Greenberg on Cuba
On a visit to Moscow in 1964, Hank Greenberg noticed a picture of a Havana office building on the desk of an official with the Soviet insurance company Ingosstrakh.
“That looks like the building where my company housed its insurance operations,” Greenberg — who was in Moscow seeking a travel risk reinsurance deal — told the official.
The C.V. Starr Companies had an office in Havana – pictured above – between 1943 and 1958.
“That may be,” the Soviet official replied. “Now it is the building where Ingosstrakh houses the Soviet Union’s Cuban operations,” he added.
“Please take care of that building,” Greenberg told the official. “We will get it back … soon.”
More than 50 years after Greenberg made that bold statement, as recounted in his 2013 book “The AIG Story,” the day that Starr Companies takes possession of its former property in Havana is not yet here.
“Change must come about, but how fast? I can’t answer that.” – Hank Greenberg, CEO and Chairman of the Starr Companies.
With the recent easing of travel restrictions to Cuba by the U.S. government, however, Starr Companies’ executives are checking on the condition and ownership of the building just the same.
Untangling the history of that Havana building is just one of the opportunities that are on the minds of business people in the United States since travel restrictions to Cuba were eased in January.
Greenberg expresses the hope that his company can one day re-open an insurance operation in Havana. At the same time, Greenberg said that there is much work yet to be done, on the part of both the public and the private sector, before anything like that can happen.
“Both governments have got to agree on the speed by which normalization would come into being,” Greenberg said.
Since the restrictions were eased, Greenberg reports that the Starr Companies’ travel services subsidiary Assist-Card International Holdings, which it acquired in 2011, is already seeing an uptick in inquiries from businesspeople interested in its travel protection services in Cuba.
“From what we can discern, there is a great deal of interest and a pent-up need to travel,” Greenberg said.
The hotel and restaurant business, agriculture and travel-related industries like cruise shipping and aviation are just a few of the industries that will see opportunities in nearby Cuba as relationships between that country and the United States open up.
There will also be an intense interest, Greenberg said, for people of Cuban descent who are United States citizens eager to visit their origin country.
However, more evolution in government relations must occur before many of those dreams can become a reality.
“Change must come about, but how fast? I can’t answer that,” Greenberg said.
One thing Greenberg is certain of. Free trade is the quickest route to building lasting bonds between the United States and Cuba.
“I think that where trade increases between countries generally you see change in attitudes and building better trust between countries. You learn from each other, it’s a faster way to normalize relations than anything I can think of,” Greenberg said.
Greenberg stressed that Assist-Card International isn’t the only U.S.-based insurance company or subsidiary in the travel risk business.
The Starr chairman indicated though that he expects his company to be a strong competitor.
“The challenges of doing business in Cuba are substantial,” Greenberg said.
“But Starr is well-positioned and prepared to leverage our relationships and global network to support our clients’ entry into this market.”
Securing Consumer Transactions
Major data breaches among big box retailers, large banks and other consumer outlets continue to make news. As a result, more secure consumer payment methods are popping up.
Yet, the critical question remains: Will emerging technologies — from “chip-and-PIN” credit cards to Apple Pay, Google Wallet and other products — stem the data risk tide? And, will there be a front runner among the group?
Will there be a single payment system that can give both retailers and their customers a sense of security that is currently nonexistent?
It’s much too early to tell, experts said. The main challenge now may be sorting through the various technological options — in addition to the potential cost and difficulty of implementing a new standard system.
“There is no security salvation or fraud magic bullet, but many of the new technologies offer a lot of promise.” — Aaron Press, director of e-commerce and risk solutions at LexisNexis Risk Solutions
For example, some large retailers such as Wal-Mart, Rite Aid and CVS announced they would not accept Apple Pay, which uses the iPhone and major credit cards as its “touchless” payment delivery system. Instead, those large retailers and others are planning to use an alternative e-payment technology, called CurrentC, which bypasses major credit cards completely.
The retailers favor that system because it eliminates the transaction fees charged by credit card companies to retailers.
According to Aaron Press, director of e-commerce and risk solutions at LexisNexis Risk Solutions in Dallas, each of the various mobile wallet systems has its own advantages.
