously gains a platform to explain what critics might not understand about its procedures and puts the onus of civility on its critics. It channels the criticism and moderates its tone. Perhaps most importantly, the TSA has built a mechanism to track criticism for purposes of improving the quality of its service.

There are lessons here for the insurance industry, which similarly has a less than stellar reputation with the public. Insurance companies aren't necessarily well-advised to start blogs but they would benefit from encouraging policyholder feedback and using that feedback to drive improvement. Even the best service performers are likely to be missing an opportunity here. They may work at mollifying the small number of "squeaky wheels" that bother to complain or otherwise comment but they miss the larger number of customers that tend not to express their complaints.

The impact of that "silent majority" can be tremendous, and at least one vendor thinks it can be calculated.

Fortunately, the Internet has given the quiet ones an easier means of engaging. Customers who would have dreaded picking up the phone think nothing of filling in a field or IM'ing a company representative. However, if insurers want to get the greatest benefit from customer feedback, they have to ask for it.

Posted by Anthony O'Donnell at 08:28 AM | Comments

February 05, 2008

Insurers' Competition For Young Workers Extends Outside Industry

As I've written about in the past, the pending retirement of the baby-boom generation continues to be major force in shaping the hot topics for discussion in the insurance and technology sector.

Gartner touched on the topic this Tuesday when it released its list of top predictions affecting insurance in 2008.

from the Gartner release:

Gartner predicts that through 2010, IT and knowledge worker staffing challenges will drive a 30 percent increase in rule-based systems, knowledge management, outsourcing, and training among P&C and life insurers. Insurers will have a tremendous problem during the next five to 10 years retaining their core process knowledge and maintaining the aging legacy systems that they continue to run. Companies must start to implement new processes for knowledge management, training, recruiting, and rule-based systems to combat and overcome this challenge.

It's my opinion that if insurers decide to embrace Gartner's advice, they need to embrace it as a whole and not just in bits and pieces. In other words, companies need to recruit and train younger workers, while at the same implementing knowledge management and rules-based systems. One effort is dependent on the other.

Insurers aren't just competing with one another for the top IT talent. They're competing with any industry that needs IT professionals, which is to say, they're competing with everyone. Even technology stalwarts like Microsoft and Yahoo are feeling the workforce crunch, according to a recent New York Times article that suggests that companies like Google, Facebook and many small, nimble start-ups are attracting the most talent.

from the New York Times:

The competition for engineering talent in Silicon Valley and other redoubts of technology is as fierce as its been since the late 1990s, if not fiercer, some in the Valley say.

The battle for tech supremacy, then, is largely a battle for talent. And so one crucial question about Microsoft's $44.6 billion bid for Yahoo is whether a combined company could more easily attract software engineers — an increasingly precious commodity. Both companies are already fighting the perception that their most innovative days are behind them.

"Engineers here want to work on tomorrow's technology, not yesterday's," said Bill Demas, who worked at Microsoft through much of the 1990s and then at Yahoo until leaving last year. He is now chief executive at Moka5, a start-up of around 30 people based in Silicon Valley's Redwood City.

And let's face it, if the likes of Microsoft and Yahoo are viewed by some recent college grads as technology laggards, then insurers (and their less than stellar technology repuation) have an uphill battle to fight. That makes it critical for carriers to implement knowledge management and rules-based systems. After all, if young workers are given the choice between a position consisting of time-consuming administrative tasks and a position where automation and technology have removed that busy work, allowing for a job that involves more critical and strategic thinking, they'll choose the latter every time.

Posted by Nathan Conz at 04:34 PM | Comments

Virtual Universe, Real World Troubles

It's ironic that we rely on the global Internet for the transmission of vast amounts of accurate real-time information and yet we can't get reliable information about the infrastructure that enables it. We still don't know how it happened, but it seems at this point one may safely say that two undersea cables were cut off the coast of Egypt in the Mediterranean, and one off the Emirates in the Persian Gulf. A fourth cable appears not to have been cut but taken offline owing to damage to its power supply.

