10%

Try : Insurtech, Application Development

Edtech(5)

Events(34)

Interviews(10)

Life@mantra(11)

Logistics(1)

Strategy(14)

Testing(8)

Android(46)

Backend(29)

Dev Ops(3)

Enterprise Solution(22)

Frontend(28)

iOS(41)

Javascript(13)

Augmented Reality(17)

Customer Journey(12)

Design(13)

User Experience(34)

AI in Insurance(31)

Insurtech(59)

Product Innovation(37)

Solutions(15)

E-health(3)

HealthTech(8)

mHealth(3)

Telehealth Care(1)

Telemedicine(1)

Artificial Intelligence(109)

Bitcoin(7)

Blockchain(18)

Cognitive Computing(7)

Computer Vision(8)

Data Science(14)

FinTech(44)

Intelligent Automation(26)

Machine Learning(46)

Natural Language Processing(13)

Consumer-Centric Design in Insurance

Insurance instinctively feels old. It’s as though, the fast-moving parts of the digital age can’t seem to permeate its an archaic blueprint. Sure enough, it looks and feels that way too. One look at the spasm of choices to avail insurance online will leave you feeling dull and permanently bored. Consumers often don’t buy insurance, (even when they need it) because they are turned off by the complexity involved in understanding the product itself, and in the way, it is typically packaged & sold. 

In the Internet 2.0 era, users switch lightning quick between a dozen websites in tandem. The insurance industry, like most, is largely affected by the seeming lack of leverage they have in understanding what appeals to the consumer’s buying nature, instincts and experience.

The power of ‘choice’ lies in the hands of the insured, while the ability to ‘influence’ choice is a matter of design thinking. So if a user doesn’t get the price, product, service, communication and/or experience — they quickly move on

Insurers need next-gen customer engagement solutions that enable them to deliver the right interaction or experience at every customer touchpoint across the lifecycle, in order to maximize real customer lifetime value.

A detailed UX audit reveals many lacklustre areas in traditional insurance websites. In my experience (from having performed countless such audits) — insurance pages create limited awareness of the product, incomplete product understanding, confusion about features, low trust in delivery, frustration about lack of transparency, limited access to easy self-service tools and often a feeling of being overwhelmed leading to a tendency to put-off the purchase.

The inability to correct low engagement among Gen Y and Z users will hurt the long term stability for product innovation. According to a recent McKinsey analysis, the average number of interactions among banks and big tech cos with their customers (above the age of 20) is between 2100 to 2500 interactions per year. The same for health insurers average only around 270 to 300 interactions each year, perhaps indicating a strong disconnect between the need for insurance as a product/ service and its perception otherwise.

The transition from a ‘policy-centric’ to a ‘customer-first’ approach for up-selling, cross-selling and retention requires designing for three needs — ease of use, choice and (access to) support.

As customer expectations continue to evolve and lower tolerances are built for needlessly long and drawn-out customer journeys, the need for consistently delivering a superior experience stands out.

Let’s take a look at how insurers can improve some key areas of engagement:

  1. Omnichannel

    Nearly half
    of all life insurance customers prefer an omnichannel journey. This means that they expect the same superior experience today through search, social, website, app and in-person interactions with the company, and tomorrow. For creating the ideal ‘target customer journey’, basic pain-points are critical to addressing. For instance, a simple call before a routine health check-up to reassure the customer for any assistance post-appointment can go a long way in reassuring the brand’s commitment to even the finer details. These out-of-the-box experiences facilitate the creation of ‘Signature moments’ for the customer, driving loyalty.



    Today, most buying journeys begin with mobile — as people explore their insurance options in their free time, and on the move. Insurers will have to reinvent multichannel experiences like any other consumer product, say designer clothing or high-end electronics. While basic hygiene factors such as a mobile-responsive website equipped with a home-page wizard that seamlessly engages and assists the user are mandatory for companies who wish to increase their conversions, especially among younger demographics.

  2. Straight-to-Quote

    Getting to a product quote is one of the first interactions a user engages in. A potential customer checks on average, 4-5 websites before coming to any serious buying decision.

    The majority of insurers still use a plain design approach to displaying products — the method of asking the same bundle of questions in a ‘tick-box’ format. Asking less but relevant questions to offer quotes should be seen as a prerequisite in order to let go of outdated buying flows.