VIDEO: A report on CBS This Morning notes that the U.S. lags far behind the rest of the world in adoption of chip-and-PIN cards. The main reason? The $8 billion cost to replace the point-of-sale hardware.
One key benefit of systems such as Apple Pay and CurrentC, he said, is that they do not pass actual card data to the merchant, so there is no account information either in storage or in transit that can be compromised.
“If the wallet systems are secure, then consumers benefit from not sharing their payment credentials with merchants,” he said.
“This means that even in the event of a breach, the consumer will not have to worry about their information being stolen and dealing with the hassle of disputing fraudulent charges or receiving new account numbers.”
Press noted that it is not yet clear whether Apple Pay or CurrentC will be vulnerable to fraudulent use.
E-wallet providers must ensure that the credentials being provisioned and used actually belong to the consumer attempting to use them, and that the applications, processes and infrastructure are secure, he said.
The biometrics used with the Apple Pay process are helpful, but not a panacea.
David Katz, leader of the privacy and information security practice group in the Atlanta office of law firm Nelson Mullins, said Apple Pay’s biometric Touch ID technology makes it “difficult for a thief or imposter to use an iPhone to complete transactions fraudulently.”
“Consumers whose phones are stolen or misplaced can easily use the ‘Find my iPhone’ feature to suspend all payments,” he said.
However, he added, with 800 million credit cards on file — not to mention the new wearable fitness trackers that contain large amounts of health data — Apple may have succeeded in making itself a prime target.
“Apple Pay does represent a security improvement over today’s magnetic stripe credit card architecture since the former requires stealing a victim’s phone and successfully duplicating a fingerprint to commit fraudulent transactions,” said Paco Hope, principal consultant at security consulting firm Cigital, in Dulles, Va.
Apple Pay also includes architecture (such as proxy numbers instead of account numbers) that contributes additional security, he said.
Russ Spitler, vice president of product management at Alien Vault, a security provider in San Mateo, Calif., called Apple Pay a “major move” for the payment industry.
While the underlying technology is not new, Apple has the market share and consumer buy-in to make it popular, he said. Shifts in payment technology are driven by consumer demand, not retailer preference.
“In the past, Apple has proven it can manage private data very responsibly — they take encryption seriously and implement it well,” Spitler said.
“They are still prone to attacks against their users such as the recent iCloud issues — but they are working to add more features to help safeguard even in that situation.
“With Apple Pay, I am hopeful we will turn the corner on the horrible status quo of credit cards,” he said.
Because the U.S. adopted credit cards faster than they spread across Europe, Spitler said, the infrastructure in the U.S. is mostly antiquated but deeply entrenched, such as the point-of-sale (POS) systems reliant on magnetic stripe technology.
Moving past that to new Europay, MasterCard and Visa (EMV)-based credit cards (also referred to as chip-and-PIN, chip-and-signature, chip-and-choice, or generally as chip technology) will require a major retrofit of a very distributed payment system that’s been in use for a long period of time, he said.
EMV is a global standard for interoperation of integrated circuit cards (IC cards or “chip cards”) and IC card-capable POS terminals and ATMs, for authenticating credit and debit card transactions.
EMV also supports dynamic authentication (numbers change with each transaction), which means a cardholder’s data is more secure on a chip-enabled payment card than on a magnetic stripe card, and is much more difficult to copy or counterfeit.
“Each corner store will have to invest in new technology at great cost to themselves and without any demand from the consumer; that’s a really difficult request to make of a small business,” Spitler said.
“Magnetic stripe technology makes it dirt simple to clone a card once you have the electronic data associated with it,” he added.
However, he said, the use of chip/PIN technology does not guarantee the long-term elimination of risk.
“Even if the world magically adopted chip-and-PIN technology overnight, hackers would simply try to find a new way to turn card data into money,” Spitler said.
Mike VanDenBerg, a managing director in KPMG’s cyber services and information protection practice, said it’s well documented that fraud and loss levels are lower in Europe than in the U.S.