That even two cables in different geographies should be cut in so short a period of time is suspicious, especially as they occurred on either side of a well-defined block of territory, namely the Arabian Peninsula. What made the incident most interesting to the financial services industry, of course, was its effect on connections to Indian outsourcing partners.

Reliable information is in short supply in this regard as well, but there's enough information to draw some conclusions. Some companies, such as Satyam, have owned up to minor latency problems, while other claim say they experienced no problems whatsoever. At least one outsourcer (who shall remain nameless) stalled when I asked more specific questions. However, some people are talking in India.

The ISP Association of India reported a 50 to 60 percent cut of bandwidth to Europe, owing to the fact that the affected cables are the chief conduits for Europe-bound Internet traffic from India. That country's The Economic Times reports that:

…firms like Delhi-based Jindal Intellicom saw almost 100% of its internet traffic hit on Wednesday. The company, though, reduced it later to 50% through backups. "There is still a slight delay in traffic but the impact is only about 10%," said a company executive. "Between 20-25% of the 1,300 companies that make up India's $11-billion outsourcing industry was cut off. For small firms, the revenue loss will pinch," according to an industry insider.

Perhaps even more revealing than the article are comments on the excerpt published at the ISPAI's site, including this one:

Oops.... probably this is a kind of news that would never get published as it never happens that way! I guess, that is the fundamental difference between USA and India. Despite a fact that we control over 65% of the outsourced market of USA, we are never geared up for eventualities that lead to break down of Internet in India. Either a small earth quake in Indonesia or a fiber cut in Mediterranean puts 50% of Indian Internet business out of Network; then comes a situation where we go ga ga ga all over the World and the issue dies on its own.

In the end the effect of the outage on outsourcing customers was fairly mild, according to David Appasamy, a spokesman for Sify Technologies, a Chennai-based network and e-commerce services provider. "The cable outage caused shortage of bandwidth, increasing latency t o Europe and the U.S. East Coast for many carriers," he says. "But for those with circuit restoration capabilities and enough spare capacity there was minimal impact and latency."

However, the incident was a "wake-up call" in the opinion of a senior technology executive at a major Northeastern bank who wishes to remain anonymous. His company was not hit hard, by his account, but it was hit: "Some of the companies servicing us were somewhat impacted," he acknowledges. "Nothing mission-critical that would impact our end clients but there has been some sluggishness."

The source did not identify his India-based partners but did say that his company has diversified its outsourcing footprint and works, for example, with Dextrys (formerly DarwinSuzsoft) in China. He said that the cable failure provided "a good lesson for all of us to draw when we look for global locations."

However, the more urgent lessons, according to the source were focused on flow rather than locations of operations. "Certainly we have to think about issues having to do with the transport medium itself, but also in terms of how we route our traffic, not just in anticipation of scenarios like this, but also in the event of excess or overload of a given network," he says.

The protean nature of the Internet may distract sufficient attention from the "transport medium," since there is no single road that a given e-mail need take, let alone the total communications associated with something like a BPO relationship. And yet, the virtual reality is sustained by real-world material. In the end, in the view of Matt Josefowicz principal of Novarica's insurance practice, the recent failure of Internet-bearing fiber optic cables, "underscores some of risks of offshore outsourcing and the relative fragility of the global information infrastructure. In a virtual info economy we tend to forget that these signals travel over a physical infrastructure vulnerable to accidents and volatile political situations."

Posted by Anthony O'Donnell at 04:14 PM | Comments

Infrastructure Field Sales Systems Competition Document Management More >

	Face-to-Face Events: November 2-5, 2008 Insurance & Technology's 10th Annual Executive Summit Online Events: May 20, 2008 2008 Market Mandates and Rich Internet Application Trending for Online Business Banking Channels 2008 May 29, 2008 Risk Management means End-To-End Visibility and Control of Exceptions June 03, 2008 Market Trends 2008 and Rich Internet Applications: Online Channels Retirement and Benefits Service Portals June 04, 2008 Market Trends 2008 - Rich Internet Applications: Next Generation Online Financial Portals in Financial Services June 12, 2008 Quality Underwriting in a Soft Market				Subscription Cust.Serv. Staff Comments RSS News Feed Privacy Statement Reprints Media Kit 2008 Editorial Calendar