With the number and severity of data breaches increasing, many insurers are looking for new ways to protect their data, their systems and their brands. To these ends, as well as simplifying access for its independent agents, EMC Insurance, a P&C carrier in Iowa, is implementing SignOn Once from the ID Federation, a nonprofit association for insurers, solution providers, industry groups and agencies. According to the federation, agencies and carriers rank password management as their No. 1 tech pain point. As much as 75 percent of help-desk calls involve resetting passwords, which can cost up to $150 per incident in labor costs. Sara Richards, a technology analyst at the insurer, spoke with INN about the project.
INN: SignOn Once; what is it? What does it do?
Sara Richards: SignOn Once is a set of technical and legal standards that were put together by the ID Federation, which is a nonprofit. Carriers, solution providers, agents and associations, they all came together and said, “We know that password management is an issue for our agents; how are we going to fix it?” EMC is a member of the ID Federation, and we are working on developing our systems to the SignOn Once standard.
INN: What’s the benefit for users?
SR: There are multiple use cases for the SignOn Once standard, but the most common would be the agent to carrier, and using a vendor’s agency management system. Agents will be able to sign into their agency management system in the morning, and go out to each carrier participating in SignOn Once all day long, without logging in again. Literally signing in once per day, or whatever the time frame is, and being able to do business, look up policy and billing information, check on a claim, and all of those things that they need to do, in real time, without signing in again.
INN: If it makes life easier for agents, why would any company not do that?
SR: From a carrier perspective, we felt it was just something we needed to do. Our opinion is that we shouldn’t be competing on password management. We should be competing on product and services. It’s not necessarily a competitive advantage; it’s just something that we all need to get on board with. But so far, no one else has implemented SignOn Once. No one. It’s something that is in development, but it’s not in the marketplace. One vendor has a product called Single SignOn, which can be a little confusing, but there is a difference there. SignOn Once isn’t a product; it’s something early adopters are working on together to benefit everyone. There’s a lot of interest, and carriers are interested in how they can get involved. There are some other things happening, too, such as non-expiring passwords. Some other carriers have opted to do that. We also have implemented something called Password Synchronization, which is an IVANS transaction.
INN: How long did it take to implement it?
SR: It’s not live yet, but from a technical perspective, it’s pretty minimal in terms of the development required and should be easily implementable across vendor systems. And other carriers should find the same, depending on how they are storing their passwords within their systems. It’s more just on the legal side. These will be resolved as people become members of the ID Federation, and they have to agree to the Trust Framework and to following some guidelines. They set forth the security requirements for everyone involved and how we’re all going to work together. And it was just created by a group of experts from various carriers and vendors and agents, so most of the hard work is done. Again, it’s not a product. It’s a standard; it’s packaged so people can take it and implement it.
INN: What are the benefits and drawbacks?
SR: One of the benefits is the reduced number of calls to our help desk. From the agent’s perspective, it saves a ton of time not managing all of these passwords, which are all expiring at different times. And I think it’s the most secure. Plus, there’s support from the two largest solution providers, Applied and Vertafore. They represent 90 to 95 percent of the agents we work with. And so if we can help out that many agents, we knew we needed to get on board.
INN: Any reason a carrier shouldn’t do this?
SR: I hope not. The goal of ID Federation is getting as close to 100 percent participation as feasible, because in order for it to truly be successful, everyone has to get on board.
INN: What else do I need to know?
SR: We’re all just trying to stay out of the headlines. There’s more info on that at IDFederation.org. Interested solution providers or carriers should go to the website and check out more information. Also, there will be a session at the ACORD Implementation Forum for anyone attending.