“It’s not perfect there, but it’s better. There were many more barriers to the adoption in the U.S., mainly the high cost and disruption of replacing the aging POS equipment necessary to adopt chip-and-PIN-type solutions,” he said.
VanDenBerg said the ripple effect of the latest round of data breaches started in earnest around 2013, and served as a major wake-up call, not just for retailers but for any business that allowed payment with a magnetic swipe credit card.
Unfortunately, when you factor in budget cycles for new equipment, priorities had already been set in 2013 for the following year. As a result, planning and positioning for 2015 has just begun.
“The first big adjustments on these fundamental problems from a security standpoint are starting to take place right now,” he said. “Plus, they also must be able to connect to Apple Pay and other wireless payment platforms.”
VanDenBerg noted that merchants have to install replacement platforms at all levels, including both hardware and software — a very expensive undertaking. And while there is no mandate to move to EMV-based solutions (no laws or regulations demanding it), merchants and retailers understand that they need to move to the next level when it comes to data security at point of sale. After all, how many more data scandals do we need to see to trigger a broader consumer backlash?
“It’s not an end game, nor a silver bullet, but the new credit card platforms are definitely more secure than the current magnetic stripe cards,” he said.
“If it takes two or three years to move from one technology to another, the old platforms may even get less secure because they will receive less scrutiny in terms of updates, patches, etc.” — Mike VanDenBerg, managing director, KPMG cyber services and information protection practice
From a risk management perspective, he said, retailers will need to turn the “old stuff off” as they roll out the new POS platforms. So while they are sun-setting systems that are no longer needed, the risk still remains as long as they are in operation. In fact, businesses should be very careful prior to the transfer.
“If it takes two or three years to move from one technology to another, the old platforms may even get less secure because they will receive less scrutiny in terms of updates, patches, etc.,” he said. “That can’t be ignored.”
Anyone putting consumer data at risk by accepting credit cards must engage in the risk management and security conversation and bring it to the forefront of the business.
“Ten years ago, security was in the background, outside the building. Five years ago, it was in the lobby and three years ago, it was moving up even more. Today, it finally has a seat at the table,” he said. “I think we will see significant momentum a year or two from now when it comes to credit cards equipped with chip-and-PIN-type solutions.”
Cigital’s Hope said that payment networks are introducing risk management beyond today’s process of simply accepting or denying charges. Contactless payment systems deployed in the UK, for example, usually are dependent upon a variety of limits on total amount, number of transactions and transactions per time period.
“This is what it looks like when modern risk management meets the retail experience: the strength of the security measures in place,” he said. “Retail customer data in the future will be much more carefully protected using similar designs.”
Regardless of what type of payment system is used, all businesses should have cyber insurance, even though many companies still don’t believe they are likely targets, said Collin Hite, who leads the insurance recovery group at Hirschler Fleischer in Richmond, Va.
The first party aspects of such coverage can be critical to a business since the insurance pays for forensic investigation and re-securing the network, in the event of a data breach, he said.
“This is typically the largest cost — not the actual loss of information of the consumers,” he said.
“While we know the Fortune 500 to 1,000 are considering specific cyber coverage, middle-market businesses need to understand that they are as vulnerable as the ‘big boys,’ ” he said.
Craig Young, a mobile security researcher for Tripwire, in Portland, Ore., said the best risk management strategy is to move to the next technology as quickly as possible.
“The ancient swipe and sign technology that dominates American retail is long overdue for a funeral,” he said. “For years, credit cards have been low-hanging fruit for thieves with a variety of techniques to steal card data, reproduce cards and start spending.”
LexisNexis’ Press added that it’s way too early to declare a front runner in mobile payments, and that magnetic stripe cards will be around for several more years.
“There is no security salvation or fraud magic bullet, but many of the new technologies offer a lot of promise,” Press said. “EMV will drastically improve POS security and reduce counterfeit fraud. Biometrics is a promising option for identity verification.”
But, he warned, new technologies open the window to new problems.
“Companies need to evaluate the risks and benefits of adding any new commerce technology or channel to their environment,” Press said.
What Is Insurance Innovation?
Truly innovative insurance solutions are delivered in real time, as the needs of businesses change and the nature of risk evolves.
