mobile-logo

Featured

Featured General Insurance Security

Insurers are familiar with the many problems caused by cyberattacks, but how familiar is the industry with the specific types? 

The insurance and insurtech industries are more than aware of the potential dangers of cyberattacks. After all, insurers provide coverage to many of the entities that may be vulnerable to or targets of scammers that aim to disrupt business and steal data or monetary funds. 

With the issues they face today, what is the insurance industry doing to protect itself from these attacks and how will the current climate of the economy affect the ability of insurers to battle cyberattacks? 

What threats should providers be aware of? 

Insurtechs and insurance carriers face a variety of threats, including ransomware attacks, data exfiltration, email phishing scams, and dedicated denial of service (DDoS) attacks. 

Insurance companies store large amounts of both financial and personal data, which means that any successful cyberattack could have dire consequences for them as a company and for their customers. 

It comes as no surprise that the finance and insurance industries are targets of cyberattacks. Along with the possibility of unmitigated data loss, malware and DDoS attacks have the ability to cause disruption to financial institutions while leaving customers without access to services. 

The state of the 2022 cyber threat landscape 

According to the data from the 2022 IBM Security X-Force Threat Intelligence Index, server access attacks were the most common types of attacks aimed at insurance and finance organizations.  In 2021, they accounted for 14 percent.  

Common cyber threats insurance organizations face:  

  • Server access attacks – An attack that involves gaining access to a company’s servers, either by exploiting a system weakness or by using stolen or leaked passwords. 
  • Ransomware – Malware that prevents a user from accessing their own programs and files until they have paid a ransom to the scammers. 
  • Credential harvesting – A credential harvesting – or password harvesting – attack involves attackers gathering many compromised user accounts, usually by sending a phishing email attack. 
  • RATs – Remote access trojans are a type of malware that allows a criminal to remotely control an infected computer including accessing the files and data stored on it. 
  • Misconfiguration – An attack that occurs when a cybercriminal discovers vulnerabilities in the security configurations of a cloud, application, or web server. 

While the IBM Index shows that insurance and finance industries are no longer the most targeted for attacks – that title now belongs to the manufacturing industry – they still accounted for nearly a quarter of the threats (22.4 percent). 

Although the number is slightly lower than the previous year, this in no way means that insurtech and fintech companies are in the clear. 

Additionally, companies need to be aware of potential weaknesses within their organization that could leave them exposed to cyberattacks. Unfortunately, with recent staff layoffs as well as the rising cost of business operations, both insurtechs and insurance carriers are now as vulnerable as ever. 

LenderDock values security 

As a company, LenderDock takes possible security threats very seriously. Being SOC 2 certified, LenderDock is exceeding industry standards while protecting your data. Rest assured that your data is safe with LenderDock. 

October 19, 2022
Featured General Insurance Security

While consumers are moving towards digital channels and apps more than ever before to complete daily tasks; the trend is also being seen in the insurance industry.

Let’s take a look at some of the risks you may face in the insurance sector.

Mobile apps: The risks

While many people moving to use apps for their insurance needs, it also means that many important pieces of valuable information end up concentrated in the apps. Medical information, addresses, account numbers, SSNs, etc. is far more valuable on the black market than the average credit card number, seeing as credit cards can be canceled. Personal information is usually permanent, and it can be used for fraud and other schemes by criminals.

With the large amount of information contained in the apps, it’s not particularly surprising that cybercriminals are targeting insurers and mobile apps.

Just recently in 2021, the New York Department of Financial Services fined multiple insurers for noncompliance breaches. Fines aren’t the only punishment for leaky insurers either. If companies are found negligent in protecting their mobile app, successful attacks often result in lawsuits.

Apps can be attacked in a multitude of ways, but there are six main ways the attacks occur. If proper steps are taken to protect consumer information, a vast majority of attacks will be unsuccessful.

1. Stealing personal policyholder information

Things like full legal names, marital status, date of birth, and social security numbers are often stored on insurance mobile apps. There can even be a driver’s license with car information (VIN, license plate number) stored on them.

To protect this data, it needs to be encrypted in the app by using the AES 256 or a similarly strong system. Data shouldn’t be the only thing that is encrypted, however. It should also cover the data used by the APIs. If things like tokens, URLs, passwords, etc. aren’t properly secured, cybercriminals can easily use them to access the insurer’s system.

2. Location information

Insurtech and insurance apps track location data for many reasons, including things like driver behavior to provide discounts or to activate or deactivate coverage based on location.

By rooting (Android) or jailbreaking (iOS) a device, hackers can gain more privileges that allow them to control the operating system and access location data. Apps should have the capability to detect when the device is jailbroken or rooted and shut them down to prevent unsafe data storage.

