PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

Stepping Up Cybersecurity for Insurance Consumers Starts with Evaluating Payment Solutions

Jeffrey Brown by Jeffrey Brown
November 6, 2018
in Featured Content, Industry Opinions, Security
0
cyber-security

cyber-security

1
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

One out of four Americans believe they’ve been the victim of cybertheft, a recent study shows—and they fear exposure to cybertheft, identity theft and personal privacy even more than threats to their personal safety.

The news serves as strong caution to insurance industry leaders, given that insurance companies share access to two of consumers’ most valuable assets: protected health information and financial data.

Today, there is a maze of federal and state information security laws that apply to insurers, ranging from the Federal Gramm-Leach-Bliley Act and the HIPAA Security Rule to state information security laws of general application. In 2017, the National Association of Insurance Commissioners (NAIC) proposed the Insurance Data Security Model Law, as a basis for uniformity across jurisdictions as states look to update insurance regulatory requirements relating to information security, the investigation of a cyber event, and the notification of cybersecurity events to state insurance commissioners.  The model law establishes rules for insurers, agents and other licensed entities to protect consumers from cyber threats. These rules include conducting ongoing risk assessments and exercising thorough oversight of third-party service providers’ efforts to maintain information security.

As insurers look to insurtech and fintech partners to modernize and streamline business processes, they must understand that they are ultimately responsible if a third-party service provider does not have adequate data security measures in place to protect sensitive policyholder data.

Protecting Consumers from Payment Data Theft

Many insurers are now turning to outside service providers to manage administrative functions such as claim payment processing. This move makes sense given the potential for increased efficiency, reduced cost and enhanced customer service associated with some outsourced administrative solutions. But when reviewing a claim payment processor’s credentials, it’s important to pay close attention to the company’s data security practices, as well as the security certifications it maintains.

There are three strategies to consider.

Be diligent about checking third-party providers’ security credentials.

When your company’s reputation is on the line, you need a claim payment processor that not only understands the importance of high-level security precautions for claims data, but also demonstrates its commitment through diligent credentialing, comprehensive audits performed by reputable organizations, and routine information security training of its personnel.

One insurance company paid a $5 million settlement for exposing 1 million consumers to theft of their Social Security numbers, driver’s license data, credit scoring information and other personal data in 2012. The culprit: failure to apply a security patch that would have prevented hackers from accessing the data.

That’s one reason why it’s so important to be vigilant in holding third-party service providers to the highest cybersecurity standards. In addition to checking for HIPAA compliance, insurance companies should select only those third-party service providers that maintain these credentials:

  • Payment Card Industry (PCI) Security Standards certification, which supports protection for sensitive payment card information—critical in an era of digital transactions as well as in-office payment
  • Service Organization Control (SOC) 1 and 2 compliance, with SOC 1 focusing on financial audit controls and SOC 2 centering on operations and compliance controls
  • NACHA Certified, a voluntary accreditation program for third-party senders and those that send automated clearinghouse (ACH) payments; NACHA’s standards include a solid risk and compliance program, stability, sound governance and strong core ACH practices.
Assess the third-party providers’ cybersecurity risk

With demand for e-payments by insurers continuing to swell, verifying that a third-party claim payment processor has invested in a front-line security response for e-pay transactions is critical. Three approaches to consider include the following:

  • Ask for proof that penetration tests and vulnerability scans have been performed—and request a copy of the results.
  • Provide the third-party vendor with a security questionnaire to complete yearly. Ask an outside company to evaluate the responses.
  • Require the third-party provider to hire an outside specialist to perform an onsite security assessment. The results of this assessment should be made available for your review as a condition of doing business with the company.
Evaluate the vendor’s business continuity and disaster recovery strategy

Ask the vendor to share the investments it has made to ensure data will be protected and available to your company at all times in the event of a disaster of any type. Important considerations: whether the claim payment processor has invested in a reliable solution for data backup; whether it keeps all sensitive information onshore, and whether sensitive information is encrypted while at rest.

Making the Right Investment

In an era of increased cybersecurity risk, insurance companies must take risk assessments of their outside vendors as seriously as they take their own—especially when vendors have access to sensitive consumer information. Don’t rely on a contractual requirement that the third party maintain compliance. Trust but verify, as the saying goes. Taking the time to assess third-party providers according to the standards discussed above helps establish partnerships that increase efficiency, limit risk, and protect policyholder relationships.

Bio:

Jeffery W. Brown is president of VPay®, a leading turnkey claim payments platform focused on the property and casualty, workers’ compensation, healthcare and warranty industries.

Tags: Compliance and RegulationCybersecuritye-paymentsFintechNACHAPCI CompliancePersonal DataSecurityVpay
1
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily

    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Mercator Advisory Group analysts and industry professionals.

    Must Reads

    live shopping, ebay

    Q&A: eBay Exec on Live Shopping and the Future of Payments

    March 24, 2023
    AI and Biometrics in Regulatory Compliance in Finance

    The Importance of AI and Biometrics in Regulatory Compliance in Finance

    March 23, 2023
    Everyone Benefits from the Real-Time Payment Networks  

    Everyone Benefits from the Real-Time Payment Networks  

    March 22, 2023
    commercial payments

    Optimizing Commercial Payments in the Digital Age

    March 21, 2023
    cross-border payments

    Cross-Border Payments: Fighting
    E-Commerce Fraud Using Data

    March 20, 2023
    fraud, ChatGPT-4

    How to Fight Fraud While Still Enabling a Great Online Customer Experience

    March 17, 2023
    RTP

    Financial Institutions Without an RTP Strategy Risk Being Left Behind

    March 16, 2023
    visa chargeback

    New Visa Chargeback Guidelines Will Be a Game Changer

    March 15, 2023

    Linkedin-in Twitter

    Advertise With Us | About Us | Terms of Use | Privacy Policy | Subscribe
    ©2023 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    Menu
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • Recent News
    • Resources
    Menu
    • Industry Opinions
    • Recent News
    • Resources
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result