About LOMAOnline LearningLOMA International

Customer Assistance
Downloads
Education/Training
LOMA Societies
Life Insurers Council
LOMANET - Online Enrollment, Testing, and More
 Membership
 Committees
Meetings/Events
News Center
Products/Services
Publications
 Research Reports
Resource Magazine
LOMA Technology Directory
The LOMA Store
Search SiteSite Map


E-MAIL 
This page to a friend
Enter recipient's e-mail:

From Resource, March 2007
Copyright by LOMA

Living in Cyber Fear?

Cyber threats continue to increase, and the consequences of a data breach are severe.  Find out what you can do to keep your company’s critical data safe.  

By Tammy McInturff  

Bird flu, natural disasters, terrorism—there are a number of concerns on our plate today that could disrupt business practices, but one more than any other seems to keep insurance executives up at night—security. And with good reason—cyber attacks are on the rise and information thieves are becoming savvier than ever at stealing critical data.

Internet and network security is no longer simply about keeping hackers out or updating virus software. Organizations deal with sabotage attempts, worms, malicious code, spyware, and denials of service on a daily basis, and these threats are becoming more sophisticated. The convergence of the Internet and corporate network technology has created interdependence within internal business processes and customer-facing applications. Corporate security policies influence the operations of the entire enterprise and must integrate management of the risk.

As new threats are introduced, companies must evolve to keep pace with the ever-increasing risks. The number of ways that data breaches can occur continues to grow from lost, stolen or misplaced laptops to hackers; keeping your company’s critical information safe is a challenge. Data manipulation, malware (malicious software), spyware, and phishing are just some of the threats insurance companies have to protect their data against. Here is an overview of security threats, followed by some examples of LOMA committee discussions on how to handle them.  

Data Security and Regulations

 Since January 2006, at least seven insurers have announced the loss, theft, or exposure of confidential customer data, totaling more than 1 million personal records. It is no secret that data breaches can result in severe consequences. Security breaches can ruin a company’s reputation and its bottomline. Data breaches not only damage existing customer confidence but also result in lost business from new customers who choose to do business with another carrier. 

Would new regulations help? Some think so. On December 14, 2006 the Cyber Security Industry Alliance (CSIA), an advocacy group dedicated to ensuring the privacy, reliability and integrity of information systems through public policy, technology, education and awareness, called on Congress to make it a top priority to enact a comprehensive law to secure sensitive personal information regardless of where it is held, be it within government or the private sector. CSIA noted that as of December 14, 2006, 100 million Americans—more than one-third of the population of the United States —have had their personal information compromised, according to the Privacy Rights Clearinghouse. What are some of these threats?  

Spyware

Spyware continues to be a threat. Spyware, malicious software that is installed on a computer without the users consent, can be obtained from clicking on pop-up windows or from downloading free software from unknown Web sites. Spyware may even piggyback on legitimate software.

Another threat that is similar to spyware is adware, a type of Advertising Display Software. It displays advertisements and may track the user’s activity.

CSIA’s Web site states that, “There are serious security implications of spyware, or spyware masquerading as adware. Unknowingly, these programs can disable security software and leave users exposed to hackers, viruses and worms. Ramifications of spyware include identity theft, adware, hijacking and many others. In many cases, adware programs download and install a host of other adware and spyware programs without the users’ consent or knowledge, which leaves computers open to attack.”

Having a firewall and anti-spyware software that is regularly updated is a must in protecting an organization against spyware, in addition to properly training employees. Laptops used in the field may have the biggest risk for spyware since they may not be monitored as closely as a desktop PC in the home office, say security experts. Companies need to be diligent about regularly updating field laptops.

 Botnets

Botnets, collections of software robots that run autonomously, have recently caused a large amount of annoying junk e-mail.  However, the real concern for security experts is not the volume of e-mails, but their increasing level of sophistication.

