2FA in the insurance industry

The insurance industry is a data economy. And this data must be secure.  But what does secure mean? The clear answer: secure means something different depending on the context, use and depth of data. 

For example, in the case of gamification apps from health insurers - e.g. for healthy eating, fitness or yoga exercises - simple e-mail registrations are sufficient, since this is more about data acquisition than data protection. The situation is completely different with digital patient files containing health data. Or when accessing sensitive pension and retirement fund data. Or when reporting damage after an accident. In these cases, security really has to be secure. 

But what this brief explanation shows above all The insurance industry is complex, both in terms of IT security and digitisation in general. Therefore, here are some key points that are central to the introduction of 2FA.

Many insurance companies offer a digital ecosystem with different online services. In this context, user-friendly, risk-based step-up authentication makes a lot of sense. Customers benefit from a continuous authentication flow that ensures both optimal security and ease of use. For general non-confidential services, the entry barrier is kept low. Step by step, security can then be increased depending on the risk level, up to strong authentication. 




So how do you migrate and onboard to modern two-factor authentication without creating major challenges for customers, internal IT and helpdesk?

The integrated approach of strong authentication and customer IAM provides the answers. By combining the two solutions, migration processes can be defined that allow a gradual change. This can then be enforced by a deadline or at the next login. Onboarding to the new second factor must be made as simple and intuitive as possible.

For example, an information e-mail with all the instructions for downloading the app for the new authentication and a QR code at the next login, which must then be scanned in the app. And that's it. Sounds quite simple. And it should be. The e-mail or even the information letter can be sent directly from the cIAM. The helpdesk hotline is thus not burdened and the customer will be happy about the simpler option.

For the confirmation of online contracts, changes of address and bank details or damage reports, a transaction approval can also be requested via a modern second factor in combination with a cIAM.

Integrated solutions at cost efficiency

Anyone who wants to adapt legal requirements in an uncomplicated and flexible way, offer their customers clever self-services and a convenient single sign-on, will not be able to avoid a powerful cIAM. The same applies to agile development processes and a fast time-to-market: Here, too, integrated security solutions are the best way to achieve high efficiency in terms of both costs and internal processes.


For insurance companies, the introduction of a modern and integrated 2FA solution is a great opportunity to achieve a high level of customer orientation and to enable simple interactions with customers. In addition to the acquisition of new customers and a modern market presence through this new technology, the internal profitability through higher flexibility and reduced administrative effort is a gained market advantage.

Blognews directly to your inbox

The Airlock Newsletter informs you continuously about new blog articles.

Subscribe blognews

Comments 0

More interesting articles

Security in concrete terms - 2FA in industry

Security in concrete terms - 2FA in industry

Security in concrete terms - 2FA in the banking world

Security in concrete terms - 2FA in the banking world

Still using SMS codes, really?

Still using SMS codes, really?

Information for you

-Our whitepaper-

IT-security solutions

Digitalisation is presenting businesses with new challenges which go far beyond information technology. This primarily relates to an aspect which is becoming increasingly important: IT security.

Read our whitepaper to find out how IT-Security will become the pioneer of degitalization.

Request free of charge

Accelerate digitisation

To stay technically viable in this digital transformation, you must increasingly switch to hybrid cloud environments. This requires new security approaches as well as coordinated identity and access management.

Find out more in our whitepaper in collaboration with Deloitte, eperi and SHE.

Request free of charge

OWASP Top 10 for API Security

OWASP has created a new Top10 list for API Security. The top 10 listed reflect a broad consensus on what the most important API security issues are at the moment.

In our whitepaper you will learn how our Airlock API addresses the OWASP Top 10.

Request free of charge