Life Insurance Monitor - Login Security (Dec'12)

  • 107 views
Uploaded on

What measures are firms taking to safeguard information for life insurance clients?

What measures are firms taking to safeguard information for life insurance clients?

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
107
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. LOGIN SECURITY PRACTICES KEEPING LIFE INSURANCE CLIENTS SAFE ONLINECOPYRIGHT CORPORATE INSIGHT, INC. AUTHOR: IAN M LUNDAHL FEBRUARY 2013 Corporateinsight.com | Blog | Twitter | LinkedIn | Facebook | SlideShare
  • 2. TABLE OF CONTENTS  Introduction  Key Findings  Login Security Best Practices  Recommendations  About Corporate InsightTABLE OF CONTENTS 2
  • 3. ABOUT LIFE INSURANCE MONITOR Life Insurance Monitor focuses on the online and offline user experience leading life insurers offer prospects, clients and advisors. Using actual life insurance policies and authentic advisor website access, our subscription research service goes beyond the public website to give you a unique, first-hand look at the online resources, account documents and sales materials competitors provide to their clients and financial advisors. Life Insurance Monitor Subscription Deliverables Life Insurance Monitor subscriptions are company-wide. A single subscription makes the service available to all employees without seat licenses or restrictions. The service includes a variety of deliverables that collectively provide a comprehensive look at the online experience being offered by your competitors and other leading insurers: Monthly Research Reports – In-depth reports that focus on key aspects of the online prospect, client and advisor user experience, account documents, life insurance industry trends and more. Reports include:  Detailed reviews of each Life Insurance Monitor firm  Key findings and best practice analysis to help improve your company’s offerings  Handy matrix summarizing your competitors’ offerings Bi-Weekly Updates – Comprehensive review of changes and additions to competitor public, client and advisor websites. Client & Advisor Website Videos – Go behind-the-login and take a first-hand look at the online resources being offered toLIFE INSURANCE MONITOR clients and advisors by your competitors. Client & Advisor Collateral Materials – All materials and communications that we receive are available for subscribers to view or download online. This includes account statements, newsletters, marketing pieces, disclosure documents and email communications. Competitor Summary Matrices – Breakdown of the key client and advisor website features offered by all Life Insurance Monitor firms. Analyst Support – Personalized research support from our experienced Life Insurance Monitor team 3
  • 4. INTRODUCTIONINTRODUCTION 4
  • 5. BACKGROUND This presentation is based on research from our recent Life Insurance Monitor report – Client Login Access: Private Site Login Security Processes. The report focuses on client login security across the life insurance industry. Inside, we will take a high-level look at the key findings from the report, highlight login security best practices from industry leading firms and offer recommendations for improving your firm’s login security.INTRODUCTION 5
  • 6. FIRMS COVERED IN REPORT  Our full Life Insurance Monitor coverage group features 14 firms  Twelve of the fourteen firms were covered in this report o AXA Equitable o MetLife o Genworth Financial o Nationwide o The Hartford o New York Life o John Hancock o Northwestern Mutual o Liberty Mutual o Pacific Life o Lincoln Financial o Prudential o MassMutual o USAAINTRODUCTION 6
  • 7. KEY REVIEW CRITERIA  Accessibility o Public homepage login field o Standalone pages for logging on  Username and Password Requirements o Maximum/minimum characters o Special characters, numbers, letters, combinations, etc.  Login Security Features and Account Services o Additional login criteria (PIN, etc.) o Page/site authentication o Security updates behind the loginINTRODUCTION 7
  • 8. KEY FINDINGS FROM THE REPORTKEY FINDINGS 8
  • 9. INSURERS OFFER BASIC SECURITY OPTIONS  Username and password requirements are stringent  Combinations of case-sensitive letters and numbers are effectively utilized  Majority of firms provide password and username retrievalKEY FINDINGS 9
  • 10. SEAMLESS LOGIN PROCESS  Eight firms display login fields on the public homepage  Three firms utilize a standalone login pageKEY FINDINGS 10
  • 11. LACK OF ADVANCED SECURITY FEATURES  USAA is the only firm utilizing multi-factor authentication  Security questions, image recognition and computer verification are absentKEY FINDINGS 11
  • 12. LOGIN MANAGEMENT BEHIND THE LOGIN  Password and security question updates are most commonly offered services  Username updates require the user to re-register or contact the firm by phoneKEY FINDINGS 12
  • 13. LOGIN SECURITY BEST PRACTICESBEST PRACTICES 13
  • 14. USAA  Access provided from a universal top menu on the public homepage.  PIN required for login verification.  Three advanced options available to clients; clearly outlined on a help page online.BEST PRACTICES 14
  • 15. NATIONWIDE  Login field presented on the public homepage with dropdown menu for account selection.  Private site allows client to update and change information online.BEST PRACTICES 15
  • 16. LIBERTY MUTUAL  Expandable customer login bottom offers direct access to the public homepage.  First time registrants are offered a link to the three-step eService registration page.  Special characters are allowed in passwords.BEST PRACTICES 16
  • 17. RECOMMENDATIONSRECOMMENDATIONS 17
  • 18. FOUR RECOMMENDATIONS FOR IMPROVEMENT 1. Allow clients and advisors to log in from a universal login field directly on the homepage. 2. Utilize multi-factor authentication to bolster login security. 3. Implement stringent character requirements for usernames and passwords. 4. Make it easy to reset and change login information online.RECOMMENDATIONS 18
  • 19. ABOUT CORPORATE INSIGHTCorporate Insight provides competitive intelligence and user experience research to the nationsleading financial institutions. For over 20 years, Corporate Insight has tracked new developmentsin the financial services industry through our syndicated Monitor research and consultingservices. We are known for our detailed, objective research, unmatched expertise, and emphasison the actual user experience. There are no assumptions in Corporate Insight’s work – we uselive accounts at the firms we track to benchmark their effectiveness across all major channelsand give our clients unparalleled competitive intelligence.Corporate Insight is continuously tracking and identifying best practices in online banking andinvesting, retirement, asset management, insurance, mobile finance, active trading platforms,social media and other emerging areas. In the process, we have helped our clients -- which coverthe entire spectrum of the financial services industry -- to stay on top of industry trends andimprove their competitive position.Our intelligence services are utilized by over 70% of the financial services firms on the Fortune500. Our research and analysts are frequently cited in financial media outlets such as The WallStreet Journal, Barron’s, Bloomberg, CNBC, Forbes and Financial Times and news publicationslike the Associated Press, New York Times, Newsweek, TIME and USA Today. 19
  • 20. CONTACT US Chase Marshall Director – Business Development 212-832-2002 x-140 cmarshall@corporateinsight.com Ian Lundahl Senior Analyst – Life Insurance Monitor 212-832-2002 x-101 ilundahl@corporateinsight.comCONTACT US 20