Botnets have become a significant part of the Internet. According to a 2006 Annual Report by MessageLabs, a provider of messaging security and management services, “Around 80 percent of all spam in circulation is known to be distributed from botnets, expressly created for this purpose by specially crafted strains of viruses—the first well-known example being Sobig in 2003. Since then, almost all of the major virus outbreaks have been for the purpose of creating a botnet that will subsequently be used to send out spam. During 2006 it was becoming clear that a new element had combined with this ecosystem to enable the attacks to become more selective and targeted: spyware. The distribution of spyware and adware is reportedly a multi-billion dollar industry, fuelling a boom in the number of botnets that are now being created.”

Botnets can also cause a Distributed Denial of Service (DDoS) attack. According to the McAffee white paper, “Killing Botnets” by Ken Baylor, Ph.D CISSP CISM and Chris Brown, CISSP CISM, “The major problem with botnets occurs when they are used for attack purposes. A botnet of one million bots, with a conservative 128 Kbps broadband upload speed per infected bot, can wield a powerful 128 gigabits of traffic. This is enough to take most of the FORTUNE 500 companies (and several countries) offline using DDoS attacks. If several large botnets are allowed to join together, they could threaten the national infrastructure of most countries.”  

Phishing

Phishing attacks are on the rise, and some experts are warning that in 2007 these attacks will become even more sophisticated. Phishing is a technique that criminals use to trick customers or employees into providing personal information. Phishers send out spoofed e-mails or Web pages requesting social security numbers or credit card information that can be used for identity theft purposes. Although it may sound like common sense not to provide personal information to someone requesting it through an e-mail, these criminals make the Web sites and e-mails look reputable by imitating banks, or other companies that the individual may have an account with. They often use the companies’ real logo and other information to make the e-mail or Web site look trustworthy.

Phishing continued to be a major threat in 2006 according to statistics kept by MessageLabs. According to MessageLabs’ 2006 Annual Report, one in every 274.2 e-mails contained some type of phishing attack. The report stated that, “phishing also accounted for 24.8 percent of malicious e-mail traffic intercepted in 2006; rising from 10.6 percent in January to 68.6 percent towards the end of the year. When compared with the annual average in 2005 of 13.1 percent, the 2006 figure highlights a marked shift in cyber criminal activity towards phishing during the last 12 months.”

MessageLabs’ 2006 Annual Report also found that phishing will be a growing concern in 2007. The report stated that, “Phishing continues to become much more targeted as the criminals are able to harvest personal data through spyware and botnet technology, ensuring a greater degree of accuracy with their targeting. It is inevitable that phishing activity will eventually reach a plateau, however the impact upon the financial industry will continue, and it is expected that we will see more sophisticated attacks against two-factor authentication in 2007.”

The losses related to phishing attacks are also on the rise. According to a survey by Gartner, Inc. financial losses related to phishing attacks rose to more than $2.8 billion in 2006. Gartner’s survey found that although fewer people lost money to phishers, those who did lost more. In fact that survey found that the average loss per victim almost quintupled between 2005 and 2006, with the average loss per victim growing from $257 in 2004 to $1,244 in 2006.

Even the newest anti-phishing software and services are not completely effective because they can’t keep up with new threats. In a Gartner press release, Avivah Litan, vice president and distinguished analyst at Gartner states that, “The anti-phishing measures some enterprises have put in place to protect their brand and their consumers are not working. Phishers are moving from site to site to launch their attacks more quickly than ever. The average life of phishing sites has gone from one week a couple years ago to about one hour in 2006. Within a year or so, phishing sites may be user specific—that is a single site will be set up to launch a phishing attack against a single user. It’s no wonder the detection services can’t keep up with these rapid criminal movements.”

Unfortunately having anti-phishing services may not keep your company safe. Even the newest anti-phishing software and services are not completely effective because they can’t keep up with new threats, analysts say.  

