SMS-based two-factor authentication poses risks

Daniel
-
0
SMS-based two-factor authentication poses risks

The most common online and smartphone security protection method has become one of the greatest risks to data and information technology systems.

The standard two-factor authentication method; that you probably use to access most of your online accounts, is now so easy to crack that the United States government considers it a security threat. The National Institute of Standards and Technology (NIST); the US agency that develops technology standards, wants to ban the use of two-factor authentication, Fortune reported.

Two-factor authentication is the standard online access protocol that asks users for a password and a username. NIST wants to end its users because it is easy for hackers to steal or replicate passwords. A major reason why NIST wants to get rid of the protocol is that it creates a false sense of security.

The risk from text messaging

Another motivation for NIST’s action is the growing threat to security posed by SMS (Short Message Service) texts; like those sent over Twitter and WhatsApp. The danger is that hackers will trick an organisation into sending them a temporary access code; that give them access to data such as bank or credit card accounts.

To make matters worse hackers can now seize control of SMS accounts. American political activist DeRay McKesson found that somebody had taken over his Twitter account; and used it to send out messages supporting Donald Trump, whom he opposes.

The hackers achieved that by calling McKesson’s phone company; Verizon, impersonating him and having his messages redirected to another SIM card. It would be a simple matter for hackers to use the same tactic to steal financial data, or sensitive business information.

Nor is it just Twitter that is at risk; Telegram Messenger accounts belonging to political activists in Russia and Iran were hacked. Telegram is an encrypted SMS-solution that is considered to be far more secure than Twitter. The hackers may have been able to get access to the accounts by using information provided by state-owned telecom companies.

A major risk for insurers here is the growing use of solutions like Telegram and Twitter to send money. Apps like StartChat enable users to send payments in the form of Bitcoin. Another is the growing use of app-based payment solutions such as Apple Pay to access bank accounts.

The risk for banks, financial services, technology, and credit card companies is that criminals will use similar methods to redirect access codes, and other text messages to fake SIM cards. A crook that cloned your SIM card would be able to get your bank to send him an access code – that would provide access to your accounts for example.

Another threat is the use of devices called stingrays to intercept text messages. Hackers can use stingrays to capture text messages and change a user’s phone number, or subscriber information.

Risk management for SMS messaging

The risks SMS messaging and two-factor authentication pose for the insurance industry are great and obvious.

The insurers most exposed to this threat are those that issue identity theft and data protection policies. The use of false SIM cards is obviously identity-theft which increases potential losses to companies that issue such policies.

An obvious consequence of this risk will be the need to rewrite some insurance policies. Data-protection and identity-theft policies might need to contain provisions banning the use of some SMS solutions and two-factor authentication.

Another would be to require the use of apps like Google Authenticator which creates a one-time token or code that changes every few seconds. Such security is hard to crack, because hackers have no way of knowing what the new code is.

Other potential solutions include tokens, QR (quick read) code technology and blockchain (the technology used in Bitcoin). All of these encryption solutions employ a stratagem like Google Authenticator, which creates a new code or token for each message or transaction.

Requiring the use of blockchain-based payment solutions such as bitcoin; or Ethereum, for SMS money transfer might be another effective risk-management measure. These products use encryption technology that is theoretically invulnerable to cracking.

A final measure might be to bar the use of unencrypted SMS messengers like Twitter. Twitter only relies on two-factor authentication so it is fairly easy to hack.

New opportunities for insurers

There are some obvious opportunities for insurers here including data-theft coverage for SMS messaging, telecom and technology companies. SMS and phone providers might have to start providing such coverage for each account they issue.

New kinds of data protection and identity theft policies for individuals and organisations might also be needed. Financial services companies and banks in particular might need to add new layers of insurance coverage because of the growing threat. Some companies may also need insurance for corporate SMS messenger accounts.

The insurance industry will need to study the issues of two-authentication and SMS carefully, because the security threats are far greater than is commonly believed. New technologies and risk-management techniques will have to be developed if insurers want to avoid major losses.

Ransom Insurance: The US $400 Million Payment to Iran

Daniel
-
0
Ransom Insurance: The US $400 Million Payment to Iran

A political scandal in the United States is shining a spotlight on an obscure and morally-questionable sector of the insurance market: kidnap and ransom coverage.

Republican presidential nominee Donald Trump and other critics are accusing the Obama administration of something that is everyday business at some insurance companies: paying a ransom. Critics are focussing on the release of $400 million (£300.30 million) in cash to Iran’s government by the US State Department shortly after American prisoners were released in that nation.

