Print Page   |   Contact Us   |   Report Abuse   |   Sign In   |   Sign Up
Young's Stuff
Blog Home All Blogs

Cyber Security, Direct-Line Changes in the Industry, Optical-Recognition Vehicle Registration

Posted By Thom Young, February 2, 2016

The Evolution of Cyber Security

Logging into a work station hasn’t really changed much in the last 20 years. Some IT managers have tried to improve the locks at the gate but, no matter their efforts, people still seem to find a way to defeat the safeguards put in place. If you’re like me, you likely keep a file somewhere with all the passwords for the various places you need to access on your computer. While the practice isn’t recommended, it’s sort of necessary, isn’t it? My file is four pages long. I have a good memory, but not that good. Most of my passwords also contain minor deviances from each other. The similarity helps me remember them without needing to go look in this file. That practice too is not recommended, but I’ve been using that system to manage my passwords since I studied cryptology as a young soldier nearly 45 years ago. Back then, we learned that any password could be cracked with enough time. The effectiveness of a password then as now is determined by the time necessary to crack it. No matter how complicated a password you use for any application, the improvement in computing power and speed are constantly reducing the time needed to break the code. Recently, I’ve been using a password-management program to remember a number of my logins. This program claims to use an algorithm to store my password, and this filter changes routinely to provide a very secure storage site. I’ll stick with the story I’m telling though: all passwords can be cracked with enough time and effort, no matter how you calculate them.

The amount of effort invested in trying to access a password has to be valuable relative to what you get out of it. I’m quite sure that no one is going to invest much time trying to access my account with the American Philatelic Society, but maybe they’d be willing to put supercomputer power to work on my banking or business logins. I’m flattering myself with my own importance here, but I think you’ll understand my point.

I’ve been following a number of articles on cyber security recently and noted one in Canadian Broker magazine citing the most common passwords in use today. Despite all the warnings, few of us seem to take heed or even care. Here’s the latest list of the top 20 most-used passwords:

Rank
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Password
123456
password
12345678
qwerty
12345
123456789
football
1234
1234567
baseball
welcome
1234567890
abc123
111111
1qaz2wsx
dragon
master
monkey
letmein
login
princess
qwertyuiop
solo
passw0rd
starwars
Change from 2014
Unchanged
Unchanged
Up 1
Up 1
Down 2
Unchanged
Up 3
Down 1
Up 2
Down 2
New
New
Up 1
Up 1
New
Down 7
Up 2
Down 6
Down 6
New
New
New
New
New
New

A programmer friend of mine advises me that he has a simple little application on a thumb drive that will try all of these (and some not listed) on any login in less than 10 seconds. Apparently, you can download this app off the internet. If you’re using these passwords for any application login, I think you should immediately consider changing them to something more secure.

A strong password needs to be at least eight characters long and should contain both upper and lowercase letters, at least one number, and at least one non-numeric or alphabetical character. It should be a random group and not contain a complete name in letters. The longer the password following the same principles, the more secure it is. As I stated at the outset of this discussion, all passwords are breakable, but the stronger it is, the longer it takes to break it and, therefore, the better protected the data past the password becomes. Microsoft has some good advice on this subject.

Recently, much talk has circulated on the future use of biometrics as the new standard for a secure login. Essentially, some indicator unique to you, such as your fingerprints, retinal scans, heartbeat, palm print, voice analysis, or facial features, can’t be easily duplicated by a computer hacker or thief. This biometric identifier can be read by your computer, often without the need to install a special piece of hardware. Almost all laptops and notepads now come with a built-in camera. All that is needed is the correct facial-recognition software to provide only you with access without having to input anything on the keyboard. Likewise, audio filters and touch pads determine fingerprints and such.

