The industry is struggling with determining who should be responsible for notifying consumers that they are conducting business on legitimate Web sites.With so many vendors and technologies to chose from, state regulators are at a loss to come up with a method of providing the equivalent of a "Good Housekeeping Seal of Approval" to assure consumers that they are conducting business on legitimate insurance Web sites.
Two working groups of the Kansas City, Mo.-based National Association of Insurance Commissioners have spent the past few months studying the issue.
"It is turning out to be a lot more difficult than we envisioned," says one technical expert close to the deliberations. "The federal legislation tells you that you cannot favor one technology over the other so we have to look at it in general terms, which is hard to do in the technical field."
In August, representatives from technology providers and consulting firms-including ValiCert, Entrust Technologies, VeriSign Inc., PricewaterhouseCoopers and Digital Signature Trust Co.-discussed the costs and benefits of using their products to gain Internet customers some peace of mind, and the regulators freedom from a barrage of complaints from unhappy consumers.
Technical consideration presented at the two-day meeting included the option of issuing digital certificates for insurer Web site servers and using public key infrastructure technology to authenticate Web site visitors.
"It is easy to provide digital certificates, but what makes them effective is the rules governing their use," says Patrick Watts, assistant vice president of the Alliance of American Insurers, a Downers Grove, Ill.-based trade association representing property/casualty insurers. "In this case, what is important is who is entitled to represent their Web site as run by a licensed insurer. Whoever decides that point wields the power in this situation."
It's also unclear to industry participants who should oversee a program that would authenticate legitimate insurance Web sites-state regulators, through the NAIC, or an insurance trade association.
In August, the American Council of Life Insurers presented its own site authentication regimen. The proposal has received a cool reception from some state regulators. "It appears that regulators and the industry could be on a collision course on authentication issues," Watts says.
Some state regulators who support an NAIC initiative to autheticate carriers' Web sites believe that such a program would be in the purview of their traditional role as consumer protectors. Furthermore, it could turn out to be a significant source of revenue for the NAIC.
Industry concerns
But industry observers warn that any NAIC program that would put its stamp of approval on carrier Web sites-no matter how voluntary the program is-could run afoul of the technology-neutral spirit of the new law.
Another concern is how long it will take the NAIC or other groups to put a program in place.
Virtually all quarterly NAIC meetings in 2000 have been devoted to streamlining state regulation in the wake of the passage of the Gramm-Leach-Bliley Act of 1999. So it would seem doubtful the group could give its full attention to the issue until some time next year.
"In the end you just might have both an industry and NAIC program out there," Watts says. "After all, there is nothing to prevent that."
