The insurance industry pushed long and hard for legislation that would legalize electronic signatures. But carriers are not rushing to implement the technology.W ill Tom Cruise soon be swiping his smart card through the digital autograph books of the next mob of crazed fans he encounters outside a Tinseltown premiere?
The Electronic Signatures in Global and National Commerce Act that became effective Oct. 1 goes a long way in legitimizing digital signatures for online business transactions. But it's unlikely that a radical transformation of how insurance and other industries complete transactions will occur in the near term, experts say.
In fact, many experts conservatively estimate that it will take several years before consumers become comfortable signing on the dotted line with bits and bytes rather than pen and ink for important life-event transactions that are conducted online. And, it will take some time before companies have the technology and personnel in place to support electronic signatures.
Although the new law was written to be strictly technology neutral, insurance carriers so far are not rushing to implement electronic signature technology. It's also true that lawmakers opted to wait for the marketplace-or perhaps the judicial system-to decide just how much stomach consumers have in embracing the new frontier of electronic commerce, and what kind of security they will demand, before digesting this latest step into the future.
Top priority
Nevertheless, the timing of the new e-signature act is welcomed by carriers as the industry made the e-signatures bill a top priority this year.
Despite the emergence of Web commerce as a critical force in the nation's economy, lawmakers were wary about the potential adverse effects that the legislation could have on consumers. Indeed, getting insurance included in the bill took some deft maneuvering around the 1945 McCarran-Ferguson federal law that gives states the primary authority to regulate insurance.
"It was important not only to obtain the benefits that having legal certainty for electronic transactions can bring to the bill, but to make sure the bill had no technical flaws that could adversely affect the business of insurance," says John Savercool, vice president of federal affairs for the American Insurance Association, Washington, D.C. "But, I think we succeeded in doing both."
For example, the law states that cancellation notices for life and health policies still must be in writing; property/casualty polices no longer have this restriction.
Still, insurers have some concerns about the law's language on consumer privacy issues. The industry currently is fighting a nondiscriminatory provision covering consumers who do not want their personal information to be disclosed. Insurance groups are fighting the provision because they fear such so-called opt-out provisions could stymie carriers' cross-marketing programs.
Other industry observers say carriers' concerns about the types of new information systems that will need to be implemented once the privacy regimes are nailed down is another impediment to implementing electronic signature technology.
Put it in writing
Despite these concerns, carriers actively embracing e-commerce have been preparing for e-signature technology from the moment that President Clinton signed the bill on June 30.
Progressive Corp. is recognized as an industry leader not only for the development of its e-commerce distribution network, but also for the integration of e-commerce and its agency network. The Mayfield Village, Ohio-based company's ambitious plan to catapult from its current ranking as the nation's fifth-largest writer of personal automobile insurance past top-ranking State Farm Mutual Automobile Insurance Co. hinges on exploiting this head start.
Even so, the carrier has not yet determined when the time will be right to implement e-signature technology. "I think our attitude might be best described as wait and see," says Alan Bauer, Internet business leader for Progressive. "Unfortunately, with insurance, one misstep and you may face a hostile plaintiff bar or run into some regulatory difficulties."
Despite initial wariness, Bauer nonetheless terms electronic signatures the "lubrication of the gears of e-commerce," and sees their adoption by consumers as inevitable once a period of adjustment is over.
"Consumers need to be aware, and I think this is part of the process, that what is going to happen will be a contract," Bauer says. "We have all downloaded software and we read the button that says `do you read and understand the terms?' and we all click `yes', even if we haven't, just to go forward because there is not much penalty. However, with digital signatures, you could get in trouble if you sign a contract and don't do your homework."
Insurers fear that any court ruling covering the nature of a document endorsed with a digital signature will most likely come down on the side of the client. "After all, insurance companies have lots of lawyers and if they can't figure it out, who can?" Bauer says.
Unique challenges
Although the e-signature law paves the way for carriers to increase their sales of online insurance policies, each line of business will first have to overcome some unique challenges before online sales can flourish.
For example, some states require that all residents who are applying for auto insurance must be offered uninsured motorist coverage, which they can subsequently reject. However, industry observers say that consumers applying for online coverage do not have the ability to decline coverage for uninsured motorists.
Jim Puhala, a general counsel for MassMutual Life, has been briefing his company's business leaders on the implications of the new law. Puhala says that some plans currently on the Springfield, Mass.-based company's drawing boards will move a step closer to implementation now that the electronic signature law is in place. He believes the technical requirements for an electronic signature should be fairly straightforward to carriers.
"You need authentication of the individual who is signing the document and security for the document so that if the document is altered in some way, that becomes apparent and the signature is invalid," Puhala explains. "In many ways, the technology could develop so that it is much more secure in an electronic form."
Most of the large carriers have not determined which e-signature technology they will implement, preferring for the moment to focus their efforts on educating consumers on electronic signatures.