Facial-recognition software is advancing at such a tremendous pace that retail establishments commonly use it to track customers in their stores. A computer program tags their images with data on when they come, what they purchase, and what their preferences are. The information is available for analysis and target marketing later.  I’ve seen this kind of software demonstrated in conjunction with an office data-management system similar to that used by many brokers in their offices now. When clients walk in the door, the program notifies reception with their names and CSR. Depending on the program’s configuration, the CSR can be automatically advised that the clients are in the waiting area, and either a computerized reception station informs the clients that the CSR will be out to meet them momentarily or the receptionist is prompted to say the same thing. All this information is integrated on the CRS’s workstation or tablet with the production records in the clients’ records and files. This is quite an efficient process compared to that just a few years ago. A number of American banks are also using this technology to increase safety and security for their customers and the business.

I wonder what new developments we’ll see in the future. I also wonder what inroads will be made into personal privacy when customers’ movements are tracked by facial-recognition software and the retailers share the information among themselves. Will we walk into the grocery store to find a basket already containing all our usual items and a few special ones being promoted by the store? I don’t know how I’d feel about that marketing. I also don’t know if a negative view would make any difference because the change seems to be inevitable.


Direct-Line Changes in the Industry

Last week, we were all a little surprised to learn that the Royal Bank of Canada decided that its general-insurance returns weren’t adequate to its needs and reached an agreement with Aviva Insurance for RBC’s P&C purchase. This acquisition initially sounded to me like a good deal for our industry—another major bank admitted it had been unable to compete on a level playing field and was vacating the business. In fact, the reality seems to be that Aviva has purchased RBC General Insurance Company’s general-insurance book of business and appointed the company to represent its products in the same manner as any other broker. While I’m now not so sure anymore that this transaction is a win for our business, I am sure that it’s not a loss.

We compete in a competitive marketplace. As brokers, we have better choices for our customers than most of our competitors. Direct writers, whether they be offshoots of company players on the broker side of the game or agents for a stand-alone business, cannot effectively compete with the brokerage channel on price or product. This difference has always been the case and continues to be the reality of the insurance marketplace in North America. Aviva partnering with RBC Insurance isn’t going to change that reality. Neither will Intact expanding its direct channels in the marketplace nor, as I read today, Economical introducing a direct channel, affect that difference. These efforts by any insurers are doomed to lack-luster returns and short-lived efforts just so long as we as brokers get out there and compete for our market share. We excel at giving the best service to our customers and finding the best insurance solutions for them in price and product, so we don’t need to fear anyone in our market. Time will tell if this new venture between Aviva and RBC will be a success.  However, as brokers, we should all continue with excellent customer service so that we continue to beat RBC in competition.

Manitoba Gets Rid of License-Plate Stickers

When talking about technological advances, the simple process of eliminating license-plate stickers for registration renewal, as Manitoba has done, doesn’t at first seem like much of a big deal. So what if, in Alberta, it would eliminate the annual ritual of obtaining a new expiration sticker and putting it on your license? However, the reason these stickers have become redundant is just a small sample of how the technical advancements of optical recognition have progressed. The dash camera that is becoming standard on all police cars is connected to the provincial database through the computer in the police car and can read any license plate from quite extraordinary distances and instantly determine the registration status. The sticker, on the other hand, relies on the human eye’s limited vision and can determine only its validity. Wired cars are the new norm. Soon the digital repository of information relative to the owner and operators of the car will become part of the digital record available to law enforcement. Tracking stolen vehicles and citing drivers for infractions will become an automated process. Photo-radar tickets will contain the identity of the drivers, an automatic adjustment to their driving records, and a link to the insurer’s databases. Immediate adjustments in premium can be determined and the real function of UBI will come into play. Customers will be charged for the true underwriting risk immediately. Talk about an incentive to change behaviour! The duties of traffic police will be not much different than those of the parking authority—digitally recording infractions and violators. The world is going to continue to change.

In Closing

I’m hoping the take up of people following my column continues to increase. The new format allows IBAA members to make comments directly on the blog and share thoughts not only with me but also with other readers. If you prefer, you can email me instead with any comments you’d like to make. Just remember to subscribe to the blog (under Your Network in www.ibaa.ca) so you receive notice of its publication. Looking forward to hearing from you!

The opinions expressed in this blog are not necessarily those of IBAA.
Comment on this post below or email Thom Young privately. Thom also encourages suggestions for topics.

