The new world of e-commerce brings obstacles as well as opportunities, but insurance companies cannot afford to ignore it, writes Dan Carmichael.

It is imperative for insurance companies to join the internet age to keep pace with other financial services providers such as banks and brokerages. The journey toward the new world of e-commerce has brought as many obstacles as it has opportunities. But those insurance companies that learn to balance business needs with technology innovation will likely find a profitable niche in the electronic marketplace.

In order for the insurance industry to take full advantage of the electronic market, technology needs to move quickly. However, technology alone does not provide all the solutions. The most effective technology is based on business objectives that are identified and clearly articulated first to provide the frame of reference or parameters for the solution. Putting technology before the business needs can result in solving the wrong problems.

Once business needs are identified, there are many technology innovations that can help an insurance company actively participate. The Web is still somewhat in the experimental stage for the insurance industry, but if an insurance company waits to start the experiment, it will fall further behind. The Web gives the insurance industry an opportunity to provide additional value in the business-to-business relationship with its reinsurers, primary carriers, brokers, and risk managers. Reinsurance companies and brokers can use the internet to improve their efficiencies in the marketplace by making legacy information available to their business partners, giving customers and business partners access to critical information and removing paper and unnecessary steps in their processing transactions between business partners.

XML, Extensible Markup Language, is a new technology, derived from SGML (Standardized General Markup Language), that can move the insurance industry forward at internet speed. XML moves beyond HTML, the internet standard for Web page development or presentation language. XML can provide the definitions that allow carriers, agents, risk managers and all other businesses to integrate their applications using internet protocols and a network. In fact, EDI can in effect be embedded in XML, so structured data can be transferred between business partners along with other, non-structured information. XML potentially also eliminates the biggest concern about the proliferation of Web sites and internet-based applications that, because they are not integrated, they become stand alone, proprietary solutions.

Every company should now begin to investigate XML for business-to-business applications. The international “Joint Venture” that developed the standards now used for reinsurers' EDI is building a data dictionary which could help bridge the gap between EDIFACT and XML-EDI. In North America, ACORD has developed a data dictionary for all ACORD Objects. When the work is completed, insurance Web sites can be developed which will allow for full integration of disparate applications, saving countless steps in the insurance process, not to mention tedious programming to EDI standards. This should significantly improve our industry's ability to exchange mission critical information. With XML, we can begin to take the information we receive via the Web and integrate it into our systems.The biggest factor in new technologies is the temptation to focus on technology alone as a competitive advantage, rather than competing on the basis of core skills like underwriting, selling ability, marketing prowess, product expertise, financial strength, claims management and loss prevention techniques. With every company building its own “killer” internet application, instead of leaping into the future, the insurance industry may find itself falling back into the past. There is the potential for proprietary interfaces and applications that support one company's processes at a time, integrating to nothing other than one Web site, making the brokers' jobs more difficult. XML and industry-wide solutions should enable our industry to use the internet and internet protocols as a viable platform for business-to-business communications.

Common industry-wide solutions increase efficiency throughout insurance distribution channels and positively position the industry in the eyes of trading partners and customers. E-commerce security provides one area where a common industry solution would eliminate confusion caused by multiple proprietary solutions.

The most important value that an insurance company sells is trust: trust between the customer and the agent/broker, between the agent/broker and the underwriter and between the primary underwriter and the reinsurer. The customer must believe that any information supplied to the company will be appropriately safeguarded. The Web is one new technology in which insurance companies can extend their reach, gain business intelligence and enhance their reputations as being customer-focused. In general, insurance data is not considered an exciting target, as opposed to say, information housed within the CIA. However, some personal lines insureds have valuable scheduled items, the specifics and whereabouts of which is sensitive information because of the possibility of theft. Commercial lines and life customers are especially interested in the protection of data and the confidentiality requirements on such topics as workers' compensation, medical history and personal property.

There is also the highly sensitive information associated with kidnap and ransom insurance. Any breach in the security of this type of confidential information would be detrimental to an insurance company's or agent's credibility.

As reinsurers and brokers deal with more than one trading partner, there are similar issues related to the protection of information. A reinsurer or broker must not only keep information confidential, but it must be perceived by its customers as doing so. Occasional lapses, such as the transmittal of billing information to the wrong party may have a negative impact on the relationship. However, if the information was encrypted, the impact would be significantly lessened.All information throughout the insurance distribution system needs to be protected, and appear to be of high quality, if the overall reputation of the industry is to be preserved. The key thing about a competitive marketplace is that it is hard to regain confidence once it is lost. And the insurance industry is becoming increasingly competitive as changes in the regulatory environment bring non-traditional competitors onto the playing field. It is therefore of paramount importance that each participant in the industry work to maintain a reputation for protecting customer information.

There are plenty of security solutions available commercially, but allowing every enterprise to choose its own different approach guarantees only that the industry's security will cost more than it should, and will only be as strong as its weakest link. A common industry approach is better, but to be successful, an “industry solution” for security has to be robust and flexible enough to encompass the entire industry. It has to work not just for large commercial risks, but also for smaller “main street” business, including personal lines, life and health. As a first step to creating an industry solution, it is necessary to determine the requirements of the industry.

Earlier this year, IVANS conducted a study with GTE Internetworking on the perception of security among more than 60 industry participants. The study participants made it clear that they believed the unauthorized disclosure of information is a major threat. There are many real risks that arise in such a competitive arena as the insurance industry.

About 70% - 90% of security breaches are internal, often resulting from a disgruntled employee or paid industrial espionage. However, nearly all internal security breaches never go public. External threats involve many examples ranging from the hacker who is trying to have some fun to the passive observer. These types of threats may cause much more damage than internal threats because they may be more likely to end up in the public domain.The likelihood of security threats being exploited increases with the migration of the insurance applications to the open internet. Security concerns on the internet are very real since the vast electronic environment introduces a worldwide entry way for attackers. The internet provides a safer haven for attackers to breach security while leaving small traces of their identities. This consideration makes it critical to develop a threat model now, before mass migration to the internet heightens.

It is clear that in order to move forward, the insurance industry must consider the new technologies available, including the internet, security and XML. Armed with sound business strategies and technological ammunition, insurance companies will be better able to conquer future challenges and stake their claim in a brave new world.

Dan Carmichael is president and ceo of IVANS, a technology solutions provider for the insurance and healthcare industries based in Greenwich, Conn. The industry-owned organization is in the process of developing a detailed e-commerce security architecture based on industry feedback.