Data Manipulation

Of course not all security threats come from outside of the company. Today so much of a company’s vital business data is stored and managed electronically. Although, this is efficient and cost-effective, it also can make a company more vulnerable since electronic information can be easily deleted or altered.

CSIA’s Web site discusses how data manipulation can be prevented. “Eliminating the risk that critical business records can be deleted, altered or manipulated in any way is best accomplished through a combination of sound business practices and supporting data-level technology. For instance, a solid first line of defense is to ensure that only authorized individuals have access to critical business records.”

CSIA’s Web site states that, “In addition to strong corporate policies governing the access and usage of stored digital information, there are a number of data-level integrity solutions available to organizations today. The most effective of these solutions provide objective, non-collusive proof of business record integrity that is independent of an organization’s people, processes and technology, as well as a method to validate record integrity over the long-term, regardless of changes in an organization’s technology infrastructure. Trusted time stamping, the ability to establish when a document was created and that it was never altered, is a good example of a solution that meets these criteria.”

Mobile Technology

The use of handheld and mobile devices in the insurance industry is increasing. As the insurance industry continues to rely more on mobile technology, the threat of lost or stolen data has grown. Stolen laptops are the biggest contributor to stolen information.

Mobile devices such as PDAs can also raise another challenge. Since the company does not have physical control over the device, as with desktop PCs, it can make it difficult to update configurations and software. It can also be hard to keep track of programs downloaded onto the mobile device. And since the device is not always in the office or connected to the network, employees may be more prone to download unapproved software, which could contain viruses or spyware.

One of the biggest security challenges is finding a way to secure mobile devices. With mobile devices there are several factors that you have to consider. Technology is not the only factor; you also have to consider your employees and your business. Many security breaches have little or nothing to do with technology glitches but rather careless employees who leave their laptops in unlocked cars or fail to follow the proper procedures to secure data on their laptops. Often times employees are not trained in data protection and do not understand the security implications of the technology they use everyday.

There are solutions available that may help, such as laptop tracking software and “kill” solutions that self-destruct data on a device that has been compromised, but security experts say currently not enough companies are using these solutions.  

Cost and Consequences

To say that data breaches are expensive is an understatement. Not only do companies have to notify their customers, which is costly, they must also provide additional services for the customer if they want to restore their reputation. Some organizations that have had data stolen have set up customer hotlines and offered free credit monitoring for a limited amount of time. Security breaches can also put a serious damper on new business. Also in some cases customers sue the company.

A survey released by global law firm White & Case, in September 2005 showed how data security breaches impact a company’s bottomline. According to the release, victims of personal data security breaches showed their displeasure by terminating relationships with companies that maintained their data. The independent survey of nearly 10,000 adults, conducted by the privacy research organization Ponemon Institute, revealed that nearly 20 percent of respondents said they terminated a relationship with a company after being notified of a security breach.

“Companies lose customers when a breach occurs. Of the people we surveyed who received notifications, 19 percent said that they have ended their relationship with the company after they learned their personal information had been compromised due to a security breach. A whopping 40 percent say that they are thinking about terminating their relationship,” said Larry Ponemon, founder and head of the Ponemon Institute.

The survey also revealed that five percent of Americans hired lawyers upon learning that their personal information may have been compromised. “Five percent may not seem like much, until you realize that anywhere between 23 million and 50 million Americans have received notification of a data security breach. That means that over one million people out there are likely seeking legal counsel,” said David Bender, co-head of White & Case’s privacy practice.

According to the survey, one of the top frustrations that consumers experience is that the company hasn’t clearly and effectively communicated just exactly what effect the security breach will have on their personal information. “Does a breach mean that an unauthorized person is using a consumer’s credit card to rack up purchases, or is assuming that consumer’s identity? Or simply that hackers broke into a company’s security system just for kicks and nothing untoward has happened? Either way, the survey reveals that companies need to be straight forward about what they know, as those companies who fail to communicate information in a clear, consistent and timely fashion are four times more likely to experience customer churn,” said Ponemon. “And those businesses that deploy canned e-mails or form letters to communicate a data breach to victims are more than three times as likely to lose customers than those that contact victims by telephone or personalized letters or a combination of both.”

