Industry representatives spoke on MFA at the Vertafore Connectivity Forum, part of the Accelerate, powered by NetVU, conference hosted by the Network of Vertafore Users.
MFA is an electronic authentication method wherein a user is granted access to a website or application after presenting two or more pieces of evidence to an authentication mechanism. MFA is an additional component beyond an ID and password for a more secure connection.
Speakers on MFA at the Accelerate event included Jim Rogers, AVP of The Hartford and president of the ID Federation board of directors; Ron Berg, executive director of the Independent Insurance Agents & Brokers of America's Agents Council for Technology (ACT); Steve Aronson, president of Aronson Insurance, Needham, Massachusetts; Doug Mohr, Vertafore’s VP, industry relations and partnerships; and Mike Foy, principal of Foy Insurance, Exeter, New Hampshire.
MFA implementation is a top issue for carriers and their partner independent agencies, the speakers said. As agency employees are trying to access carrier portals, they are meeting with more MFA requests.
The panelists are supporters of ID Federation, a nonprofit coalition. In recent months, they said they’ve seen some insurance carrier security teams implementing their version or interpretation of MFA while not fully understanding the impact on their agents, especially if every carrier has a different solution. Thus, the federation is promoting an industry solution called SignOn Once.
ACT Survey
At the Accelerate conference, ID Federation representatives also discussed a recent ACT survey of more than 300 agents, carriers and technology providers.
Nearly half of agent respondents said their carrier partners are requiring use of MFA to some extent, the survey found. Of those, 38% said only one or two of their carriers are requiring MFA; another 44% said three to five are requiring MFA.
Regarding the specific type of MFA preferred by agencies, 24% of respondents indicated they prefer to receive the factor via text message; 18% said they’d prefer recognizing previously used devices (“save my device”); 14% said link to an agency email address; the rest noted a variety of preferences.
Of the carrier representatives who responded to the ACT survey, 60% said they are implementing MFA for agent interactions.
For the 40% of carriers currently not implementing MFA, 22% said they have plans to implement in the next six months; 22% are researching; 20% will rely on regulators to determine the time frame; 17% will rely on technology partners; and 17% plan to implement in one to two years.
“We're clearly at a critical inflection point with MFA in our distribution channel,” ACT’s Berg said of the survey findings. “Agents mostly understand the need. They hope MFA can streamline workflow. They definitely want a consistent solution implemented so they’re doing one consistent thing for carrier A, B, C and D and vendor A, B and C. We need a unified approach.”
Berg added: “The regulatory and security requirements around MFA are beginning to impact all of us in one form or another.” ACT is receiving input from agents and other stakeholders that, in response to cyber regulations from federal and state authorities as well as insurance regulators and businesses, are instituting MFA in various ways.
More details on the ACT survey can be found here.
MFA ‘Best Practices’
ID Federation has published recommendations for carriers and agency leadership on implementing MFA.
Rogers outlined specific, calibrated steps his team took to measure impact on employees, agents and customers with The Hartford’s MFA rollout in recent months. For instance, help-desk calls and other performance indicators were monitored for type and quantity. If any issues emerged, the MFA implementation team would adjust the plans. As a result, the implementation has gone smoothly, he said.
SignOn Once implementation streamlines the process to meet regulatory requirements for incorporating MFA. When the agency administrator adds a new user to their agency management system and they check the MFA box, a flag is sent to all participating carriers. This indicates the user went through MFA as they logged into their management system. Also, users only need to remember their login credentials for their management system, not for all their participating carrier partners.
“This is a huge benefit,” said Foy. “If an agency management system user connects to 10 carriers and all them have implemented SignOn Once, those users only need to manage MFA at the beginning, one time, when they log into the system, not for every participating carrier. The time saving is enormous.”
Foy noted that “the heavy user” of carrier websites won’t feel an impact of MFA. “It’s the casual user who comes into the website and their credentials are expired,” he said. “The process stops right there. If you’re trying to write a piece of business, that carrier has been eliminated.”
Foy added: “It’s a hand-to-hand combat with the carriers. We need more carriers in the ID Federation space. I do not want to use your unique MFA process.”
About ID Federation
ID Federation is a nonprofit group of volunteer leaders committed to working for the common good of the insurance industry. They include representatives form carriers, tech providers, industry associations and agencies. These volunteers collaborate on critical issues facing the industry related to customer experience, workflow efficiency and data security. These experts in technology and business—with legal input as needed—seek to eliminate the legacy processes that have hindered the industry for decades, replacing them with modern technology for ID and password management. SignOn Once is the federation’s primary initiative. For more information: www.signononce.org.