 

Tags:  Aviva  banks  biometrics  broker channel  cyber security  direct writer channel  IT  license plate  optical recognition  passwords  RBC  telematics  UBI  vehicle registration  Young's Stuff subscription 

Share |
PermalinkComments (0)
 

Will RBC Leave P&C Insurance or Just Whine about Fair Marketplace Competition? Does Digital Imaging Impact Privacy?

Posted By Thom Young, March 23, 2015

RBC Leaving P&C Insurance?


I suppose it is a good day for the insurance industry when we hear a bank executive whining about how difficult it is to compete in the Canadian insurance marketplace. Of course the banks are not really complaining about the competitive nature of the insurance industry but are whining about the rules and regulations that limit their abilities to cross-sell the insurance product to their clients and use their incredibly extensive distribution system to promote their insurance products.

In a recent interview, David McKay (CEO of the Royal Bank of Canada) is quoted as lamenting the returns on the bank’s Property and Casualty insurance sales, citing the regulatory environment as a troubling factor that does not allow banks to sell their services out of their branches. It is a familiar spin on the issue—somehow the banks’ inability to do good things for their customers is a disservice to the buying public. A cynical person might observe that the public commentary by one of Canada’s senior bankers is simply a positioning play in the ongoing lobbying efforts by the banking industry to change the rules that make them play fair in the marketplace.

Mr. McKay has an unusual background in the senior ranks of Canadian schedule-A bank executives. He’s the only one who has come to his position of authority from a background in personal banking services. Most rise through the ranks on the commercial side of things and read reports about such things as insurance products. This fellow has an intimate knowledge on how the competitive process works and certainly a really good handle on how to maximize the economies of scale in their distribution system. Being forced to separate the marketing and service aspects of the insurance line from their multi-line product marketing approach is clearly a problem for them. He expresses the possibility that the bank may cut and run from the P&C market but stay well entrenched in the Life side of things—such as creditor life coverage and health-coverage extensions in their credit card product.

Most of their Life products are sold from their branches and by bank officers because “creditor life” products are exempt from the restrictions against marketing alongside other bank services, and the bank officers who are “selling” these products do not require a license. These exemptions get the bank into an inter-jurisdictional role on regulations. You see, people in a position of influence on the outcome of an insurance sale aren’t allowed to have a Provincial insurance license because the regulations believe that their authority over the individual buying insurance is considered to be prejudicial to the transaction. Bank officers fall into this category and for good reason. If you’ve acquired a mortgage or loan directly through a bank, you’ll come to understand the why of this when the mortgage insurance is offered in the transaction. To avoid purchasing the insurance, a serious discussion ensues with the mortgage officer, and signatures are required on several waivers before proceeding with the mortgage. Further, if the bank insists on the life insurance as a security covenant for the loan, you are at risk of not getting the financing you are requesting. The inference that the bank officer wants you to purchase the bank’s mortgage insurance product and the pressure to purchase this insurance from the bank is, in my view, unfair. Still, it happens every day and perhaps is why this product is so profitable to the banks.

The banks have disrupted our marketplace over the years. CIBC and the Bank of Nova Scotia both “cut and run” from the direct sales of P&C insurance after poor returns. Their impact on the Canadian marketplace could not have been measured as a positive one from the consumer’s point of view, but CSRs may have enjoyed the increase in baseline salaries that came about by this new competitor for market share. Certainly, as a brokerage owner, competing for staff at these higher salaries wasn’t in the budgets initially, and disruption of the industry was clearly evident for us. The banking industry is functionally driven by results. There’s no patience for under-performance, and success is measured by the target of a business plan that is measured every quarter. It always gave me comfort as an ex-banker to know that every three months someone was answering questions at a board meeting about the returns on funds employed in the Property and Casualty business. The excuse that the regulations are hampering the business plans would begin to wear thin very quickly. Competitive pressure mounted at those board meetings as some banks were able to make the program work. If in fact the Royal Bank is considering leaving the marketplace for P&C insurance, we shouldn’t see this move entirely as a win for our industry. Our point should continue to be that the Canadian public continue to be served by a very competitive insurance marketplace where the industry companies compete fairly with each other to the benefit of the consumer. The regulations for fair competition in this industry seem to be working to ensure that in the end the consumer remains the winner. The withdrawal of one competitor for whatever reason will not have any adverse effects on the consumer or provide a windfall for any insurer. With or without the Royal Bank of Canada, the marketplace for the distribution of P&C products remains healthy in Canada!