The administration claims that the cash was released to settle an old dispute between the two governments. Trump and others labelled it a ransom – a practice that is a violation of official US policy.

Even though ransoms are politically controversial they are business as usual for some of the world’s largest corporations. Havocscope estimated that around $1.5 billion (£1.14 billion) in ransom money is paid out each year, making kidnapping a very lucrative crime in some places. Kidnappers in Mexico raked in an estimated $50 million in ransoms in 2012.

Kidnapping is growing in popularity because the average ransom demand in 2012 was $2 million (£1.52 million). That makes the crime a very attractive proposition for some of the world’s worst people – including terrorists.

The US Treasury estimated that Al Qaeda collected around $125 million (£94.83 million) in ransoms between 2008 and 2013. Much of that money came from the taxpayers of various nations; France alone paid the terrorists $58.1 million to free some of its citizens from custody during that period.

Kidnap & ransom insurance is big business

An even greater source of ransoms is some of the world’s largest insurers; including AIG which offers Kidnap, Ransom & Extortion insurance. AIG even has a web page selling such policies to high-net worth individuals and corporations. Some of the policies available include theft, disappearance and hostage coverage and health insurance to cover medical expenses.

AIG currently offers up to $50 million worth of Kidnap, Ransom & Extortion insurance to its policyholder. Those covered get access to the services of NYA International, a global risk and crisis consultancy. NYA’s employees include “crisis response consultants” experts recruited from the military, law enforcement and intelligence agencies whose job is to respond to emergencies like kidnapping.

It is easy to see why companies like AIG are offering kidnap & ransom insurance. Battle Face estimated that the market for such coverage doubled between 2006 and 2011, rising from $250 million to $500 million (£379.32 million) in just five years.

Is the insurance industry financing terrorism

Even though it is profitable, kidnap and ransom insurance creates serious ethical and legal risks for insurers. On 25 May 2015, British Parliament passed a bill that makes it illegal for British insurance companies and residents of the UK to pay ransoms to terrorists.

White man captured by terrorist group
White man captured by terrorist group

The House of Commons action was prompted by a United Nations report that estimated that ISIS collected between $35 and $45 million in ransoms in 2014. The fear is that terrorists will use this money to fund operations such as attacks on civilian populations.

Interestingly enough this law seems to make a distinction between ransoms paid to criminals, and those paid to terrorists. That means it might still be legal for a British insurer to pay a ransom to a Mexican kidnap gang, but not to pay one to the IRA or ISIS.

A potential risk to insurers is that terrorists will pretend to be criminals in order to collect ransom money. To get around laws against paying terrorists, all ISIS fighters would have to do is not mention is their true identity in a ransom demand.

What is a “Terrorist?”

Another problem for insurers is the definition of “terrorist”, does the term only apply to organizations or individuals with political or religious agendas such as ISIS, or to criminal gangs that employ similar tactics. Mexican drug cartels; which have no agenda beyond making money, use many of the same terror tactics as ISIS.

An even murkier grey area; as President Obama discovered, is the payment of ransom to governments. Since the Iranian government is legally recognized it is not a terrorist organization. Yet that regime like many governments; including those in the USA and the UK, has sponsored terrorism for strategic reasons in the past.

To complicate matters some terrorist organizations, including ISIS claim to be governments. An insurer might try to get around laws against paying ransoms to terrorists by having a representative of a government such as an intelligence agent or a police officer make the payment.

Liability & PR risks from kidnap & ransom insurance

If such a payment were made public, serious legal problems would arise. Including the obvious question of criminal liability, who would face prosecution the company itself, its executives or the government agency involved and its employees?

Another legal risk that issuers of kidnap and ransom insurance have to consider is liability for damage done by terrorists. If terrorists used the ransom to purchase weapons, ammunition or explosives, would the insurer be liable for the death and destruction they caused?

A risk facing American insurers like AIG is the US court system. Under American law, attorneys have the right to file class action lawsuits on behalf of classes or groups of victims. That means a lawyer could sue AIG on behalf of all the victims of an organization like ISIS, if accusations of ransom payments were made.

A perhaps greater risk from ransom payments is that of bad publicity. The insurance industry might face the kind of intense criticism the Obama administration has received for the cash payment sent to Iran for paying ransoms. If the media or politicians learned of a large ransom payment to terrorists an insurance company might find itself facing a public relations nightmare.

The dilemmas created by kidnap and ransom insurance are an example of the complex risks that modern terrorism and crime pose to insurers. Even some of the insurance policies designed to cover the risks of terrorism, create serious risks for the insurers.

