SALT LAKE CITY – Oct. 21, 2022 – LenderDock Inc. (LenderDock) and IMT Insurance have recently formed a new partnership.

As the business landscape has become increasingly more competitive, IMT was looking for ways to enhance the level of service and value to their customers while reducing operational costs. 

LenderDock’s Notifi™ service provides the solution with its all-digital solution that ensures electronic delivery of all third-party notifications and escrow bills.  The cloud-based platform helps mitigate the expense of traditional print and postage and leverages real-time analytics and reporting.  

“We are very excited to be partnering with IMT as they remain laser-focused on delivering the best customer experience as possible to their clients.  It’s an honor for us to contribute to their goal of sourcing digital solutions to meet their needs”, says Frank Eubank, LenderDock’s CEO.      

IMT is a Midwest US company founded in 1884. Today, IMT continues to offer strong lines of personal and commercial insurance products along with providing exceptional service for a competitive price. IMT serves companies through Independent Agency locations in six states – Iowa, Illinois, Minnesota, Nebraska, South Dakota, and Wisconsin.

Headquartered in Salt Lake City, Utah, LenderDock Inc. is the leading provider of online Property and Casualty Insurance policy verification and automated lien holder process management services. The policy verification-as-a-service (VaaS) platform offers banks, lenders, and all financial third parties the ability to digitally verify and correct home and auto policy-related data in real-time.

Insurers are familiar with the many problems caused by cyberattacks, but how familiar is the industry with the specific types? 

The insurance and insurtech industries are more than aware of the potential dangers of cyberattacks. After all, insurers provide coverage to many of the entities that may be vulnerable to or targets of scammers that aim to disrupt business and steal data or monetary funds. 

With the issues they face today, what is the insurance industry doing to protect itself from these attacks and how will the current climate of the economy affect the ability of insurers to battle cyberattacks? 

What threats should providers be aware of? 

Insurtechs and insurance carriers face a variety of threats, including ransomware attacks, data exfiltration, email phishing scams, and dedicated denial of service (DDoS) attacks. 

Insurance companies store large amounts of both financial and personal data, which means that any successful cyberattack could have dire consequences for them as a company and for their customers. 

It comes as no surprise that the finance and insurance industries are targets of cyberattacks. Along with the possibility of unmitigated data loss, malware and DDoS attacks have the ability to cause disruption to financial institutions while leaving customers without access to services. 

The state of the 2022 cyber threat landscape 

According to the data from the 2022 IBM Security X-Force Threat Intelligence Index, server access attacks were the most common types of attacks aimed at insurance and finance organizations.  In 2021, they accounted for 14 percent.  

Common cyber threats insurance organizations face:  

  • Server access attacks – An attack that involves gaining access to a company’s servers, either by exploiting a system weakness or by using stolen or leaked passwords. 
  • Ransomware – Malware that prevents a user from accessing their own programs and files until they have paid a ransom to the scammers. 
  • Credential harvesting – A credential harvesting – or password harvesting – attack involves attackers gathering many compromised user accounts, usually by sending a phishing email attack. 
  • RATs – Remote access trojans are a type of malware that allows a criminal to remotely control an infected computer including accessing the files and data stored on it. 
  • Misconfiguration – An attack that occurs when a cybercriminal discovers vulnerabilities in the security configurations of a cloud, application, or web server. 

While the IBM Index shows that insurance and finance industries are no longer the most targeted for attacks – that title now belongs to the manufacturing industry – they still accounted for nearly a quarter of the threats (22.4 percent). 

Although the number is slightly lower than the previous year, this in no way means that insurtech and fintech companies are in the clear. 

Additionally, companies need to be aware of potential weaknesses within their organization that could leave them exposed to cyberattacks. Unfortunately, with recent staff layoffs as well as the rising cost of business operations, both insurtechs and insurance carriers are now as vulnerable as ever. 

LenderDock values security 

As a company, LenderDock takes possible security threats very seriously. Being SOC 2 certified, LenderDock is exceeding industry standards while protecting your data. Rest assured that your data is safe with LenderDock. 

While consumers are moving towards digital channels and apps more than ever before to complete daily tasks; the trend is also being seen in the insurance industry.

Let’s take a look at some of the risks you may face in the insurance sector.

Mobile apps: The risks

While many people moving to use apps for their insurance needs, it also means that many important pieces of valuable information end up concentrated in the apps. Medical information, addresses, account numbers, SSNs, etc. is far more valuable on the black market than the average credit card number, seeing as credit cards can be canceled. Personal information is usually permanent, and it can be used for fraud and other schemes by criminals.

With the large amount of information contained in the apps, it’s not particularly surprising that cybercriminals are targeting insurers and mobile apps.

Just recently in 2021, the New York Department of Financial Services fined multiple insurers for noncompliance breaches. Fines aren’t the only punishment for leaky insurers either. If companies are found negligent in protecting their mobile app, successful attacks often result in lawsuits.

