Ireland’s largest health insurer is leading the way in passwordless and has reimagined the digital experiences.
Passwordless Customer Authentication
"A sizable number our users are leveraging older iPhone models that lack a Secure Enclave. It was imperative that HYPR work across all devices - and it does."
A Customer-First Strategy
Ireland’s largest health insurer approached HYPR with the goal of increasing mobile app adoption by enhancing the digital customer experience. This business initiative aligned closely with the IT objective of reducing help desk costs associated with legacy password-based authentication systems. Insurance companies know better than anyone - password resets are frequent, expensive, and comprise a large percentage of the customer’s service requests.
A New Regulatory Requirement for Strong Authentication
VHI expressed that this new approach to authentication was needed to satisfy PSD2 Compliance requirements. Specifically, the Section 9.3 of the Regulatory Technical Standards (RTS) specifically describes the use of “separated software execution environments” for achieving Strong Customer Authentication (SCA). This means passwords and legacy 2-Factor Authentication were no longer good enough to secure customer applications – as they rely on shared secrets that do not make use of a secure software execution environment. VHI saw Passwordless authentication as a fast and simple way to meet PSD2 compliance by eliminating passwords and shared secrets.
For Users of All Ages - Accessibility is Key
A key consideration was the importance of deploying a mobile experience designed to meet the unique needs of VHI policyholders. VHI requested a password-less experience that is easy to understand and intuitive for their customers, many of whom are senior citizens. A mobile passwordless authentication experience would improve usability - but the security team didn’t want to stop there. Users needed to be able to authenticate with biometrics as well as more familiar knowledge-based factors such as PIN. They wanted to provide users best-in-class protection that was accessible and usable by all age groups, demographics, and devices.
It was also important to VHI that applications would be powered by an interoperable architecture that would work across iOS, Android and web platforms. VHI wanted to use a FIDO-Certified solution that would remain interoperable with future authenticators. Finally, the customer required that legacy iPhone 5 devices be supported as well. This presented a unique challenge as older iPhones lack a Secure Enclave and prevent most vendors from deploying passwordless authentication on such devices.
"The ability to deliver strong password-less authentication to our customers who are using the VHI App is critical for a secure digital health experience. HYPR’s password-less authentication has simplified and improved the experience for our customers without compromising on security.”
A Passwordless Population Experiences Accelerated Mobile Adoption
VHI quickly integrated the True Passwordless SDK into the consumer-facing mobile applications. HYPR ensured that the passwordless authentication would be fully interoperable and that all devices would be covered, even legacy smart phones. HYPR’s fully customizable user interface enabled VHI to maintain strong branding and personalize their applications as needed. Each day, thousands of password-less users authenticate with customer MFA powered by HYPR.
Vhi’s elimination of passwords has increased security for the company and for their customers, who enjoy faster authentication experiences that are protected against credential reuse. As a result of deploying HYPR, Vhi Healthcare enjoys less password resets and by extension they are seeing a steep decline in the number of customer service requests. In an industry where password resets can send service costs sky-high, VHI remains many steps ahead.