3D Printing: Promising but yet risky

Walid
-
0
3D Printing: Promising but yet risky

3D printing, a technology that promises to revolutionise the way things are made, is gaining popularity and acceptance in various industries and it’s set to bring great changes to the insurance industry too.

Known as additive manufacturing (AM), because it uses a range of laser-based or advanced printing techniques to build up models layer by layer. 3D printing allows individuals to produce physical objects from plastics and metals with equipment that is becoming increasingly accessible.

Worldwide shipments of 3D printers are projected to increase from about 490,000 in 2016 to more than 5.6 million in 2019, according to Gartner Inc.

Goldman Sachs has identified 3D printing as one of eight “extraordinary technologies forcing businesses to adapt or die,” with the potential to reach $10.8 billion in revenues by 2021.

As the technology advances and personal 3D printers become more affordable, their growing use in small businesses and homes poses unprecedented questions for the insurance industry.

When the end user of a product is also the manufacturer, who can be held strictly liable when a defective 3D-printed product causes a person’s injury, illness or economic loss? The designer? The company that made the printer? The person who used the printer?

While there is not yet adequate case law by which to fully gauge the risks of this new technology, there are issues that professionals in the insurance field should already be thinking about.

Intellectual Property (IP)

3D printing is especially susceptible to intellectual property theft because the underlying product design software can be used to make counterfeit products easily and at relatively low cost. Researchers at the University of California have discovered that hackers could steal the source code of a 3D printed product by detecting the sound waves created by each movement of the printer.

The software to detect and record the sound waves could be installed on a smart phone, and most manufacturing facilities do not monitor production workers’ smart phones.

In a press release, researcher Al Faruque said. “If process and product information is stolen during the prototyping phases, companies stand to incur large financial losses.

Business Interruption

3D printers can require more power to operate than traditional manufacturing equipment; backup generators might not be robust enough in the event of a power outage and as a result the business production could be disrupted.

Also, businesses that use 3D printers should prepare for their potential breakdown and in such an event, it could take an extended period of time to repair or replace the 3D printer. And for that reason, it will be vital to understand the various types of 3D printers and their working technology.

On the other hand, the application of 3D printing might actually reduce the indemnity period as necessary parts may be just printed on site.

Product Liability

The current Product Liability (PL) laws may not be suitable to deal with 3D printing, and PL could potentially be one of the biggest risks associated with the emergence of the technology.

Because 3D printing involves multiple participants, including the producer of the materials used, the software designer, the printer manufacturer and operator, and the retailer. Problems that can arise could come from using wrong materials, as well as issues with tracing the liability of faults in 3D-printed products.

In the healthcare sector, Aprecia Pharmaceuticals was the first to win US Food and Drug Administration (FDA) approval to manufacture its Spritam pill using 3D printing technology. The pill, an epilepsy drug, which dissolves quickly in the patient’s mouth, brings a significant benefit to those who have trouble swallowing pills.

For pharma companies, lawsuits have always been a cost of doing business. However, Aprecia by manufacturing its pill with the new technology might expose itself to unfamiliar territories full of potential new risks. If the company gets it wrong with its 3D printed drug and it causes adverse effects in patients, it could seriously be liable for damages in a court of law.

Security

In a similar way to the pharma industry, the Federal Aviation Administration (FAA) recently certified 3D printed parts for General Electric (GE) commercial jet engines. GE uses the technology to introduce a number of benefits to its parts manufacturing such as being lighter in weights, simpler design and better performance from the engines.

Another company following the trend is the mighty Ford Motor Company who uses 3D printing to build products and prototypes. But the new technology poses real security threats similar to those in other industries. Because of its digital nature, 3D printing technology is susceptible to theft or sabotage by hackers.

A team of cybersecurity and materials engineers at the New York University (NYU) Tandon School of Engineering has conducted a research into the implication of cybersecurity of 3D printing technology.

Ramesh Karri, a professor of Electrical and Computer Engineering at NYU, who participated in the research, has pointed out that an attacker could hack into a printer that is connected to Internet to introduce internal defects as the component is being printed.

He also added that “new cybersecurity methods and tools are required to protect critical parts from such compromise”. This could result in a “devastating impact” for users and could lead to product recalls and lawsuits.

Finally, the question on everyone’s lips is how is the insurance market responding to 3D Printing?

Until courts address the many liability questions posed by this emerging technology, all of those involved in the process would be best served to seek frequent guidance from legal counsel and their insurance brokers.

Richard Weireter, Senior Treaty Underwriter at Swiss Re, recently commented that like any new technology reshaping our daily lives, the insurance industry adapted to the new ways and created new products to satisfy the market. He said “I expect to see many of those situations to arise with 3D Printing.”

