10%

Try : Insurtech, Application Development

Edtech(5)

Events(34)

Interviews(10)

Life@mantra(11)

Logistics(1)

Strategy(14)

Testing(8)

Android(46)

Backend(29)

Dev Ops(3)

Enterprise Solution(22)

Frontend(28)

iOS(41)

Javascript(13)

Augmented Reality(17)

Customer Journey(12)

Design(13)

User Experience(34)

AI in Insurance(31)

Insurtech(59)

Product Innovation(37)

Solutions(15)

E-health(3)

HealthTech(8)

mHealth(3)

Telehealth Care(1)

Telemedicine(1)

Artificial Intelligence(109)

Bitcoin(7)

Blockchain(18)

Cognitive Computing(7)

Computer Vision(8)

Data Science(14)

FinTech(44)

Intelligent Automation(26)

Machine Learning(46)

Natural Language Processing(13)

Is AI Disruption on the way for Kenya’s Insurance Space?

The earliest known reason for introducing insurance protection in Kenya, came during the time of the Colonial British — when they insured their farms and crops against loss, damage etc. Today, Kenya has 70% of the East African Insurance market (among Burundi, Uganda, Tanzania & Rwanda). Still, African Insurance is relatively nascent in terms of size. Only 6 major markets dominate the landscape in a serious way — Egypt, Tunisia, Morocco, South Africa, Nigeria & Kenya. Infact, the number of insurtech startups in the continent altogether is a paltry 50 something. 

The looming political climate coupled with a slowly recovering economy and some fierce competitive tactics used by traditional incumbents places the industry far from ideal in terms of marketplace conditions, including the slowdown in uptake of insurance products by an income-sensitive population.

Yet, Kenya offers a sense of growing appeal for young insurtechs in this region. The market remains largely undisrupted, since insurance penetration is only about 3% (insurance penetration for the African continent is only at 0.3%), attracting large international insurers like Allianz and Swiss Re who have recently entered the market. Kenya, like other countries in the region, has enormous potential similar to South-East Asian economies that also remain largely undisrupted with lower penetration rates.

The positive sentiment surrounding Kenya’s potential for deep tech disruption is not surprising — According to the 2019 Government AI Readiness Index published by the  IDRC and Oxford Insights — Kenya is the most AI ready country in Africa.

Buying Behavior

Insurtech startups are exploring avenues using AI that large, traditional players have less incentive to exploit, such as offering ultra-customized policies, social insurance, and using behavior data from devices to dynamically price premiums.

The Millennial experience is entirely technology driven, while their attitudes and perceptions as consumers will shape the future of how insurance as a service continues to remain relevant.


According to a Kenya Insurance Industry Report, 65% of millennials compare prices across different websites before making a purchase, 68% only buy a product through referrals from friends and social media. Interestingly, 84% of them are opposed to traditional advertising. 

For insurers, loyalty comes at a price — often dictated by the pain point the product/service can eliminate for impatient classes of customers. Analysing buying or browsing behavior can lead to an immense amount of ethically siphoned data. Using ML models and regression algorithms, insurers can create a unified view of their prospect, and realize a multi-targeted approach to create opportunities for upselling or cross-selling.


The report also highlights the importance of making sense of social media behavior — since 41% of millennials use social networking sites to pass on recommendations of products and services to friends and family.

Unlocking market potential requires targeting the uninsured growing middle class in creative ways. In addition to better pricing models, insurtech startups are testing the waters on a host of potential game-changers, such as using deep learning trained artificial intelligence (AI) to handle the tasks of brokers and finding the right mix of policies to complete an individual’s coverage.

Insurtechs are using AI to solve for Kenya’s distribution challenges, by looking at vital consumer needs that have previously been unmet or glossed over. At the same time, there is scope for improving the average consumer’s awareness of artificial intelligence technology, and how they can take advantage of it to solve priority-first issues related to convenience, cost and range of choice.
Nairobi-based Jubilee Insurance, the largest insurer in East Africa is making the most of AI tools like chatbots and automated messaging platforms for streamlining simple customer feedback & support operations. They have also launched forward-thinking products like “Recover in Style” which provides hair and make-up services to Jubilee patients who are hospitalized — services that go beyond the financial needs and into the realm of delivering superior customer experiences.

These efforts highlight a trend pointing towards the growing interest in the use of apps to pull policies into one platform for management and monitoring, creating on-demand insurance for micro-events like borrowing a friend’s car, and the adoption of the peer-to-peer models to create customized coverages. Bluewave, for example, is an insurtech startup offering low-cost insurance products, as low as US$4 a week, aimed at low-resource, low-income users in last-mile environments.

The expanding middle class and growth in mobile phone penetrations will be critical to widening distribution and getting more people to buy micro-insurance sized products for the first time. Badalaa is an on-demand insurtech startup focussed on bringing insurance at the point of transaction where the user needs it. Turaco, a recently funded insurtech, with premiums for as little as US$2 — leverages mobile financial services to provide hospital cashback to customers who have sought treatment at any nationally-accredited hospital in the regions where they operate. These innovations further the consumer’s awareness of AI-enabled insurance coverage and protection in general, in an otherwise underpenetrated marketplace.


Bismart is another example — an insurtech aggregator that allows customers to not only buy the best-in-class insurance products but also make claims directly from their portal as well. 

The biggest learnings for young insurtechs in this space from more mature markets, are about getting the basics right – having a single view of the customer, being able to launch rates and change pricing in real-time, offering customers a multichannel experience without requiring them to fill in the same information over and over again, and settling claims quickly without the need for multiple touchpoints.

