Google Tanslate

Select Language

Sign up and be the first to know

About Hugh Terry & The Digital Insurer

Hugh Terry & The Digital Insurer Video

Contact Us

1 Scotts Road
#24-10 Shaw Centre
Singapore 228208

Write an article

Get in touch with the editor Martin Kornacki

email your ideas at [email protected]

Pre Registration Popup

itcasia2020 Registration Popup

Share Popup

Prime Member: Find out more

Access a unique programme!
  • 56 pre recorded lesson of online content from industry experts over 7 courses
  • The best in digital insurance for practitioners and by practtioners
  • Online MCQ after each lesson
  • Join the discussion forum and make new friends
  • Certificate upon completion to show your expertise and comitment
  • 3 months to complete
  • Normal price US$1,400 Your Prime member price is US$999
  • Access to future versions included in your Prime membership!
Become a member

Prime Member: Contact Us

Reach out to us. Please fill up the form below
Let us know how we can help. You can expect a response within 24 hours
Services of interest
Untitled

Arthur D. Little

Arthur D. Little has been at the forefront of innovation since 1886. We are an acknowledged thought leader in linking strategy, innovation and transformation in technology-intensive and converging industries. We enable our clients to build innovation capabilities and transform their organizations. ADL is present in the most important business centers around the world. We are proud to serve most of the Fortune 1000 companies, in addition to other leading firms and public sector organizations. For further information, please visit www.adlittle.com

Password policies – a customer centric view : the good, the bad and the ugly

This short piece looks at password policies through the eyes of the customer – be it an end customer or a distributor. I am personally frustrated at the explosion of complexity in accessing sites so thought it would be worth exploring the issue further.

‘Security inflation’ is endemic

In my experience insurance companies and banks look at password policies and procedures solely through the lens of security. They then seek the advice of their internal IT security specialists who faithfully discharge their job responsibility, and are not to blame, in advising on all of the myriad possible weaknesses that can arise. In the absence of an internal customer experience advocate to provide an alternative view, the business leaders then decide to spend money and effort tightening security. The cycle seems to repeat and we end up with a default “business as usual” state of what I call ‘security inflation’. Somewhere businesses seems to have lost the ability to make considered judgements in this area that balance risk and reward and then make a commercial decision. Instead they seem to believe, despite all evidence to the contrary, that it is possible to reach a zone of “zero risk” in this area.

I think regulators also need to exercise more considered judgement and avoid unnecessarily draconian approaches to password policies.

Let’s think about the users

So this article is going to take a customer centric view and examine actual password policies that exist today. In the process I hope to illustrate that organisations can and do take different approaches to password policies – and at least some have made the necessary trade -offs.

So let’s start by thinking as a customer. The first thing is that I trust my bank or insurance company to make appropriate policies in this area. So in all the examples I give I assume the security approach implemented meets a minimum adequate benchmark (i.e. at the very least one compliance, risk and security expert will have signed off these approaches):

password assessment

To show how absurd decision making can be I have experienced the “good” from one multinational bank in one country and the “ugly” from the same global bank in another country. And standards do vary within countries i.e regulations are not absolute in these matters and leave room for banks and insurers to make their policies more customer friendly.

The one bank that deserves a positive mention for innovation is Standard Chartered Bank in Singapore. They made their physical second factor their credit card by including a key pad within the credit card itself.  They also allow a liberal approach to accessing high level bank data using a simple numeric password. Well done – and it gets my vote for customer convenience.

The non-banks who excel in this area are PayPal, the Apple store and the Amazon store who are able to deliver password protected transaction capability for on-line purchases without the need to re-key credit card data. They all use numeric only password systems.

Digital insurer password

We need more customer centric access to technology

What is the future?

The password / 2FA is probably a fundamentally flawed approach and one would hope that biometric solutions develop quickly to provide quick and convenient access to personal data and transaction capabilities. There are some reports that Apple is investigating finger print biometrics for the next version of the iPhone – this will be an interesting test on how “battle ready” the technology actually is.

What is your experience?

I would be interested to hear from others on their views and experiences in this area. What frustrations have you experienced and what is the most customer friendly approach you have seen?

Comments

Livefest 2019 Register Popup Event

Livefest 2019 Already Registered Popup Event

Livefest 2019 Join Live Logged-in Not Registered

Livefest 2019 Join Live Not Logged-in