The survey found that companies that handled the breach correctly lost the fewest customers.

Data breaches cost organizations and their customers’ time and money. According the 2006 Identity Fraud Survey Report released by the Council of Better Business Bureaus and Javelin Strategy & Research, the average out-of-pocket cost for identity fraud victims is $422

(7 percent of the average fraud amount of $6,383) and an average resolution time of 40 hours.

A 2006 Ponemon Institute benchmark study “2006 Annual Survey: Cost of a Data Breach” sponsored by Vontu, Inc. and PGP Corporate, examined the costs incurred by 31 companies after experiencing a data breach. Breaches included in the survey ranged from 2,500 records to 263,000 records from 15 different industry sectors. The study found that total costs averaged $182 per lost customer record, an increase of 30 percent over the study’s 2005 results. The average total cost per reporting company was $4.8 million per breach and ranged from $226,000 to $22 million. The total cost included direct incremental costs, which averaged $54 per lost record; lost productivity costs, which averaged $30 per lost record and customer opportunity costs, which averaged $98 per lost record. The average total cost per reporting company was a whopping $4.8 million per breach and ranged from $226,000 to $22 million.

 LOMA Research

Some of LOMA’s technology-oriented industry committees and councils have conducted informal polls regarding security policies. According to the results from one such survey, many of the companies polled were actually in the beginning stages of laptop encryption as of May 2006. Some companies polled said they had rolled out a laptop encryption solution with little impact to the field.

The survey listed several vendors that companies were either using or considering, these included—Credant, Utimaco, Safeboot, and Guardianedge.

Some of the items one company focused on when looking at solutions included (but were certainly not limited to):  

FIPS 140-1 and 140-2 certification  

Centrally managed console that can receive and push policy updates anytime the laptop is connected to the Internet  

Ability to delete data or change the encryption password when a theft or loss is reported  

Solution that would not interfere with the master boot record and cause increased likelihood of corruption  

Quick recovery of data in the event of a hard drive failure or data corruption  

Additional layer of Internet-based protection  

Minimal impact to the support center for password resets

 

Security Program Outline

Most insurance companies are working hard to keep their critical information safe. A number of these companies are involved in some of LOMA’s many committees where they network with peers from other insurance companies to compare strategies and share ideas. One LOMA member company, referred to here as “Company A” for confidentiality reasons, outlined its security program at a recent LOMA Committee meeting.

Company A said that security really started to become part of the company’s culture in 2002, when it formed its first set of security policies. That same year, the company hired a Corporate Chief Security Officer and formed an Information Security Office. Company A also required each operating division to appoint a divisional information security officer.  

Company A’s Security Program Outline:  

Enterprise-wide security steering committee determines security initiatives for a given year

   —use risk assessments against security policies

   —use data gathered from security pen testing  

Divisions are required to implement security initiatives

   —report status to ISO and Board of Directors

 Ongoing themes of program:

   —protect customer confidential information

   —protect the company network  

Since Company A’s security program began it has completed a number of projects including:  

creating through account monitoring processes  

enforcing complex passwords  

enforcing password changes at regular intervals  

securing all Internet facing applications using a third-party to validate  

securing company owned mobile devices by encrypting data on hard drive  

locking down USB ports on all desktops  

removing older systems that could not be patched for vulnerabilities  

training all developers on security best practices with emphasis on Web applications  

Company A is currently in the process of redefining its security program to be based on the internationally recognized standard ISO 17799.