    A redesigned process can manufacture simple operational improvements. A prospective buyer who is looking for a quote on an insurer’s website is already spending time researching a multitude of different products with varying features. Insurers can save these users time spent on extensive research, through quick outreach that delivers a sensible buying rationale that feels personal to the user (using data & analytics).

    From here, a human agent (who is monitoring the journey thus far) can quickly take over and interactions can move beyond the jargon to address real needs. The user can be led to a more personalized interaction site (instead of being forced to download an app) and can get all account information, policy summaries and main headlines straight to phone or email — without having to re-enter any data.

    An overhaul of the journey (such as the one above) can unlock 50% or more increase in new premiums, simply because the customer and the insurer got off on the right page together.
  3. Policy Details

    Even in the age of digitalization, prospective customers still prefer to talk to people when it comes to getting information about the cost and quality of insurance products. Hardly anyone reads the 200-page brochure explaining every minute detail of an insurance policy. Users expect a simple, easy-to-understand summary of the policy, it’s pricing, its beneficial features and how it fares better than other policies in the market offered by other insurers.

Aggregators typically overcome this well, because they have to pit multiple policies against each other. In order to achieve this, a streamlined UI needs to be placed at the forefront of the interaction. This can easily navigate users through the buying journey and gather the relevant information along the way.

Lemonade and Insurify are great examples of new-age insurtechs already doing this — by using extensively user-tested pages with simple, clean CTAs strategically positioned along with the page, drawing the users scroll to each next step.

Lemonade Insurance



Another approach to disseminating the right policy information at the right time is to demonstrate the utility of the product through simple and effective storytelling. This way, the policy is broken down into easily digestible chunks that are always accessible to the user at any stage of their lifecycle with an insurer and avoids their dependency on legal confusing jargon. Insurers can also allow the user to craft their own policy (eg: lemonade insurance), which allows the user to experience exactly how their coverage works in-and-out.

  1. Quick Support & Advice
    Buying insurance protection is often unplanned and can be an emotional decision — since customers are looking to protect their life, health, home, family, or possessions. The process is usually mired with the hassle of navigating poorly designed experiences that don’t pay attention to an individual’s immediate or future needs but rather focuses on selling a generic product with no unique features. This makes the very idea of designing personalized user experiences extremely modern and a conscious path to the future of ‘individualized selling’. Insurers will have to present an uncluttered, clean, and straight-to-the-point visual website with simple & memorable messaging, and a conversational wizard that gives every user the freedom to explore freely and transition fluently across each stage in the buying process.
Customer Journey

Design thinking is all about product innovation for the best customer experience. A customer-first approach has been proven to create better business ROI, that demonstrably improves the customer-company dynamic. The right UX expert can bring an unbiased view into what your customer feels, and point out where the relationship, for insurers, can finally begin to improve.
To know more about how our customer-first design approach is solving insurer challenges across their customer journeys, reach out to us at hello@mantralabsglobal.com.

Cancel

Knowledge thats worth delivered in your inbox

12 Tips To Secure Your Mobile Application

Cyber attacks and data theft have become so common these days especially when it comes to mobile applications. As a result, mobile apps that experience security breaches may suffer financial losses. With many hackers eyeing to steal customer data, securing these applications has become the number one priority for organizations and a serious challenge for developers. According to Gartner’s recent research, Hype Cycle for Application Security, investment in application security will increase by more than two-fold over the next few years, from $6 billion this year to $13.7 billion by 2026. Further, the report stated, “Application security is now top-of-mind for developers and security professionals, and the emphasis is now turning to apps hosted in public clouds,” It is crucial to get the fundamental components of DevOps security correct. Here are the 12 tips to secure your mobile application: 

1. Install apps from trusted sources:

It’s common to have Android applications republished on alternate markets or their APKs & IPAs made available for download. Both APK and IPA may be downloaded and installed from a variety of places, including websites, cloud services, drives, social media, and social networking. Only the Play Store and the App Store should be allowed to install trustworthy APK and IPA files. To prevent utilizing these apps, we should have a source check detection (Play Store or App Store) upon app start.

