Blog

01May, 2019

APRA Level Security Compliance

Payment technology challenges in the insurance industry: What are they and how can they be overcome?

Insurance Industry Payments

Faced with changing customer expectations, legacy payment systems and increasing data security compliance obligations, the insurance industry faces many challenges when it comes to payment technology.

The protection of customer data is one of the biggest challenges facing the insurance industry with the Australian Prudential Regulation Authority (APRA) enforcing a new prudential standard, CPS 234 for Information Security Management which is aimed at combatting the threat of cyber-attacks.  The new standard comes into effect on the 1st of July 2019.

This new standard, coupled with on-going PCI DSS compliance requirements, and the legal obligation to report any data breaches due to the Notifiable Data Breach Scheme, the insurance industry is under increasing pressure to improve the user experience, while at the same time ensuring the security of customer data.

Challenge 1:  Improving the user experience using outdated payment infrastructure.

Enhancing payment capability to meet changing customer expectations is a key challenge for insurers.  Often burdened with old payment infrastructure, including outdated contact centre technology, insurers find it hard to strike a balance between reducing payment complexity and improving the customer experience while achieving security compliance in a timely and cost-effective manner.

The key is the use of advanced cloud technology that allows insurers to add new functionality, without the need for new infrastructure. Products like IPSI’s AgentSecure service, leverage cloud-based technology, and connect with existing telephony providers to ensure customer payment data never enters the call centre while improving the customer experience. Customers remain connected to agents throughout the call, which improves customer satisfaction, reduces call handling time and improve cash flow through improved payment success rates.

The use of cloud technology allows the flexibility to scale up if required and the ability to use one solution for multiple sites whether they are in Australia or off-shore in the case of outsourced operations.

Inflexible payment options are also an issue with complex manual processes and lengthy registration processes to both apply for insurance and access member portals – a common frustration for customers. Insurers are often not equipped to manage common payment options such as recurring payments, batch processing and are limited in their use of tokenisation.  Tokenisation, when enabled, allows payment data to be stored securely on payment devices, enabling quicker, more secure payments from increasingly common payment devices such as mobile payment and customer portals.

Challenge 2:  Managing increasing data security compliance obligations

The protection of customer data is one of the biggest challenges facing the insurance industry. With APRA’s new prudential standard CPS 234 for Information Security Management commencing on 1st July 2019, this new standard mandates that boards are now ultimately responsible for information security.  The standard states that boards “must ensure the insurer maintains information security in a manner reflective of its size and extent of threats to its information assets”.

The challenge for insurers is that the new standard also extends to third-party providers which require insurers to ensure that third-party providers satisfy the requirements under the new standard.  Also, APRA has updated its information paper regarding outsourcing involving cloud computing services.  This updated paper requires entities to be aware of the changes needed to organisational capability when adopting new cloud-based technology and to ensure you make decisions where data risk can be managed and understood, and not just based on cost.

Alongside this new standard, is the on-going requirement for PCI DSS compliance. Payment security compliance is not unique to the insurance industry. However, Australia’s Notifiable Data Breach Scheme has introduced new reporting obligations in the event of a data breach with significant fines and penalties for those that do not comply.

The reality is that cyber-attacks targeting insurance companies are growing in frequency and sophistication.  Insurers need to ensure any new customer interactions with payment technology meet compliance obligations.

Challenge 3:  Digitisation of services

Digital transformation is not new to the insurance industry. However, expectations are now heavily influenced by what customers experience in other sectors, such as retail and other financial services.

One key trend will be the increased demand for more ‘personalised’ insurance covers rather than the one-size-fits-all products that are currently available.  This more tailored approach will re-imagine insurer-insured relationships with access to more in-depth customer data and behaviours made possible through integrations of data from multiple sources.  The implementation of a more personalised approach presents insurers with challenges to not only secure personally identifiable data but to streamline the management of personalised payments.  IPSI’s payments services that utilise big data and meta capability are leading the way in personalisation.

Challenge 4:  Streamlining payment processing including recurring payments, batch processing and refund processing.

The need to evolve legacy payment systems is a growing challenge for insurers.  One of the biggest challenge’s insurers face is changing standard payment practices such as recurring payments, batch processing and refund processing.

While common in other industries, insurers with restrictive legacy payments systems find these processes challenging to evolve and often revert to manual, time-consuming processes that can become a technical and administrative nightmare.   As an example, insurers commonly find stand-alone refunds difficult to process.  If a customer has paid $100, yet requires a refund of $150, insurers often find this type of refund difficult to handle due to the differential amount. What seems to be a simple process can often be made difficult by outdated technology.  Banking products tend to be rigid and ill-equipped to meet the specific needs of larger insurers.

It is apparent that when it comes to payment technology challenges in the insurance industry, digitisation is the key to streamlining their processes and, in turn, offering excellent customer service to their clients. However, at the moment, there are several barriers that insurance companies need to overcome to achieve this. With technology changing every day, presenting a higher risk for data breaches, and also increasing customer expectations of having everything available in real-time, there is no doubt that the insurance industry will need to make changes to keep up with consumer demands.

IPSI has specific experience working in the insurance space, helping insurers overcome these challenges.  If you’d like to see how we can help you evolve your payment technology contact us at assistance@ipsi.com.au

Related Articles

The benefits of mandatory data breach notification laws in Australia

Mandatory data breach notification laws would result in greater security for Australians and improved protection of their sensitive information. And i

Read More

Cost of data breach report (with Australian Statistics)

Ponemon Institute 2013 Cost of Data Breach report The 2013 Cost of Data Breach report published by the Ponemon Institute (sponsored by Symantec) revea

Read More

How to survive a data breach

In the past two years, LinkedIn, eHarmony, Twitter, Adobe and, most recently, Target have suffered data breaches that together exposed more than 120 m

Read More

Credit card data discovery tools lay the foundation for good data security

Card Holder Data (CHD) discovery tools are becoming essential in identifying none secure sensitive data locations. Since December 2013, a series of da

Read More