"We have been focusing on issuing digital certificates to independent agents and issuing certificates to our own employees for Intranet access," says Bob McKee, assistant vice president, corporate information security, for The Hartford Financial Services Group Inc., Hartford, Conn. He believes there has to be a period of adjustment before it becomes obvious that consumers are willing to buy into the process.
Moreover, insurance companies as diverse as The Hartford need to grapple with some internal issues.
"There are a lot of things connected in business community as diverse as ours," McKee says. "Each area of the company has its own ideas about how fast we should do this, so our goal is to make sure we understand the choices that need to be made as these vendor products and services position themselves before us. Right now, they are coming at us one at a time."
Implementation could proceed one business area at a time, and, in The Hartford's case, it won't necessarily begin with commercial lines.
"Logically, starting with commercial lines might seem to be make sense, but our life operation is very interested in electronic signatures," he says. "They have been some of the more aggressive folks on this."
Two other large major carriers, New York-based MetLife and Allstate Corp., Northbrook, Ill, are evaluating electronic signature products, but executives with the two carriers declined to elaborate on their own specific strategies.
Avoiding confusion
The fact that carriers are taking a long, hard look at how they intend to implement e-signature technology does not surprise some industry observers who blame Congress for increasing insurers' confusion about the technology.
"Congress did not want to slow Internet development by locking in a technology. But by leaving too much undefined, it has done just that, adding cost and confusion while the standards are set," says Frank Prince, a research analyst with Forrester Research Inc., Cambridge, Mass.
Prince expects digital contracting will catch fire first in business-to-business e-commerce, primarily because of such attributes as its stable customer populations, well-known business rules and high-value transactions that will justify associated implementation costs, such as building a public key and encryption infrastructure.
Prince and Progressive's Bauer agree that a disgruntled consumer may lead the courts to create the kind of authentication standards Congress did not care to.
The law, however, did give the industry important guidelines defining what a valid electronic signature is. The law states that an electronic signature is an "electronic sound, symbol or process attached to or logically associated with a contract or other record, and executed or adopted by a person with the intent to sign the record" that two parties can mutually agree to.
Thus, an e-signature can be simply a typed name an individual attaches to an e-mail message or a more advanced option, such as a digitized image of a signature linked to a mathematical algorithm that verifies the authenticity of an online document. Companies could also allow passwords or personal identification numbers to serve as e-signatures, experts note.
Unlocking the security key
Further up the security ladder lies public key infrastructure (PKI), a form of software that uses a broad string of numbers to encrypt information contained in documents that are transported electronically.
A user receiving the document then "unlocks" the encrypted information with software that's called a private key. An increasing number of companies are using PKI structures to facilitate the use of digital certificates, which have been described as "envelopes" for digital signatures, to provide accountability and trust in the electronic process.
The Hartford and New York Life have undertaken PKI initiatives but thus far have confined the initiatives to internal uses. For example, New York Life implemented a PKI system from Entrust Technologies Inc. to secure sessions between a Web browser and a Web server.
But experts note that such systems can be complicated and expensive to implement. For that reason, PKI service providers such as Mountain View, Calif.-based VeriSign Inc. may offer the most cost-effective approach. The company has issued more than 250,000 Web server digital certificates and also acts as a certificate authority, validating digital certificate users and the electronic transaction.
Bauer recalls trying to get a personal digital ID from VeriSign when he recently moved from Ohio to California.
"The company is very rigorous. I gave them my California driver's license number and because it did not match what was in their records, VeriSign denied me one," he says. "However, VeriSign is not in popular usage. You won't find many major consumer sites that use it yet."
But a recent Forrester survey found that 50% of the businesses it interviewed will have a PKI initiative in place by next year.
Security shortcomings
Other industry observers believe that security services that embed digital certificates for client applications fail to address the need for transaction-intensive secure communications.
"The Internet needs a simple and economic way to allow secure and convenient electronic commerce and communications," says Gary Craft, managing director of e-finance research for Deutsche Bank Alex. Brown, San Francisco. "This means that the trading parties can identify themselves, their activity can be protected as it moves across a public network and the transaction itself can be properly documented by a trusted third party."
However, Craft does not believe that the means to accomplish these crucial steps are within reach.
"Today, there is no easy, inexpensive way to administer security that can accomplish safe, frictionless and fecund electronic commerce," Craft says. "Many grand ideas come and go, yet they either fail to develop an economic rationale or fall short of nonintrusive easy operations."
For those people who don't feel comfortable about doing business with someone they can't look straight in the eye, biometrics offers the promise of identifying customers by their fingerprint or iris codes. Companies such as Anonymous Data Corp. (see article, page 50), eTrue, and Indentix hope to exploit the new techniques available, while at the same time quelling fears they may be a tad Orwellian. n
Steven Tuckey is an associate editor for Insurance Accounting, a Thomson Financial Media publication based in New York.