Also read, https://andresand.medium.com/add-method-to-check-which-app-store-the-android-app-is-installed-from-or-if-its-sideloaded-c9f450a3d069

2. Root Detection:

Android: An attacker could launch a mobile application on a rooted device and access the local memory or call specific activities or intents to perform malicious activities in the application. 

iOS: Applications on a jailbroken device run as root outside of the iOS sandbox. This can allow applications to access sensitive data stored in other apps or install malicious software negating sandboxing functionality. 

More on Root Detection- https://owasp.org/www-project-mobile-top-10/2016-risks/m8-code-tampering

3. Data Storing:

Developers use Shared Preferences & User Defaults to store key-value pairs like tokens, mobile numbers, email, boolean values, etc. Additionally, while creating apps, developers prefer SQLite databases for structured data. It is recommended to store any data in the format of encryption so that it is difficult to extract the information by hackers.

4. Secure Secret Keys:

API keys, passwords, and tokens shouldn’t be hardcoded in the code. It is recommended to use different techniques to store these values so that hackers cannot get away quickly by tampering with the application. 

Here’s a reference link: https://guides.codepath.com/android/Storing-Secret-Keys-in-Android

5. Code Obfuscation

An attacker may decompile the APK file and extract the source code of the application. This may expose sensitive information stored in the source code of the application to the attacker which may be used to perform tailored attacks. 

It is better to obfuscate the source code to prevent all the sensitive information contained in the source code.

6. Secure Communication:

An attacker may perform malicious activities to leverage the level of attacks since all communication is happening over unencrypted channels. So always use HTTPS URLs over HTTP URLs.

7. SSL Pinning:

Certificate pinning allows mobile applications to restrict communication only to servers with a valid certificate matching the expected value (pin). Pinning ensures that no network data is compromised even if a user is tricked into installing a malicious root certificate on their mobile device. Any app that pins its certificates would thwart such phishing attempts by refusing to transmit data over a compromised connection

Please refer: 

https://owasp.org/www-community/controls/Certificate_and_Public_Key_Pinning

8. Secure API request & response data

The standard practice is to use HTTPS for the baseline protection of REST API calls. The information sent to the server or received from the server may be further encrypted with AES, etc. For example, if there are sensitive contents, you might choose to select those to encrypt so that even if the HTTPS is somehow broken or misconfigured, you have another layer of protection from your encryption.

9. Secure Mobile App Authentication:

In case an application does not assign distinct and complex session tokens after login to a user, an attacker can conduct phishing in order to lure the victim to use a custom-generated token provided by the attacker and easily bypass the login page with the captured session by using a MiTM attack.

i) Assign a distinct and complex session token to a user each time he/she logs on successfully to the application. 

ii) Terminate the session lifetime immediately after logging out. 

iii) Do not use the same session token for two or more IP addresses. 

iv) Limit the expiry time for every session token.

10.  Allow Backup 

Disallow users to back up an app if it contains sensitive data. Having access to backup files (i.e. when android:allowBackup=”true”), it is possible to modify/read the content of an app even on a non-rooted device. So it is recommended to make allow backup false. 

11. Restrict accessing android application screens from other apps

Ideally, your activities should not give any provision to the opening from other services or applications. Make it true only when you have a specific requirement to access your flutter screens from other apps otherwise change to android:exported= ”false”

12. Restrict installing packages from the android application

REQUEST_INSTALL_PACKAGES permission allows apps to install new packages on a user’s device. We are committed to preventing abuse on the Android platform and protecting users from apps that self-update using any method other than Google Play’s update mechanism or download harmful APKs.

Conclusion: 

Mobile Apps have become more personalized than ever before with heaps of customers’ personal data stored in them every day. In order to build trust and loyalty among users and prevent significant financial and credential losses for the companies, it is now crucial to make sure the application is secure for the user. Following the above-mentioned mobile app security checklists will definitely help to prevent hackers from hacking the app.

About the Author:

Raviteja Aketi is a Senior Software Engineer at Mantra Labs. He has extensive experience with B2B projects. Raviteja loves exploring new technologies, watching movies, and spending time with family and friends.

Read our latest blog: Implementing a Clean Architecture with Nest.JS

Cancel

Knowledge thats worth delivered in your inbox

Loading More Posts ...