Hanover Insurance Group’s net income down to $2M in Q2

Melanie
-
0
Hanover Insurance Group’s net income down to $2M in Q2

Massachusetts-based Hanover Insurance Group has seen a sharp decline in net income in the second quarter of 2016 owing to catastrophe and large losses, as well as movement in foreign exchange rates faced by its Chaucer division.

Figures from its Q2 2016 report showed that net income slid to $2 million from $120.7 million in the second quarter of 2015.

Despite this, the second quarter remained relatively stable for the insurance company.

Net premiums written hit $1.22 billion in Q2 2016, compared to $1.29 billion in Q2 2015 — a decline attributed to the sale of the Chaucer motor business in the UK.

Meanwhile, US net premiums went up 2.9 percent.

Net investment income stood at $69.1 million for the second quarter of 2016, compared to $70.7 million in the same period last year.

Two of its segments, Commercial Lines and Personal Lines, both saw continuous price increases, the company said.

Hanover’s combined ratio slightly went up from 95.7 percent in Q2 2015 to 97.3 percent in Q2 2016, including 4.5 points of catastrophe losses.

The company also repurchased 230,000 shares of common stock for $19.1 million, at an average price of $83.19 apiece during the quarter.

Joseph M. Zubretsky, president and CEO at The Hanover, commented, “The underlying fundamentals of the business remain very strong despite some specific, but isolated operating challenges in the U.S. and global large loss volatility at Chaucer. More broadly, the Hanover has an innovative underwriting platform, strong distribution plant and top-notch talent domestically and globally, which we will leverage for margin expansion, growth, and superior value creation.

Eugene Bullis, Chief Financial Officer at The Hanover, said, “We achieved operating income of $54 million and operating return on equity of 8%, which was within expectations in light of our active participation in global syndicated risks, and unusual swings in foreign exchange rates this quarter. We remain confident in the strength of our balance sheet and positioning of the investment portfolio. Book value per share grew 2% during the quarter to $70.58, and was down slightly excluding net unrealized gains on investments, as we continued to prudently return capital to shareholders and improve our capital structure.

The Hanover Insurance Group is the holding company for various property and casualty insurance companies, forming one of the biggest insurance businesses in the US.

Operating in four segments—Commercial Lines, Personal Lines, Chaucer and Other, it provides property and casualty products and services and distributes these to a select group of independent agents and brokers. Together with its agents, Hanover provides specialized coverage for small and mid-sized businesses, and insurance protection for homes, automobiles, and other personal items.

The company also underwrites business at Lloyd’s of London in major insurance and reinsurance classes (marine, casualty, property and energy) through its international member company Chaucer, which it acquired in 2011 in an attempt to expand its market presence and achieve greater scale and diversification.

The Other segment comprises Opus Investment Management, Inc, offering investment advisory services.

The Risks from the Internet of Things

Daniel
-
0
The Risks from the Internet of Things

The insurance industry is not ready to deal with the massive risks that the Internet of Things; or IoT is creating. Even though much of the IoT is already around us; few insurers are researching it, or tailoring coverage for the risks it creates.

The concept behind the Internet of Things is a simple one; just connect every electronic device to the web via WiFi or broadband. Yet it is an inherently disruptive development that will create vast risks, many of which are poorly understood.

Some examples of the IoT include:

  • The use of wireless technology to track freight, warehouse and retail inventories, cargo containers, railcars and trucks.
  • The installation of wireless devices in vehicles to track them or monitor driving patterns or mileage.
  • Appliances, air conditioners, furnaces and other devices in the home that can be controlled or monitored over the internet.
  • Automatic ordering of supplies or materials by devices. Amazon is experimenting with wireless devices that allow customers to automatically order new supplies of products like laundry detergent at the touch of a button.
  • Security cameras and sensors that allow for the long distance monitoring of properties, or vehicles.

The IoT is growing faster than you might think, it is expected to connect 200 billion devices by 2020, Insurance Business America reported. Despite that the insurance industry is largely ignoring the risks the IoT is creating.

Most insurers are simply ignoring IoT or resisting it, Brian Murdock; AIG’s managing director for the American states of Georgia, Tennessee and Alabama, said in a July speech. Murdock expects the IoT to completely disrupt the insurance industry – although he gave few specifics.

IoT greatly increases the danger from hacking

The greatest and most obvious risk created by the IoT is from hacking. Security researchers have demonstrated that IoT-connected devices can be easily hacked.

Back in 2013, researchers; from a company named Trustwave, made headlines by hacking into a “smart toilet,” Forbes reported. The same hackers were also able to turn the lights in a house; equipped with a home automation system, on and off via remote control.

