VHI Healthcare

Ireland’s largest health insurer is leading the way in passwordless and has reimagined the digital experience.

Deployment:
300,000+ Customers

vhi-healthcare_white_sq

Key Impacts

Eliminated Centralized Passwords
Reduced Cost of Password Resets
Increased Mobile User Adoption
Enhanced Customer Service Experience
Stopped Credential Reuse Attacks
Improved Customer Support Productivity
Achieved PSD2 Compliant Strong Customer Authentication

Overview

Vhi Healthcare is Ireland’s largest health insurer, with over 1 million members. Vhi offers a number of health insurance products, as well as Dental, Travel and Life insurance.

The Challenge

Vhi approached HYPR with the goal of increasing mobile app adoption by enhancing the digital customer experience. This business initiative aligned closely with the IT objective of reducing help desk costs associated with legacy password-based authentication systems. Insurance companies know better than anyone; password resets are frequent, expensive, and comprise a large percentage of the customer’s service requests.

Regulatory Requirement for Strong Customer Authentication

Vhi expressed that they also needed an authentication approach that would satisfy PSD2 Compliance requirements. Specifically, the Section 9.3 of the Regulatory Technical Standards (RTS) specifically describes the use of “separated software execution environments” for achieving Strong Customer Authentication (SCA). This means passwords and legacy two-Factor Authentication were no longer sufficient to secure customer applications as they rely on shared secrets andt do not make use of a secure software execution environment. Vhi saw passwordless authentication as a fast and simple way to meet PSD2 compliance by eliminating passwords and shared secrets. 

VHI app

For Users of All Ages — