How can insurers manage the risks of ecommerce

by Mark Adam Fitzperik.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on insurance  

You are here: Categories » Legal and finance » Insurance

Online sales of insurance products – made directly to consumers or via third-party distribution channels – are increasing. The industry-preferred approach is straight-through online processing, where the application is completed and submitted online without the need for signed documentation or product provider intervention.

While this approach saves time and money, it carries risks. It is important to remember, though, that many of the hazards of online selling and servicing apply offline too. For example, the potential for fraud is essentially no greater than in paper-based applications.

While risk cannot be eliminated, it can be reduced to an acceptable level through relevant contracts with the customer and third-party service providers and through careful attention to and control of the online sales process.

Contracts with customers

The formalities for contracting online and offline are essentially the same, but it is important to get the online sales process right to ensure that the contract is properly formed and enforceable.

As mentioned earlier, the product terms and conditions must be brought to the customer’s attention to ensure their proper incorporation into the contract. The customer must be given the chance to review and indicate acceptance of the terms before conclusion of the contract. Offline acceptance of the terms is indicated by signing the application form; online acceptance may be indicated by checking a box or clicking a button.

The provider must be able to show what terms the customer has accepted. It is essential that it retains a permanent record of the concluded contract, together with the information the customer was given at the time. The Financial Ombudsman Service has indicated that this record need not be a signed application form. However, the provider must be able to demonstrate the integrity of whatever record it has retained; having a secure audit trail is key.

Selling through third parties

When selling directly to a customer, the product provider maintains control of what is presented to an applicant on the screen and when. Where a third party is involved, there is a greater risk of non-disclosure of material facts and of the customer’s attention not being drawn to the policy terms. A provider may have difficulties relying on contractual exclusion clauses if the sales process was inadequate.

Popular online distribution channels include intermediary extranets, portals, content aggregators and ‘white-labelled’ sites such as those run by supermarkets and other corporate partners.

In each case, the contract between the insurance company and the service provider must clearly define the parties’ respective roles and responsibilities. While specific terms and conditions will differ, there will be common themes. The main ones are:

- Data. Who is responsible for collecting customer data? What if the wrong data are collected? What if data are corrupted or modified during transmission?

- Intellectual property rights. What rights does each party have to use the data and the branding and web content of the other? Are these rights restricted to online activities? How will competitors’ brands be displayed together (eg on content aggregator sites)?

- System and sales process. Who is responsible for the marketing and selling activities? Who will verify and authenticate users (see below)? Whose terms and conditions will be presented to the user? Will the sales process be specified by the product provider or dictated by the thirdparty service provider? Are there minimum security and system standards to ensure secure storage and transmission of data?

- Compliance. Who is responsible for ensuring that the website and sales process comply with FSA regulations and the law?

Online servicing

In addition to selling insurance products online, companies often provide online facilities for servicing policies, eg for tracking the progress of customer applications. While these facilities might be offered to customers directly, they are more commonly provided first to intermediaries on provider extranets or through portal sites.

Use of a portal site involves the introduction of a trusted third party to the relationship between the product provider and the intermediary. In most cases, the third party will be responsible for authenticating the parties (ie the product provider and intermediary) and transferring data between them. Careful consideration must be given to the contractual arrangements with the third party, to protect both the provider and intermediary. Online servicing will involve the use of personal data on customers and confidential data on policies and therefore has data-protection implications (see below). Many providers insist on the use of Origo Standards for the transfer of electronic data to and from intermediaries. These are industry technical standards, developed by the UK life assurance and pensions industry body Origo Services Ltd and used for the secure transfer of data between an intermediary and a product provider directly or via a trusted third party. For certain provider services (including tracking, commission and contract enquiry) the provider and intermediary can choose to adopt Origo’s standard legal framework.

Proving the identity of users

There are several regulatory reasons why it is essential to verify someone’s identity. These include preventing the sale of inappropriate goods to minors and ensuring the consumer is based in a country where the product provider is authorised.