It would be possible to disrupt a city’s power grid by hacking air conditioners if they were plugged into the IoT. In February 2016, security experts Vasilios Hioureas of Kaspersky Lab and Thomas Kinsey of Exigent Systems demonstrated that it would be possible to turn air conditioners on and off or raise or lower temperatures in a building via online commands. Such an attack can disrupt the grid by raising electricity usage to levels power plants cannot deal with, Wired reported.

An even greater risk was exposed in July 2015 when two American security researchers shut down a moving vehicle via hacking. Charlie Miller and Chris Valasek were able to take over a Jeep Cherokee; an SUV manufactured by Fiat-Chrysler, by Wi-Fi hacking or “wardriving,” Wired reported.

Once in control the two turned the windshield wipers on and off, changed stations on the radio and turned on the air conditioning, Wired writer Andy Greenberg reported. Most disturbingly, the two were able to shut the vehicle’s engine off; as it was cruising down the road at 70 miles per hour.

The risks are greater than you think

Sabotage is just the beginning of the risks that hacking of the IoT presents to insurers. Other potential dangers include data theft, illegal surveillance, industrial espionage and enabling of other kinds of crimes.

Thieves could hack home or building automation systems; and command them to open doors or turn off security systems for example. Robbers might be able to track shipments equipped with Wi-Fi devices, and plot the best place to intercept them.

Another potential danger is that hackers will use IoT devices to get access to other systems. For example, a crook might hack a bank’s air conditioner in an attempt to gain access to a database containing account numbers.

Liability and the Internet of Things

All of this exposes the greatest dilemma that the IoT poses for insurers: liability. If a self-driving car connected to the IoT gets hacked and crashed who is liable?

Would it be the auto manufacturer, the manufacturer of the WiFi system, the Wi-Fi provider, or the maker of the software that controls the vehicle? All of those companies will need specialized insurance products to protect them from that liability.

Such questions abound in the Internet of Things. An interesting hypothesis is would the manufacturer of a furnace be liable; if it were hacked and used to damage a home? For example if the furnace were turned off on a day when temperatures outside dropped below freezing, causing pipes to freeze and burst. Would homeowner’s insurance cover that situation; or would the manufacturer or programmers of a home automation system?

A problem for commercial insurers is would the manufacturer of a tracking device be liable if a shipment disappeared? Is the creator of such a tracking device taking responsibility for loss prevention?

The IoT obviously poses interesting dilemmas and great risks for insurance but it also creates some intriguing opportunities. These include new kinds of coverage for IoT connected devices; and vast amounts of data that can be used for actuarial purposes, or risk management.

Insurers had better start paying close attention to the IoT, because it is already creating great risks and tremendous opportunities. Understanding the Internet of Things and the risks it creates, has become a necessary part of underwriting and risk management.

AIG sells Mortgage Guaranty Unit to Arch Capital for $3.4 Billion deal

Walid
-
0
AIG sells Mortgage Guaranty Unit to Arch Capital for $3.4 Billion deal

American International Group has announced on August 15 that it would sell its mortgage-guaranty unit to Arch Capital Group Ltd, a Bermuda-based writer of specialty lines of property and casualty insurance and reinsurance, for around $3.4 billion.

AIG Chief Executive Officer Peter Hancock has agreed to the deal in his latest attempt in restructuring his company and free up capital to return to investors.

The deal is estimated at $3.4 billion including $2.2 billion in cash and the rest in Arch securities, New York-based AIG said in a statement. AIG will retain a portion of mortgage-insurance business initiated from 2014 through 2016 through a previously released intra-company risk transfer deal.

AIG, the largest commercial insurer in the United States and Canada, said it would get $2.2 billion in cash, $250 million in Arch Capital’s perpetual preferred stock and $975 million in non-voting common-equivalent preferred stock from the sale of United Guaranty Corp.

The biggest commercial insurer has stated it would acquire $2.2 billion in cash with the rest in Arch securities. The corporation has stated that it would offshoot the mortgage insurance unit, lay off employees as well as selling its broker-dealer network included in its extensive overhaul which assured shareholders in fending off activist investor Carl Icahn who has been urging for the company to divide itself into three smaller companies. AIG reported a higher-than-expected quarterly profit, which was led by firm underwriting and low costs.

Today we have reached an important milestone in a strategy we committed to in March 2015, when I stated in my first shareholder letter as AIG CEO that we would ‘sculpt the future AIG’ into a more focused company and that selective divestitures would be an important part of reaching that goal,” said Peter Hancock.