Another LOMA company, “Company B,” also shared a general outline of its security program at a recent LOMA committee meeting. Company B’s security policies include:  

security for business information  

information security control standards  

security engineering specifications  

virus protection  

information protection standards  

information classification FAQs  

social security number guidance  

classification of electronic data  

Company B has a  number of mitigants in place to protect both customer and employee information:  

IVR and Web site

   —secured using accepted and approved HTTTS technology

 Direct contact through call center:

   —authentication

   —information/transactions available via workstation limited based job role

   —100 percent call recording

 Laptops

   —cable lockdown required

   —encrypted and protected with hard drive password

 Desktops

   —USB and disk drives disabled

   —regular password changes required

 If a security breach occurs at Company B, the breach must be reported to the information security office and the privacy office within 24 hours, at that time action plans are developed based upon the breach and its impact and decisions are based upon regulatory and reputation requirements.

Company B’s security program also contains a section dedicated to employee training and education. New hires are required to take Web based training for both information security and privacy. The information security policy is required to be reviewed and signed by all new employees. Periodic reminders are sent to all associates regarding security and privacy topics and periodic training is required as a refresher for all associates.

Company B’s security program also requires yearly privacy attestation and risk assessment for all business functions. Also new vendors or consultants are required to be reviewed through a Due Diligence process.  

New Regulations?

Would new regulations help? CSIA argues that there is a need for a comprehensive national law to prevent further data breaches and address leaks once they occur. CSIA’s Web site states that the law should “require reasonable security measures, encourage best practices such as encryption, create a consistent and recognizable notification standard, and include effective enforcement capabilities.”

CSIA believes that establishing a uniform national law will not be burdensome for businesses but rather will simplify compliance. CSIA says the law would “create uniform definitions for personal information as well as a standard for the form and content of notification measures.

CSIA believes that “preventing breaches will turn out to be less expensive than repeatedly cleaning up after them. From reports we have seen, the cost of reacting to a breach far outweighs the cost of protecting against such a breach in the first place. For instance, encrypting data so that it cannot be easily read if it falls into the wrong hands is one effective method of prevention. Encryption scrambles data in a way that makes it unreadable except by individuals with proper keys and credentials, and thus useless to thieves and unauthorized individuals.”  

R ecommendations

When you look at the statistics the cost of securing your network against a data breach is minimal compared to the cost incurred when a data breach occurs. CSIA lists the following recommendations on its Web site www.csialliance.org:

 

Deploy strong authentication and authorization controls. These technologies answer the basic questions: “who are you” and “what can you do?” Appropriate authentication and access controls protect against not only unauthorized access, but also reduce the risk of systems being infected by malicious software (malware) spread via Trojans and worms.

 

Encrypt data and communications when appropriate. Data residing on hard drives, hand-held computers, or other storage devices must be protected by strong cryptographic technologies. Likewise, health care data in transit must be protected from unauthorized interception or eavesdropping. The challenge will be providing strong cryptographic technologies end-to-end, where end points will range from patient’s homes to large hospitals, and often may terminate in a mobile device such as a personal digital assistant (PDA) or Internet-enabled cellular telephone.

 

Properly dispose retired equipment and data. As data is modified, updated, or corrected, old data must be purged in a manner that prevents unauthorized users to access or recover the information. This includes proper disposal and destruction of mass storage devices, physical outputs of printers or other peripheral devices, and other locations where old information might be recovered by unauthorized users.

 

Validate data. Web-based user interfaces should be used to support a modern health care information infrastructure, but they are vulnerable, potentially enabling an attacker to change or manipulate data. However, solutions are available to ensure the security of websites as well as the databases linked to those websites.

 

Conduct frequent system audits. While security measures should be deployed across the information systems, all transactions must be audited to ensure only those authorized to use the system are accessing, entering, or changing information.

 

Use digital signatures and secure date-time stamps. Use cryptographic checksums, fingerprints, or signatures to verify that data whether in transit or in a database has not been modified by unauthorized parties. Digital signatures ensure that the accompanying data is tamperproof and that signers cannot later deny access or use. Secure date-time stamping documents exactly when a record was created or modified.