Apps can be attacked in a multitude of ways, but there are six main ways the attacks occur. If proper steps are taken to protect consumer information, a vast majority of attacks will be unsuccessful.

1. Stealing personal policyholder information

Things like full legal names, marital status, date of birth, and social security numbers are often stored on insurance mobile apps. There can even be a driver’s license with car information (VIN, license plate number) stored on them.

To protect this data, it needs to be encrypted in the app by using the AES 256 or a similarly strong system. Data shouldn’t be the only thing that is encrypted, however. It should also cover the data used by the APIs. If things like tokens, URLs, passwords, etc. aren’t properly secured, cybercriminals can easily use them to access the insurer’s system.

2. Location information

Insurtech and insurance apps track location data for many reasons, including things like driver behavior to provide discounts or to activate or deactivate coverage based on location.

By rooting (Android) or jailbreaking (iOS) a device, hackers can gain more privileges that allow them to control the operating system and access location data. Apps should have the capability to detect when the device is jailbroken or rooted and shut them down to prevent unsafe data storage.

3. Keyloggers and overlays

The latest malware can employ a trick on its users, where it presents a fake screen over an insurance app, making the user think that they’re entering their data into a trusted source. Malware steals data in this way and can also take over accounts and other malevolent acts.

Keyloggers work similarly but run in the background while tracking every key entry a consumer makes in an application. Mobile apps need to detect these attack types so they can stop operating when they are in effect to protect the user and their data.

4. Intercepting data through transactions

Many insurtech apps allow policyholders to pay for coverage as they need it, adding coverage as they go. While this is a great feature, it also makes these apps vulnerable to attacks on payment information. To protect payment data, all data types must be encrypted using a level to comply with the PCI (Payment Card Industry) standard.

If an insurer is found to be in violation of PCI compliance, fines and even the loss of ability to accept credit cards as a payment type may result.

5. Abuse of static and dynamic analysis tools

Software developers use this information to debug and complete other important tasks during software creation, but it can also be used by cybercriminals to discover an app’s internal logic. The insights enable them to create polished, targeted, and highly effective attacks on not only the apps, but also the app’s back-end services.

Obscuring the binary code will help prevent reverse engineering, while added shielding with anti-debugging, anti-reversing, and anti-tampering protections will strengthen the app’s defenses.

6. Network attacks

Many mobile apps from both insurtech and insurance companies communicate using TLS 1.1 and HTTP, neither of which are particularly secure. They allow for cybercriminals to perpetrate “man-in-the-middle” attacks on data while it’s being transmitted, which allows for them to steal and even alter it mid-stream. To protect against potential attacks, developers should implement TLS version enforcement, TLS 1.3, secure certificate validation and malicious proxy detection.

In conclusion

Both insurtech and insurance industry members have a great chance to grow and improve consumer satisfaction with mobile apps. These apps must be secure or a cybercriminal is waiting in the dark to execute their next attack. Securing against these threats will help ensure the safety of everyone and their data while building a foundation for digital expansion.

How is insurance verified?

To prove that coverage exists for an insured party, a COI (Certificate of Insurance) is often requested or required by a third party. For the insured, it is a digital or physical form that shows proof of being covered by a particular type of coverage (e.g., casualty, liability, etc.) in the event of a claim being filed against them by a third party.

Any time that a specific insurance plan needs to be verified by a regulatory body, legal representative, employer, etc., a COI is the final proof of its coverage. And while it isn’t a legal contract, it is evidence that an insurance contract exists between the person insured and the carrier.

What to look for on a COI

Usually, COIs contain one page of pertinent information organized in a recognizable pattern. Here are a few things to look for on a COI, confirming the document is legitimate and not fraudulent.

Basic information about both the policy and parties involved, including:

  • Effective policy date
  • Name of the insured with contact information
  • Producer serving the policy
  • Company providing the coverage, labeled using letters

COIs also contain detailed information about the specific coverage being provided and final information on the holder of the certificate, including:

  • Certificate holder that matches the “insured” above
  • Statement from the insurer stating they may – but are not obligated to – notify the holder of the certificate in the event of a cancellation of the policies on the certificate
  • Authorization representative of the insurer

Certificate management

Standardization of COIs streamlines the verification process while also making it feasible for companies to be able to process large amounts of COIs for different coverages, policies, and insureds. But even with standardization, it can be challenging for larger companies to manage the COIs with the growing network of their strategic partners.

LenderDock makes COI management simple & easy

LenderDock is the first and only cloud-based solution that empowers banks and lenders to generate On-Demand Certificates of Coverage and Evidences of Insurance all in real-time.  Insurance providers recapture significant time and resources by enabling a true self-service environment for loan originators and mortgage banks to access and verify necessary policy-related data.  Insurers across the country are taking advantage of LenderDock’s platform for immediate and valuable cost savings and operational efficiencies.  To learn more about LenderDock’s unique lienholder process automation ecosystem, contact [email protected].