We restated that objective earlier this year when we made the IPO and eventual sale of UGC a key part of an updated overall strategic framework for AIG.

We believe this transaction maximizes UGC’s value while further streamlining our organization. It puts us in a stronger position to invest in the talent and technology essential to being our clients’ most valued insurer, while we continue to deliver on the promise made by AIG’s Board and management to return $25 billion to our shareholders by the end of 2017. The deal also maintains our affiliation with the mortgage insurance market and its leading company, through retention of recent business written by UGC and our stake in Arch.

Shares of Arch Capital and AIG were unaffected in after-market trading on Monday.

J.P Morgan and Morgan Stanley were bankers for AIG, which got legal advice from Sullivan & Cromwell LLP. Arch used Credit Suisse Group AG and the law firms Cahill Gordon & Reindel LLP and Clyde & Co.

Payment solutions risks – Apple Pay & Co

Daniel
-
0
Payment solutions risks – Apple Pay & Co

The risks from phone-based payment solutions like Apple Pay might be far greater than many insurers assume. Despite media reports about the safety of Apple Pay; which arrived in the UK in June 2016, there are some indications that such apps might be far riskier than is commonly believed.

Most of America’s large retailers are refusing to accept Apple Pay; and a similar product from Alphabet called Android Pay. The reasons for the refusal are obscure but most of the stores involved are equipped to accept such payment.

Nor are large retailers necessarily hostile to the idea of app-based payment, the largest retailer in the United States and the world; Walmart Stores Inc., has rolled out its own payment app. Walmart Pay is now accepted at 4,600 of the company’s stores in America, Market Mad House reported. Despite that Walmart refuses to accept Apple Pay or Android Pay in its stores.

Are there security risks to Apple Pay

Insurers need to monitor this situation because security concerns may have played a role in Walmart’s decision. Walmart Pay employs a totally different technology than Apple Pay and Android Pay.

Apple Pay and Android Pay use Near Field Communication (NFC); in which a wireless signal is used to communicate directly with a retailer’s payment system. Walmart Pay uses Quick Read (QR) Code technology; in which the phone’s camera takes a picture of a bar code, shown on a cash register screen.

Walmart Pay App using Quick Read (QR) Code technology
Walmart Pay App using Quick Read (QR) Code technology

A key difference between Walmart Pay and Apple Pay; is that Walmart Pay then uses the phone to withdraw money directly from a bank or credit card account. The transaction takes place outside Walmart’s system, which might limit liability. Both systems try to protect the transaction by creating a token; or separate encryption, for each payment.

An interesting difference is that Walmart’s solution offers an added layer of security; in the form of the QR code. A new code is generated for each transaction, which theoretically makes it harder to crack.

Nor is Walmart the only entity that is forgoing NFC in favour of QR Code technology. America’s largest bank; JP Morgan Chase, is offering Chase Pay – another QR-Code based solution. Like Walmart, Chase has refused to utilize NFC, which raises serious questions about Apple Pay’s security.

Liability and Payment Solutions

Interestingly risk management and liability seem to be the reasons why there are two different payment app technologies in widespread use. Apple, Alphabet, Chase and Walmart all seem to be motivated by fears of liability in the decisions made about payment applications.

Apple is refusing to share transaction information with retailers; possibly out of the fear that it would be liable if customers suffered losses, if payment data were lost or stolen. That is part of the reason why retailers like Walmart, Amazon and the giant American grocer Kroger have refused to accept Apple Pay; those companies employ a data-driven business model, in which corporate decisions are based on transaction information.

Retailers like Walmart might be afraid they would assume liability for losses if they give a technology company like Apple access to their payment systems. Part of the reason for resistance to NFC is that it connects an outside app directly to a payment system.

Another US retailer; Target, was forced to pay customers $10 million because of hacking in 2015, CNN reported. Target was sued after hackers stole the credit and debit card numbers of 40 million of its customers in December 2013. Target was also forced offer each customer a year of free credit monitoring and identity theft protection because of the breech. Given that history it is easy to see why American retailers are so resistant to new payment technologies.

Payment Applications and Liability

One reason why Walmart is offering its own payment solution is to limit liability by controlling its security. Interestingly, Walmart might be assuming a greater level of liability by taking full control of the payment ecosystem.

In the United States, banks and credit-card companies routinely assume responsibility for 100% of losses caused to customers by theft. Despite that American banks have been far more willing to embrace Apple Pay than retailers.

At last count, 1,433 American financial institutions were supporting Apple Pay. One reason for banks’ willingness to accept Apple Pay is that the United States government insures bank accounts for up to $250,000 (£191,168), through the Federal Deposit Insurance Corporation or FDIC. That means the FDIC is assuming some of the risks, banks are incurring by utilizing Apple Pay.