 

Provide for redundancy. As with all large data storage and retrieval systems, there will be occasions when parts of the electronic health care records system will be unavailable due to equipment failure, denial of service attacks, or scheduled down time. Redundancy in the system at the data entry, storage, and retrieval levels will reduce or eliminate most availability problems.

 

Use a private data backbone. Network bottlenecks and outages are a continuous Internet problem due to fluctuations in data flows and the reliability and performance of various portions of the Internet. Even though access to major portions of the system by patients and health care professionals will be via the Internet, the backbone network of this system must be carried via a private data network in a manner similar to those used by banks and financial institutions.

 

Develop a rapid incident response mechanism. Attacks, intrusions, and events affecting the security of the healthcare records system will occur. To avoid or shorten these periods of unavailability, a robust and rapid incident response mechanism should be integrated into the initial design of the system, and given high priority for action. Establish a crisis management team which includes senior-level representatives who can convene and act quickly.

 

Sponsor information sharing networks. Rapid and trustworthy information sharing between system administrators, security professionals, and senior managers is a key component of a well designed information security plan. In recent years, Information Sharing and Analysis Centers (ISACs) have been established in all of the critical infrastructure sectors including the banking and finance, transportation, energy, and telecommunications sectors.

 

Keeping Pace with Change

A company’s information security program needs to be visible. A good security program requires senior executive involvement and support. It also needs to have a leader, someone in the organization that everyone recognizes as responsible for the security program.

Companies should strive to develop a security community within the organization. Security is not just a security officer or people who may work in that office, it is everyone. Establishing a community of individuals that take security seriously and getting them engaged in your program is extremely important.

Do not forget that information security must enable the business; it should not be seen as an obstacle. Information security has changed significantly over the last few years and will continue to change. It will always need to be flexible. Having a strong security program is a partnership with your business, employees, other companies, government, vendors, and business partners, to be effective everyone needs to be involved in the process.

The bottomline is if you can not protect your customers’ personal information, you are going to lose your customers. If it is not a main priority, it should be; network security needs to be an ongoing investment. Companies can’t be too careful; it only takes one data breach to ruin your reputation forever.

  Other Views:

Several insurance industry suppliers have views on security for the insurance industry. See their comments in the sidebar article,below:.

   

Industry Experts Discuss Security for Insurers

Insurance industry suppliers and vendors are very aware of the importance of security for the industry. Here are some comments from several companies on the subject.  

Comments from EDS:
Navigating the Security Minefield
By Roger Paehr, Product Manager, Policy Administration Systems, EDS SOLCORP  

The importance of security and operational risk management in the insurance and financial services industries has grown tremendously over the last few years due to several converging factors:  

Growing regulatory requirements. Regulators are anxious to protect customers and avoid a security crisis which could result in economic instability. Regulators from every level—state, provincial, national and international—are scrutinizing the existing security capabilities of financial institutions with more frequency and precision.  

Increasing security risk from data theft, destruction, or manipulation from insiders due to the greater availability of electronic information and the increased mobility and access of information via networked computers spanning the enterprise and the globe. This threat includes those from external service providers.  

Growing number of data security breaches which can result in the loss of confidence from customers, investors, partners and suppliers.  

Increasing number and severity of security attacks in the form of email fraud, viruses, worms, and other malicious code against insurance companies and their customers. These attacks often lead to the acquisition or destruction of confidential customer information.  

In the white paper Navigating the Security Minefield, developed by Financial Insights and sponsored by EDS, the challenge to safeguard both corporate and consumer non-public information all while balancing risk exposure is examined. Also explored is how insurance and financial institutions are responding to increasing security threats, both external security attacks and internal fraud and unauthorized access.

To receive a copy of this white paper and learn how to design a holistic security strategy, please visit our website at WWW.EDSSOLCORP.COM/SECURITY.

 

Comments from DSPA
Security Issues Life Insurance Companies Face
By Michael Simonyi, Director, Technology Consulting, DSPA Software, Inc.  