There are commercial reasons, too. Establishing identity will:

- ensure that the party has the capacity to contract;

- prevent the party later claiming that they are not bound by the contract; - assist in tackling fraud.

Once a contract has been entered into, identity will need to be authenticated each time the service is used.

In the ‘real’ or ‘bricks and mortar’ world, verification and authentication are, in theory at least, relatively easy. On opening a new bank account, your identity is verified when you appear in person at the bank and present your passport and a utility bill. Your identity is authenticated by use of a PIN number at an automated teller machine. Online, alternative methods must be sought.

Establishing identity

To be satisfied that the person you are dealing with exists and they are who they say they are, you may need to verify the person’s information against evidence from another source, such as a credit-reference agency. If the provider chooses to carry out identity checks online (eg by using commercially available solutions such as Experian) it must have a process for retaining the evidence gathered.

The process of verification should be sufficiently rigorous for the products and services being sold. It should reflect the risks involved – not least the damage that could be caused by misuse of identity.

Authentication of identity

The means of authentication could be:

- something that only the person knows, such as a password;

- something that only the person possesses, such as a digital certificate or key fob;

- something that is a physical feature unique to the person, such as a fingerprint or retinal scan.

The more sophisticated the means, the greater the security but the higher the cost. It is important that a business carefully considers the degree of certainty actually required and selects a method of authentication right for the nature of the products and services being supplied online.

In reaching its decision, it will need to consider the data-protection implications of the particular method and the accessibility of the method.

Username and password are the most common form of authentication for selling and servicing products online. However, they are not the most secure. A complex password using different characters is more difficult to crack, but there is no guarantee that a user will keep their password safe. In the financial services industry, digital certificates are increasingly used as an alternative to usernames and passwords. Sometimes described as electronic passports, these use cryptography to give users a unique identity. Importantly, they can improve security by removing the need for multiple usernames and passwords. For example, Unipass digital certificates, offered by Origo Secure Internet Services (OSIS), give intermediaries access across provider extranets and portals.

Share
Leave a comment or ask a question
Total comments: 0

Insurance Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
General guide to Virginia Health insurance - Being a resident of Virginia and looking for information about health insurance? You might have flipped reams of pages and clicked a lot of online links while searching of Google or Yahoo! with var (more...)
Health insurance in California - It goes without saying that you should have a good healthcare coverage if you are a resident of California. If you don't, you will end up paying all the cost of your healthcare needs out of your ow (more...)
Finding Cheap Florida Health Insurance Rates - Being a resident of Florida, you can avail two types of health insurance policies-individual health insurance and group health insurance. Group health insurance is offered by employers while indi (more...)
Do Agent Marketers really care about your interest - Insurance industry can be regarded as one complicated world. Insurance that used to be a simple concept now has developed in to vast category with multiple further specializations and classificat (more...)
Insurance quotes and what do they mean - Insurance quote is something that describes that what actually you are going to pay as a premium on your insurance coverage. Looking it at practically that's a very bookish definition for it and (more...)
Owner Builder Insurance Advice for Owner Builders - There are few insurance brokers out there who take the time to understand your needs and assist you throughout the building cycle process. It is vital that you know what kind of insurance to buy an (more...)
Medical Coding Services And Doctors Get Ready Now For Change To ICD 10 - You've probably heard that the mandated switch to using ICD-10 codes for claims filing has been delayed by a few years until October 2013. You can breathe a little easier for now, but it is a good (more...)
How to Compare Insurance Companies - The Insurance Information Institute lists several things that a home owner should consider when evaluating insurance companies before deciding on a policy. Shopping for a home owne (more...)
What Is not Covered in Different Home Insurance Plans - It takes a thorough review of insurance plans to understand what types of damages may or may not be covered in certain home insurance policies. (more...)
Tips for Preventing Fires in the Home - House fires are one of the leading causes of home insurance claims. Learn how you can protect yourself and your family against a possible devastating fire. One of the most common c (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.