This raises an interesting question: who would be liable for losses if a payment app were hacked. Would it be banks, the government, retailers or the company offering the payment solution? Such questions will probably have to be resolved by the courts through litigation.

Banks resist Apple Pay in Australia

Nor are such disputes limited to the United States, in Australia four major banks; Westpac, Commonwealth Bank, the National Australian Bank and the Bendigo and Adelaide Bank, asked the nation’s financial services regulator for permission to negotiate collectively with Apple on issues including NFC. The regulator; the Australian Competition and Consumer Commission, has tabled the request so it can study the issue, the Australian Broadcasting Corporation (ABC) reported.

Liability is at the heart of this dispute because the banks want access to Apple’s technology. Apple has refused to give the banks direct access to its closed Apple Pay system because of potential risks to its security.

Providing simple access to the NFC antenna by banking applications would fundamentally diminish the high level of security Apple aims to have on our devices,” Apple’s submission to the Commission reads.

Insurance and Payment Applications

The risks created by payment applications create some interesting opportunities for insurers.

The most obvious of these opportunities is policies that would protect retailers, financial institutions, individuals, government agencies like the FDIC or technology companies from losses created by payment applications. The risks from hacking and the potential liability might make such coverage vital to payment applications in the future.

This gives rise to some interesting disputes including how the insurance would be paid for. The most likely means of covering the cost would be added charges on transactions; although it remains to be seen if customers would accept the extra cost.

Other questions that will need to be answered include the level of risk and the amount of coverage necessary. So far; no payment app has been hacked, but given the amount of cash involved it is only a matter of time before some criminal penetrates Apple Pay or Walmart Pay. When that occurs, risk management and insurance questions will come to the forefront.

The risks and liability created by payment applications are far greater than is widely assumed. That means the opportunities for insurers created by this technology will be great.

Beazley eyeing EU licenses in Dublin after Brexit vote

Melanie
-
0
Beazley eyeing EU licenses in Dublin after Brexit vote

Almost two months following the United Kingdom’s decision to leave the European Union (EU), London-based insurers are weighing in several options that will enable them to continue their businesses throughout the bloc even if they lose their ‘passporting’ rights.

The UK’s insurance industry, together with the banking business, will likely feel the most impact from the Brexit vote as these industries depend on the passporting system, which allow them to operate across the EU.

Insurers are taking into account several alternatives such as creating subsidiaries in other parts of Europe. Many insurers, however, have not yet decided on what is the best place to pick.

As for Beazley Plc., which manages six Lloyd’s syndicates and offers marine, casualty and property insurance and reinsurance, it is eyeing a European insurance license for its Irish reinsurance business.

In an interview with Reuters, Chief Executive Andrew Horton said, “We’re looking at getting the licenses for our EU reinsurance company in Dublin and have an EU insurance company, which will give us some protection for growing in Europe into the future, if there are problems with the Lloyd’s licenses.

Beazley also seeks to lobby with Lloyd’s of London to guarantee that the market retains the insurance licenses, allowing access to the bloc, Horton said.

Industry insiders consider Dublin as the next best option as headquarters for insurers owing to its geographical proximity and similar regulatory system. Ireland is also an English speaking nation.

Dublin is also becoming an insurance centre, with Zurich’s European base located there.

While Beazley had relocated its headquarters from the Irish capital to London this year, it still enjoys solid presence in Dublin with its reinsurance business. Its Irish business is also being expanded to other kinds of insurance.

Lloyd’s, an insurance market that groups over 80 insurance syndicates in the City of London, earlier warned that that the specialist insurance market would lose some appeal to investors outside the UK following Brexit.

Lloyds of London
Lloyd’s of London staff holding their annual Remembrance Day service

Meanwhile, Beazley’s first-half results showed a solid growth in its US speciality lines business covering professional and management liability. The company hopes to achieve similar success in Europe.

Beazley recorded a 2 percent hike in gross written premiums to $1.12 billion owing to solid growth in its US specialty lines business, comprising approximately 85 to 90 percent of its speciality lines business.

It, however, saw a 3 percent decrease in pre-tax profit due to a decline in premium rates in the large risk business that it underwrites in London.

The insurer expected its specialty lines business in the US and UK to compensate for lesser premiums in marine and property accounts during the period.

Gibraltar-based Enterprise Insurance announces insolvency

Melanie
-
0
Gibraltar-based Enterprise Insurance announces insolvency

The Gibraltar Financial Services Commission (GFSC) has recently ordered Enterprise Insurance to discontinue writing new insurance contracts after the insurer declared its insolvency.

