Aetna CVS Health

The Fortune 10 Healthcare Giant Deployed Passwordless Authentication to more than 10 million customers.

Use Case:
Passwordless Customer Authentication
Desktop MFA

Deployment:
10 Million+ Users

Key Impacts

Reduced ATO Fraud by 98.4%
Accelerated Mobile App Adoption Across 10M+ Users
Saved Millions in Password Reset Costs
Eliminated Use of Passwords and Shared Secrets
Enhanced Customer Login Experience

They Called it “Next-Gen Authentication”

Aetna, a CVS Health Company, is one of the world’s largest health insurers and managed healthcare providers. As part of their digital transformation initiative, the company had a C-level directive to improve both user experience (UX) and security. To Aetna, this meant moving away from passwords to what they called “Next Generation Authentication” or NGA for short.

To realize the full potential of NGA, Aetna outlined key requirements:

  • Reduce ATO fraud for member accounts
  • Improving User Experience to Increase Mobile App Adoption
  • Reduce password reset and help desk costs
  • Implement a repeatable authentication framework to reduce integration costs

Working closely together across multiple teams, initiatives and stakeholders, Aetna and HYPR successfully delivered passwordless authentication to millions of customers who now enjoy fast, easy access across mobile and web applications.

The NGA initiative carried over through the CVS Health merger. The vision now is to unify passwordless security across web and mobile apps and address new use cases as they expand passwordless to 30 million customers introduced by CVS Health.


    You’re not using your insurance app every day. Users often forget their passwords, especially when it’s time to renew a policy. You can see thousands, millions of password reset calls in a small time frame. It’s almost like a Password Armageddon.
    Abbie Barbir
    Senior Security Architect, Aetna CVS Health
    True Passwordless Security addresses security and fraud risks for my enterprise, but also helps me drive a vision that allows that organization to meet the digital engagement goals that we have.
    Brian Heemsoth
    Executive Director, Global Security Aetna CVS Health

Saving Users from “The Password Armageddon”
Passwords were an especially difficult problem for the company. Aetna’s security leadership needed the organization to move away from passwords since they were the target of credentials-based attacks, account takeover (ATO) and phishing. Beyond the security org, business leadership was aware that expensive password resets were impacting their bottom line.

Customers typically log into their application a few times per year. This meant password resets and helpdesk congestion were most common during the re-enrollment period. It was considered the annual “Password Armageddon” that cost the business millions annually. Aetna needed a solution that satisfied all four key requirements which address both business and security aims.

A 98% Drop in Mobile ATO Fraud
Aetna was able to integrate True Passwordless™ SCA across customer-facing mobile apps in hours using the HYPR Mobile SDK for iOS and Android. HYPR’s fully customizable user interface enabled Aetna to control and maintain their brand across platforms and apps. Ease of UI customization makes it easy for new lines of business to adopt passwordless technology and deliver a unified customer experience. HYPR was integrated seamlessly into CVS Health’s applications. Within a brief period of time Aetna replaced their legacy and passwords-based authentication approach with HYPR’s True Passwordless architecture which enhanced security and ease of use to customers nationwide.

Today, more than 10 million users benefit from a true passwordless login experience that doesn’t rely on passwords and shared secrets. While authentication is faster and the overall digital experience has improved, so has the year-over-year increase in mobile engagement rates.

With HYPR, Aetna has the ability to quickly scale passwordless across a growing user base.

Customers who adopted passwordless were safe from credentials-based vulnerabilities enabling the security and risk teams to decrease ATO fraud and reduce incident response costs that totaled millions of dollars. The number of password resets also fell and resulted in a direct ROI. This is especially beneficial in the context of identity and access management (IAM), since the annual cost in password resets was the top expenditure for the security team.

The Ability to Quickly Scale Passwordless Across a Growing User Base.
Aetna’s success along its passwordless journey created a strong precedent for CVS Health to expand passwordless security to 30 million users. CVS Health’s vision is to make customer access as simple as possible by continuing to drive passwordless authentication, enabling customers to quickly access their prescriptions, across their trusted mobile devices, as well as laptops with platform authenticators such as MacOS TouchID and Windows Hello.