3. Keyloggers and overlays

The latest malware can employ a trick on its users, where it presents a fake screen over an insurance app, making the user think that they’re entering their data into a trusted source. Malware steals data in this way and can also take over accounts and other malevolent acts.

Keyloggers work similarly but run in the background while tracking every key entry a consumer makes in an application. Mobile apps need to detect these attack types so they can stop operating when they are in effect to protect the user and their data.

4. Intercepting data through transactions

Many insurtech apps allow policyholders to pay for coverage as they need it, adding coverage as they go. While this is a great feature, it also makes these apps vulnerable to attacks on payment information. To protect payment data, all data types must be encrypted using a level to comply with the PCI (Payment Card Industry) standard.

If an insurer is found to be in violation of PCI compliance, fines and even the loss of ability to accept credit cards as a payment type may result.

5. Abuse of static and dynamic analysis tools

Software developers use this information to debug and complete other important tasks during software creation, but it can also be used by cybercriminals to discover an app’s internal logic. The insights enable them to create polished, targeted, and highly effective attacks on not only the apps, but also the app’s back-end services.

Obscuring the binary code will help prevent reverse engineering, while added shielding with anti-debugging, anti-reversing, and anti-tampering protections will strengthen the app’s defenses.

6. Network attacks

Many mobile apps from both insurtech and insurance companies communicate using TLS 1.1 and HTTP, neither of which are particularly secure. They allow for cybercriminals to perpetrate “man-in-the-middle” attacks on data while it’s being transmitted, which allows for them to steal and even alter it mid-stream. To protect against potential attacks, developers should implement TLS version enforcement, TLS 1.3, secure certificate validation and malicious proxy detection.

In conclusion

Both insurtech and insurance industry members have a great chance to grow and improve consumer satisfaction with mobile apps. These apps must be secure or a cybercriminal is waiting in the dark to execute their next attack. Securing against these threats will help ensure the safety of everyone and their data while building a foundation for digital expansion.

October 3, 2022
Automation Featured General Insurance

How is insurance verified?

To prove that coverage exists for an insured party, a COI (Certificate of Insurance) is often requested or required by a third party. For the insured, it is a digital or physical form that shows proof of being covered by a particular type of coverage (e.g., casualty, liability, etc.) in the event of a claim being filed against them by a third party.

Any time that a specific insurance plan needs to be verified by a regulatory body, legal representative, employer, etc., a COI is the final proof of its coverage. And while it isn’t a legal contract, it is evidence that an insurance contract exists between the person insured and the carrier.

What to look for on a COI

Usually, COIs contain one page of pertinent information organized in a recognizable pattern. Here are a few things to look for on a COI, confirming the document is legitimate and not fraudulent.

Basic information about both the policy and parties involved, including:

  • Effective policy date
  • Name of the insured with contact information
  • Producer serving the policy
  • Company providing the coverage, labeled using letters

COIs also contain detailed information about the specific coverage being provided and final information on the holder of the certificate, including:

  • Certificate holder that matches the “insured” above
  • Statement from the insurer stating they may – but are not obligated to – notify the holder of the certificate in the event of a cancellation of the policies on the certificate
  • Authorization representative of the insurer

Certificate management

Standardization of COIs streamlines the verification process while also making it feasible for companies to be able to process large amounts of COIs for different coverages, policies, and insureds. But even with standardization, it can be challenging for larger companies to manage the COIs with the growing network of their strategic partners.

LenderDock makes COI management simple & easy

LenderDock is the first and only cloud-based solution that empowers banks and lenders to generate On-Demand Certificates of Coverage and Evidences of Insurance all in real-time.  Insurance providers recapture significant time and resources by enabling a true self-service environment for loan originators and mortgage banks to access and verify necessary policy-related data.  Insurers across the country are taking advantage of LenderDock’s platform for immediate and valuable cost savings and operational efficiencies.  To learn more about LenderDock’s unique lienholder process automation ecosystem, contact [email protected].          

August 30, 2022
Featured General Insurance Press Release

LenderDock Inc., the premier provider of online services for Property and Casualty Insurance policy verification and automated lienholder process management, is excited to unveil its latest collaboration with Cabrillo Coastal General Insurance Agency, LLC.

“We couldn’t be more excited to be partnering with the Cabrillo Coastal team in order to help them reach their goal of eliminating all the unwanted phone calls, emails and manual touch points with banks and lenders,” said Frank Eubank, LenderDock CEO.

“LenderDock’s suite of automation solutions will fast track their digital services footprint while reducing costs across their support teams,” Eubank added.