Demand-driven models, built on sufficiently large data-sets will be instrumental in driving individual customisation at mass-scale for the sector at large.

webinar: AI for data-driven Insurers

Join our Webinar — AI for Data-driven Insurers: Challenges, Opportunities & the Way Forward hosted by our CEO, Parag Sharma as he addresses Insurance business leaders and decision-makers on April 14, 2020.

We help young insurtechs, build and scale AI-driven products and solutions for last-mile environments. Reach out to us on hello@mantralabsglobal.com, to learn more.

Cancel

Knowledge thats worth delivered in your inbox

12 Tips To Secure Your Mobile Application

Cyber attacks and data theft have become so common these days especially when it comes to mobile applications. As a result, mobile apps that experience security breaches may suffer financial losses. With many hackers eyeing to steal customer data, securing these applications has become the number one priority for organizations and a serious challenge for developers. According to Gartner’s recent research, Hype Cycle for Application Security, investment in application security will increase by more than two-fold over the next few years, from $6 billion this year to $13.7 billion by 2026. Further, the report stated, “Application security is now top-of-mind for developers and security professionals, and the emphasis is now turning to apps hosted in public clouds,” It is crucial to get the fundamental components of DevOps security correct. Here are the 12 tips to secure your mobile application: 

1. Install apps from trusted sources:

It’s common to have Android applications republished on alternate markets or their APKs & IPAs made available for download. Both APK and IPA may be downloaded and installed from a variety of places, including websites, cloud services, drives, social media, and social networking. Only the Play Store and the App Store should be allowed to install trustworthy APK and IPA files. To prevent utilizing these apps, we should have a source check detection (Play Store or App Store) upon app start.

Also read, https://andresand.medium.com/add-method-to-check-which-app-store-the-android-app-is-installed-from-or-if-its-sideloaded-c9f450a3d069

2. Root Detection:

Android: An attacker could launch a mobile application on a rooted device and access the local memory or call specific activities or intents to perform malicious activities in the application. 

iOS: Applications on a jailbroken device run as root outside of the iOS sandbox. This can allow applications to access sensitive data stored in other apps or install malicious software negating sandboxing functionality. 

More on Root Detection- https://owasp.org/www-project-mobile-top-10/2016-risks/m8-code-tampering

3. Data Storing:

Developers use Shared Preferences & User Defaults to store key-value pairs like tokens, mobile numbers, email, boolean values, etc. Additionally, while creating apps, developers prefer SQLite databases for structured data. It is recommended to store any data in the format of encryption so that it is difficult to extract the information by hackers.

4. Secure Secret Keys:

API keys, passwords, and tokens shouldn’t be hardcoded in the code. It is recommended to use different techniques to store these values so that hackers cannot get away quickly by tampering with the application. 

Here’s a reference link: https://guides.codepath.com/android/Storing-Secret-Keys-in-Android

5. Code Obfuscation

An attacker may decompile the APK file and extract the source code of the application. This may expose sensitive information stored in the source code of the application to the attacker which may be used to perform tailored attacks. 

It is better to obfuscate the source code to prevent all the sensitive information contained in the source code.

6. Secure Communication:

An attacker may perform malicious activities to leverage the level of attacks since all communication is happening over unencrypted channels. So always use HTTPS URLs over HTTP URLs.

7. SSL Pinning:

Certificate pinning allows mobile applications to restrict communication only to servers with a valid certificate matching the expected value (pin). Pinning ensures that no network data is compromised even if a user is tricked into installing a malicious root certificate on their mobile device. Any app that pins its certificates would thwart such phishing attempts by refusing to transmit data over a compromised connection

Please refer: 

https://owasp.org/www-community/controls/Certificate_and_Public_Key_Pinning

8. Secure API request & response data

The standard practice is to use HTTPS for the baseline protection of REST API calls. The information sent to the server or received from the server may be further encrypted with AES, etc. For example, if there are sensitive contents, you might choose to select those to encrypt so that even if the HTTPS is somehow broken or misconfigured, you have another layer of protection from your encryption.

9. Secure Mobile App Authentication:

In case an application does not assign distinct and complex session tokens after login to a user, an attacker can conduct phishing in order to lure the victim to use a custom-generated token provided by the attacker and easily bypass the login page with the captured session by using a MiTM attack.

i) Assign a distinct and complex session token to a user each time he/she logs on successfully to the application. 

ii) Terminate the session lifetime immediately after logging out. 

iii) Do not use the same session token for two or more IP addresses. 

iv) Limit the expiry time for every session token.

10.  Allow Backup 

Disallow users to back up an app if it contains sensitive data. Having access to backup files (i.e. when android:allowBackup=”true”), it is possible to modify/read the content of an app even on a non-rooted device. So it is recommended to make allow backup false. 

11. Restrict accessing android application screens from other apps

Ideally, your activities should not give any provision to the opening from other services or applications. Make it true only when you have a specific requirement to access your flutter screens from other apps otherwise change to android:exported= ”false”

12. Restrict installing packages from the android application

REQUEST_INSTALL_PACKAGES permission allows apps to install new packages on a user’s device. We are committed to preventing abuse on the Android platform and protecting users from apps that self-update using any method other than Google Play’s update mechanism or download harmful APKs.

Conclusion: 

Mobile Apps have become more personalized than ever before with heaps of customers’ personal data stored in them every day. In order to build trust and loyalty among users and prevent significant financial and credential losses for the companies, it is now crucial to make sure the application is secure for the user. Following the above-mentioned mobile app security checklists will definitely help to prevent hackers from hacking the app.

About the Author:

Raviteja Aketi is a Senior Software Engineer at Mantra Labs. He has extensive experience with B2B projects. Raviteja loves exploring new technologies, watching movies, and spending time with family and friends.

Read our latest blog: Implementing a Clean Architecture with Nest.JS

Cancel

Knowledge thats worth delivered in your inbox

Loading More Posts ...