GFSC also barred the Gibraltar-based insurer from making any payments unless previously authorised by the commission.

On July 22nd, Enterprise Insurance, which sells motor insurance in several countries including France, Greece, Ireland, Italy, Norway and the UK, notified the financial services industry regulator that it went broke and failed to secure additional funding.

Enterprise Insurance has advised existing policyholders that their cover remains in effect.

The current position does not terminate or cancel the contracts of insurance,” it said on its website.

The terms and conditions of individual customers’ policies will determine if they can get a refund, it added.

The Central Bank has advised policyholders to have alternative motor insurance cover as claims may not be fully covered.

A provisional liquidator has already been appointed to manage Enterprise Insurance.

Mr Frederick David John White will work under GFSC’s supervision and explore options for policies transfer and protection of assets and position of policyholders.

In an August 8 communication, Mr White said that the company will not be able to pay any claims arising under existing policies at this stage.

It also remains uncertain whether the company’s assets will be enough to meet insurance claims in full, he added, advising policyholders to contact their brokers.

Mr White is working with compensation schemes to coordinate with them the processes by which eligible claims may be paid.

He is also making arrangements for claims managers to continue to administer process and agree claims for admission as insurance claims and for submission to compensation schemes as applicable, he said.

In Ireland, where Enterprise Insurance has about 14,000 motor customers, Wexford-based insurance underwriting agency Wrightway Underwriting pledged to give refund of outstanding premiums to affected Enterprise Insurance policyholders.

Wrightway would make ex gratia payments to brokers to pass onto affected policyholders, an amount that is equal to the value of the premiums from now until the end of existing policy contracts.

Meanwhile, the GFSC has warned the public about the website enterpriseinsuranceclaim.com, which alleges to offer claims assistance against the insolvent insurer.

According to the commission, the website contains false and misleading information about the validity of Enterprise Insurance policies and the position of customers while the insurer is in provisional liquidation.

The website, owned by Gibraltar-registered company DFM Services Limited, is not regulated, registered or authorised by the GFSC, it said.

Enterprise Insurance seems to share the same fate with Malta-regulated Setanta Insurance, which collapsed two years ago and left €90 million of outstanding claims. To date, it remains uncertain whether the Motor Insurers Bureau of Ireland, an industry-funded organisation that manages claims against uninsured motorists, will foot this amount.

Members of the bureau believe that the state-run Insurance Compensation Fund, formed to meet claims costs in the event of an insurer’s insolvency, should pick up the tab.

BIBA calls for tax break as car premiums hit 6-year high

Israel
-
0
BIBA calls for tax break as car premiums hit 6-year high

The British Insurance Brokers Association (BIBA) has called for a tax break for telematics-based insurance products after car premiums reached their highest levels in six years.

In the latest Insurance Price Index (IPT) from the BIBA and Acturis that tracks £5billion of actual premiums paid yearly through insurance brokers has highlighted a major rise in the level of premiums charged for private car policies.

According to BIBA’s latest insurance price index, premiums paid for private car insurance was beyond 11% in the second quarter when matched to the same period in 2015.

Motorists are paying 15% more for the same cover with the addition of insurance premium tax which itself skyrocketed to about 66.7%.

BIBA noted that this has been the highest level since the index began monitoring premiums in 2010.

Along with UK’s 3rd largest private car insurer, Ageas, BIBA is now urging the government to provide IPT relief on telematics insurance products to increase the reception among drivers aged 25 and below.

Ageas Insurance Chief Executive Officer, François-Xavier Boisseau said: “We believe that removing IPT on telematics products will increase the take up of these among younger drivers and that the resultant decrease in the number of road accidents would save the economy an estimated £370million over 7 years.

Research has shown that there is a 40% drop in crash risk for new drivers that use a telematics device, said BIBA Executive Director Graeme Trudgill.

Any incentive to use these policies will be a great boon for road safety. Removing IPT would increase this motivation, improve road safety and yet still have a net financial benefit to the economy over time so we will certainly be encouraging Treasury to consider this move”, Graeme Trudgill said.

Theo Duchen, Chief Executive of Acturis commented that continued pressures in the private car market have been causing premiums on an upward trend since 2014 and the surge in IPT highlights the premium hike for all motorists and particularly those already facing high premiums.

Trudgill further stated that the incidence of uninsured driving is also increasing in the younger age group and measures that help make cover more affordable could help reduce this trend. “We see no downside for implementing this tax break”, he concluded.

1...111213...20Page 12 of 20