Cabrillo Coastal will implement the use of LenderDock’s base platform (VERiFi™, LIENSure™, LENDERDocs™) alongside the NOTiFi™ solution.

VERiFi™ is a real-time insurance policy verification system designed for verifiers and lenders. With VERiFi™, phone calls for policy verification are a thing of the past, making the process faster and more efficient.

The second tool, LIENSure™, automates the process of updating policy information by allowing lenders to submit corrections directly to the carrier. This enables carriers or providers to process the updates efficiently according to their own procedures.

The final base suite tool, LENDERDocs™ provides electronic and real-time access to important policy-related documents such as EOIs, Certificates, and others to financial third parties. This helps streamline the process of obtaining and sharing these documents, making it easier for business partners to manage their policy information.

Cabrillo Coastal will also use LenderDock’s NOTiFi™ solution. NOTiFi™ is a system that facilitates the exchange of insurance information among a variety of parties including insurers, lenders, leasing companies, government agencies, and trackers.

About LenderDock Inc.

LenderDock Inc., with its headquarters located in Salt Lake City, Utah, is the industry leader in automated lien holder process management services as well as online property and casualty insurance policy verification. Banks, lenders, and financial third parties can digitally verify and update home and car insurance-related data in real-time using the policy verification-as-a-service (VaaS) platform.

July 12, 2021
Featured General Insurance Press Release

LenderDock Inc., the premier provider of online services for Property and Casualty Insurance policy verification and automated lienholder process management, is excited to unveil its latest collaboration with Olympus Insurance.

“LenderDock is proud to be proud to be partnering with one of the top domestic carriers in the state of Florida. Olympus is cult-like in their approach to servicing the supporting the customers and are leveraging LenderDock’s platform to drive down expenses and enhance operational efficiencies within their enterprise,” said Frank Eubank, LenderDock CEO.

Olympus will implement the use of LenderDock’s base platform, which includes the VERiFi™, LIENSure™, and LENDERDocs™ services.

VERiFi™ is a real-time insurance policy verification system designed for verifiers and lenders. With VERiFi™, phone calls for policy verification are a thing of the past, making the process faster and more efficient.

The second tool, LIENSure™, automates the process of updating policy information by allowing lenders to submit corrections directly to the carrier. This enables carriers or providers to process the updates efficiently according to their own procedures.

The final base suite tool, LENDERDocs™ provides electronic and real-time access to important policy-related documents such as EOIs, Certificates, and others to financial third parties. This helps streamline the process of obtaining and sharing these documents, making it easier for business partners to manage their policy information.

About LenderDock Inc.

LenderDock Inc., with its headquarters located in Salt Lake City, Utah, is the industry leader in automated lien holder process management services as well as online property and casualty insurance policy verification. Banks, lenders, and financial third parties can digitally verify and update home and car insurance-related data in real-time using the policy verification-as-a-service (VaaS) platform.

April 8, 2021
Featured General Insurance Press Release

LenderDock Inc., the premier provider of online services for Property and Casualty Insurance policy verification and automated lienholder process management, is excited to unveil its latest collaboration with Stillwater Insurance Group.

“We are honored to be supporting Stillwater’s goal of driving down costs and finding ways to introduce digitalization and hands-free workflows for bank and lender inquires and request.  They are keen on sunsetting outdated processes in order to be a much more efficient organization,” said Frank Eubank, LenderDock CEO.

Stillwater will implement the use of LenderDock’s base platform, which includes the VERiFi™, LIENSure™, and LENDERDocs™ services.

VERiFi™ is a real-time insurance policy verification system designed for verifiers and lenders. With VERiFi™, phone calls for policy verification are a thing of the past, making the process faster and more efficient.

The second tool, LIENSure™, automates the process of updating policy information by allowing lenders to submit corrections directly to the carrier. This enables carriers or providers to process the updates efficiently according to their own procedures.

The final base suite tool, LENDERDocs™ provides electronic and real-time access to important policy-related documents such as EOIs, Certificates, and others to financial third parties. This helps streamline the process of obtaining and sharing these documents, making it easier for business partners to manage their policy information.

About LenderDock Inc.

LenderDock Inc., with its headquarters located in Salt Lake City, Utah, is the industry leader in automated lien holder process management services as well as online property and casualty insurance policy verification. Banks, lenders, and financial third parties can digitally verify and update home and car insurance-related data in real-time using the policy verification-as-a-service (VaaS) platform.

March 16, 2021
Featured General Insurance Press Release

LenderDock Inc., the premier provider of online services for Property and Casualty Insurance policy verification and automated lienholder process management, is excited to unveil its latest collaboration with GeoVera Insurance Group.