Lexington Insurance exemplifies this approach to innovation. Creative products driven by speed to market are at the core of the insurer’s culture, reputation and strategic direction, according to Matthew Power, executive vice president and head of strategic development at Lexington, an AIG Company and the leading U.S.-based surplus lines insurer.
“The excess and surplus lines sector is in a growth mode due, in no small part, to the speed at which our insureds’ underlying business models are changing,” Power said. “Tomorrow’s winning companies are those being built upon true breakthrough innovation, with a strong focus on agility and speed to market.”
To boost its innovation potential, for example, Lexington has launched a new crowdsourcing strategy. The company’s “Innovation Boot Camps” bring people together from the U.S., Canada, Bermuda and London in a series of engagements focused on identifying potential waves of change and market needs on the coverage horizon.
“Employees work in teams to determine how insurance can play a vital role in increasing the success odds of new markets and customers,” Power said. “That means anticipating needs and quickly delivering programs to meet them.”
An example: Working in tandem with the AIG Science team – another collaboration focused on innovation – Lexington is looking to offer an advanced high-tech seating system in the truck cabs of some of its long-haul trucking customers. The goal is to reduce driver injury and fatigue-based accidents.
“Our professionals serving the healthcare market average more than twenty years of industry experience. That includes attorneys and clinicians combining in a defense-oriented claims approach and collaborating with insureds in this fast-moving market segment. At Lexington, our relentless focus on innovation enables us to take on the risk so our clients can take on the opportunities.”
— Matthew Power, Executive Vice President and Head of Regional Development, Lexington Insurance Company
Power explained that exciting growth areas such as robotics, nanotechnology and driverless cars, among others, require highly customized commercial insurance solutions that often can be delivered only by excess and surplus lines underwriters.
“Being non-admitted, our freedom of rate and form allows us to be nimble, and that’s very important to our clients,” he said. “We have an established track record of reacting quickly to trends and market needs.”
Lexington is a leading provider of personal lines coverage for the excess and surplus lines industry and, as Power explains, the company’s suite of product offerings has continued to evolve in the wake of changing customer needs. “Our personal lines team has developed a robust product offering that considers issues like sustainable building, energy efficiency, and cyber liability.”
Most recently the company launched Evacuation Response, a specialty coverage designed to reimburse Lexington personal lines customers for costs associated with government mandated evacuations. “These evacuation scenarios have becoming increasingly commonplace in the wake of recent extreme weather events, and this coverage protects insured families against the associated costs of transportation and temporary housing.
The company also has followed the emerging cap and trade legislation in California, which has created an active carbon trading market throughout the state. “Our new Carbon ODS product provides real property protection for sequestered ozone depleting substances, while our CarbonCover Design Confirm product insures those engineering firms actively verifying and valuing active trades.” Lexington has also begun to insure new Carbon Registries as they are established in markets across the country.
Lexington has also developed a number of new product offerings within the Healthcare space. The Affordable Care Act has brought an increased focus on the continuum of care and clinical patient safety. In response, Lexington has created special programs for a wide range of entities, as the fast-changing healthcare industry includes a range of specialized services, including home healthcare, imaging centers (X-ray, MRI, PET–CT scans), EMT/ambulances, medical laboratories, outpatient primary care/urgent care centers, ambulatory surgery centers and Medical rehabilitation facilities.
“The excess and surplus lines sector is in growth mode due, in no small part, to the speed at which our insureds’ underlying business models are changing,” Power said.
Apart from its coverage flexibility, Lexington offers this segment monthly webcasts, bi-monthly conference calls and newsletters on key risk issues and educational topics. It also provides on-site risk consultation (for qualifying accounts), access to RiskTool, Lexington’s web-based healthcare risk management and patient safety resource, and a technical staff consisting of more than 60 members dedicated solely to healthcare-related claims.
“Our professionals serving the healthcare market average more than twenty years of industry experience,” Power said. “That includes attorneys and clinicians combining in a defense-oriented claims approach and collaborating with insureds in this fast-moving market segment.”
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Lexington Insurance. The editorial staff of Risk & Insurance had no role in its preparation.