In today’s insurance landscape, data security has become a center of common focus across the industry.  With the advent of new legislation to protect consumer privacy, security and data protection is a growing concern as insurers brace for tighter control over their computing infrastructure. 

Physical, electronic, and organizational safeguards must be coordinated across an organization to ensure the safety of customer information. Policies and procedures around the collection, sharing, and storage of information must be established and communicated. From a technology point of view, companies must expand on their traditional methods of authentication, verification and data stream encryption.  These proven methods still often leave raw data vulnerable and unguarded.

Encryption of the data within the data center will become the challenge for most, if not all, organizations in the coming decade.  This is by no means a small undertaking.  Achieving end to end security comes with a price and many obstacles, including solution complexities and performance impacts.  Can existing systems support encrypted data sources? Can encrypted data be shared across heterogeneous platforms and applications?  What data requires mandatory encryption?  How will the introduction of encryption effect the entire computing environment?

For the vendor community, there must be a realization that proprietary encryption techniques will not suffice. Operating platforms will need to play together with the ability to leverage platform capabilities as the key.  Solution vendors and insurance organizations will need to collaborate to develop adaptable yet robust solutions to fulfill these challenges, promote consumer trust and comply with legislation.  

Comments from e-Lynx: 
Securing Sensitive Communications
By Robert Nilsson, Vice President, Marketing, e-Lynx  

Dealing with sensitive, privileged consumer information elevates security concerns to paramount importance. Organizations must focus on meeting information security responsibilities while somehow still streamlining two-way communication and document delivery with their customer base.

The need for speed and convenience is particularly high for insurance carriers dealing in the transmission and receipt of sensitive documentation, most commonly via fax and e-mail. Unfortunately, both are at risk due to the failure of traditional electronic communication channels to provide the necessary security of privileged information.

While faxing seems secure – i.e., point-to-point delivery over a telephone line —security often lapses in the receipt, storage and distribution of documents on either end. High fax volume and a wide distribution of end users make securing faxes at all points difficult, if not impossible.

E-mail brings its own security concerns, from obstructions related to spam and its filtering, to sophisticated phishing schemes, and of course, viruses. Encryption and secure authentication are usually one-way and difficult to implement. Messages pass through multiple servers during delivery and leave unsecured copies behind. These shortcomings alone (though there are more) make e-mail an insufficiently secure communication channel.

The alternative: a properly secured document receipt and delivery solution will employ robust (128bit or better), two-way encryption. No sensitive information in any form ever passes over open channels, and no traces of the document linger on any server passed during transmission. Combined with an easy-to-use Web-based interface and the ability to handle a wide variety of document formats, the ideal channel is user friendly for both staff and the consumer-user, encouraging greater adoption with every use.

Robert Nilsson is vice president of marketing and business development of eLynx Ltd., Cincinnati . He can be reached at rnilsson@elynx.com.

 

Contact Resource at resource@loma.org

 

 

Advertise with us...Your Financial Services Customers are here.
Download LOMA's 2008 Products and Services Catalog here

Chinese | Español | Français | Português | About LOMA | Banking | Healthcare Management | Members OnlyWhat's New
 Customer Assistance | Downloads | Education/Training | FLMI Program/Societies | InternationalLife Insurers Council
 LOMANET | Meetings/EventsNews Center | Online Learning | Products/Services | Publications  
  Research Reports | Resource Magazine | Technology Directory | The LOMA Store | Search Site | Site Map | Privacy Policy

Write us at: LOMA, 2300 Windy Ridge Parkway, Suite 600, Atlanta, GA 30339-8443
Phone: 770-951-1770  or  In the U.S. and Canada: 1-800-ASK LOMA (1-800-275-5662) 
Fax: 770-984-0441         E-mail: Askloma@loma.org

 
Copyright © 2008 LOMA. All rights reserved.

For technical assistance or to report problems, contact: webmaster@loma.org