“GeoVera is a carrier seriously dedicated to providing the very best service and support to their valued customer base. LenderDock will be able to help them manage internal resources differently with lower costs and peace of mind,” said Frank Eubank, LenderDock CEO.

GeoVera will implement the use of LenderDock’s base platform (VERiFi™, LIENSure™, LENDERDocs™) alongside the NOTiFi™ solution.

VERiFi™ is a real-time insurance policy verification system designed for verifiers and lenders. With VERiFi™, phone calls for policy verification are a thing of the past, making the process faster and more efficient.

The second tool, LIENSure™, automates the process of updating policy information by allowing lenders to submit corrections directly to the carrier. This enables carriers or providers to process the updates efficiently according to their own procedures.

The final base suite tool, LENDERDocs™ provides electronic and real-time access to important policy-related documents such as EOIs, Certificates, and others to financial third parties. This helps streamline the process of obtaining and sharing these documents, making it easier for business partners to manage their policy information.

GeoVera will also use LenderDock’s NOTiFi™ solution. NOTiFi™ is a system that facilitates the exchange of insurance information among a variety of parties including insurers, lenders, leasing companies, government agencies, and trackers.

About LenderDock Inc.

LenderDock Inc., with its headquarters located in Salt Lake City, Utah, is the industry leader in automated lien holder process management services as well as online property and casualty insurance policy verification. Banks, lenders, and financial third parties can digitally verify and update home and car insurance-related data in real-time using the policy verification-as-a-service (VaaS) platform.

March 4, 2021
Featured General Insurance Press Release

LenderDock Inc., the premier provider of online services for Property and Casualty Insurance policy verification and automated lienholder process management, is excited to unveil its latest collaboration with Brightway Insurance.

“LenderDock is very excited about the opportunity to be collaborating with Brightway Insurance. As one of the largest MGAs in the U.S., they bring a unique perspective and focus to optimizing and improving internal processes that involved the banking community.  We fully endorse and support their goal of process automation to drive down costs,” said Frank Eubank, LenderDock CEO.

Brightway will implement the use of LenderDock’s base platform, which includes the VERiFi™, LIENSure™, and LENDERDocs™ services.

VERiFi™ is a real-time insurance policy verification system designed for verifiers and lenders. With VERiFi™, phone calls for policy verification are a thing of the past, making the process faster and more efficient.

The second tool, LIENSure™, automates the process of updating policy information by allowing lenders to submit corrections directly to the carrier. This enables carriers or providers to process the updates efficiently according to their own procedures.

The final base suite tool, LENDERDocs™ provides electronic and real-time access to important policy-related documents such as EOIs, Certificates, and others to financial third parties. This helps streamline the process of obtaining and sharing these documents, making it easier for business partners to manage their policy information.

About LenderDock Inc.

LenderDock Inc., with its headquarters located in Salt Lake City, Utah, is the industry leader in automated lien holder process management services as well as online property and casualty insurance policy verification. Banks, lenders, and financial third parties can digitally verify and update home and car insurance-related data in real-time using the policy verification-as-a-service (VaaS) platform.

December 27, 2019
Featured General Insurance Press Release

LenderDock Inc., the premier provider of online services for Property and Casualty Insurance policy verification and automated lienholder process management, is excited to unveil its latest collaboration with PEMCO Insurance.

“PEMCO’s shared vision of lienholder workflow automation and their adopting a process that truly solved the painful and expensive touch points with banks and lenders has enabled the LenderDock’s suite of services to manifest for the entire carrier community,” said Frank Eubank, LenderDock CEO.

PEMCO will implement the use of LenderDock’s base platform, which includes the VERiFi™, LIENSure™, and LENDERDocs™ services.

VERiFi™ is a real-time insurance policy verification system designed for verifiers and lenders. With VERiFi™, phone calls for policy verification are a thing of the past, making the process faster and more efficient.

The second tool, LIENSure™, automates the process of updating policy information by allowing lenders to submit corrections directly to the carrier. This enables carriers or providers to process the updates efficiently according to their own procedures.

The final base suite tool, LENDERDocs™ provides electronic and real-time access to important policy-related documents such as EOIs, Certificates, and others to financial third parties. This helps streamline the process of obtaining and sharing these documents, making it easier for business partners to manage their policy information.

About LenderDock Inc.

LenderDock Inc., with its headquarters located in Salt Lake City, Utah, is the industry leader in automated lien holder process management services as well as online property and casualty insurance policy verification. Banks, lenders, and financial third parties can digitally verify and update home and car insurance-related data in real-time using the policy verification-as-a-service (VaaS) platform.

January 19, 2017
« Previous Page