Right along with banks, insurance companies seem to be doing everything they can to get in stride with the retail mentality of keeping their offerings high tech and hip for the customers. Insurers have developed an eye-popping array of mobile apps that do everything from making an insurance claim to cataloguing the contents of your home to planning your motorcycle joyride to giving virtual tours of the insurance company's art collection. Warm and fuzzy as this all may sound, these apps expose both the companies and their customers to a very real threat of fraud, security breaches and other acts of internet piracy.
Mobile apps represent the shakiest area of online security – somewhat ironic, since so much of what insurance companies are trying to do is protect and secure people's property, safety and health. But as insurers compete with each other to sell more products, shaking the trees to develop and expand the client base has led to the development of many mobile apps, including aggregator sites that compare different companies' offerings and rates, as well as sites that push traffic to a particular insurance company.
[More on mobile: Platform wars just beginning, says Allstate exec]
There's a multitude of ways in which scammers can get in on the mobile action. Mobile apps provide a more casual computing environment – and because smartphones and tablets are often used outside the office or home, there's more laxness about taking normal online security precautions. Scammers know that the average mobile consumer is less likely to look into an app's safety measures before downloading and using it than they would on a laptop or desktop computer. To fraudsters, this creates a golden opportunity to either siphon personal information or push the customer to a fraudulent website, where they might even accept payments. So as soon as a potential customer enters some personal information, she exposes herself to identity theft and other forms of fraud, including misused banking information, counterfeit products and services, and so on.
Let's take a specific example as it relates to insurance apps. Suppose a potential customer downloads an insurance company aggregator app onto her phone. Many insurance companies have gone through the process of putting their product and brand up on the site for comparison. When the customer decides which product to look at, the tainted app can push her to look at fraudulent content on the internet – a site that looks like the destination brand, but isn't – and asks the customer to enter all her information. The hook these cybercriminals are using is the consumer's desire to get the best deal – in this case, cheap home or auto insurance. From here, a scammer can harvest credit card information or personal details without even having to access online bank accounts.
[More on security: Heartbleed's effects to be felt for a long time]
Which leads us to the insurance companies themselves, and how they're at risk. The above scenario is potentially disastrous to an insurer's brand and reputation. Many of these companies have spent decades building a name and a face with their customers. This branding is intellectual property, of course, and needs to be protected in order for the company's hard-earned reputation to remain sterling. One act of brand infringement could turn a market tide against a company. Now consider that 350,000 malicious Android app samples were detected in 2012 – up from just 1,000 in 2011. When trademark or copyright infringement scammers succeed in tricking downloaders into believing that they've been using legitimate apps, they can go on to access the potential customer's mobile device through malware for other functions. So not only has the company lost its brand integrity, but the consumer continues to be plagued by online scams and other side effects of trademark infringement.
It's important for insurance companies to keep up with the times – and times are definitely pointing toward more and more mobile app usage. It's estimated that in 2009, less than one percent of all internet traffic originated from mobile apps; by 2017 it will have far outstripped all other means of accessing the internet. With this tide of change, however, comes an ever greater threat of online piracy and brand adulteration. Insurers need to take out insurance on their own online security – in the form of cultivating awareness and staying vigilant to the countless app-based scams out there that could be undermining their brand. Ultimately mobile apps should expand insurance companies' business and reputations, not be the Achilles heel that brings down the whole heroic enterprise.
About the Author: Haydn Simpson is product director of brand protection at NetNames, a firm specializing in global online security, brand protection and anti-piracy services. He can be reached at [email protected]