The only advice I might give to Mr. McKay is to take care the door doesn’t catch him on the backside on his way out!

So What Is a Reasonable Expectation of Privacy?

I had a commercial client who many years ago developed a service that kept track of rolling stock for municipalities. The service used geographic positioning satellites (GPS) data to track the location of equipment. The technology seems pretty routine these days with all the standard GPS stuff built into cell phones, computers, and almost all new-model automobiles and trucks, but back then it was a new world of information processing. Analyzing the data produced improved many efficiencies and security for the municipal authorities using the service. However, the benefits of this service were not well received by many of the employees who were soon to discover their whereabouts were no longer in any doubt. I remember several grievances were filed against one city by employees who held onto the belief that their privacy was being violated by this kind of scrutiny after several of them had been caught in some compromising lies about their locations. In the end, it was determined that their privacy was not violated since they were using their employee vehicles. Still, the spectre of big brother played out in the media and in the coffee rooms.

security cameraThe debate about privacy continues to take on new dimensions with the development of modern surveillance equipment and the ability of data mining software to analyze the data gathered. Without getting too deep on the technical side of things, most of us should readily perceive that much of what we do these days is digitally recorded by cameras in the community. Walking into a shopping mall creates a digital image of every individual and, with computer software, an operator can track your movements through the mall, the time you entered and left, and even the stores you visited. Do they have the right to do this? No laws prohibit the gathering of information in such a manner. As long as the information is not used to violate your legal right to privacy, your public activities are free for the review of anyone interested in gathering the data. Sounds kind of creepy, doesn’t it?

I was reading an interesting article about parking lot surveillance of automobiles. The idea of a parking lot attendant holding you up as you enter or leave a parking lot is long disappearing. Digital imaging software paired up with camera surveillance systems is now able to record your vehicle license information on entering the lot and match it to you in the exit queue, producing an invoice at the exit gate. Tap your credit card and away you go—a simple and easy process—but what happens to the data being collected to complete this transaction after you are done? Apparently, the vehicle data created by this software system is being pooled and made accessible for a fee to law enforcement and private contractors. The mining of this data is having great positive results in the recovery of stolen vehicles and finding fugitives hiding from the law. The private contractors who are looking for vehicles as security for loans in default and bailiff defaults are able to track the location of the vehicle and its occupant. Often, they are able to find this data before the vehicle leaves the parking lot it entered. A digital record of the vehicle license plate, driver, and the vehicle itself can all be made available for a fee. Apparently, you can run, but you really can’t hide anymore.

I have been polling friends on this topic, and the opinions I have received range from “If you got nothing to hide, then why would you care?” to “No one has any right to follow me around and no business sharing this information about me without my permission!” Watch for that sign at the parking lot entrance that disclaims responsibility for anything and advises you park at your own risk to expand to include a notice and disclaimer about surveillance. You have been warned.

In Closing

I am travelling again and find myself trying to get this project completed in between jaunts to exotic places. It’s always nice to find time to spend with the family or, as it goes now, for them to find time to spend with us! I received a number of notes on the last issue. A nice one was from someone who sends this on to her 80-year-old mother who looks forward to it. I am happy to see my work enjoyed.


The opinions expressed in this blog are not necessarily those of IBAA.

Comment on this post below or email Thom Young privately. Thom also encourages suggestions for topics.

Tags:  banks  competition  privacy  retail insurance  video surveillance 

Share |
PermalinkComments (0)
 
more IBAA Courses and Events

2017-11-27 » 2017-12-08
Licensing Level 1 Live Online - Evenings

2017-11-27
Let's Talk- Call for Action: Alberta Auto Insurance

Featured Vendors

Membership Software Powered by YourMembership  ::  Legal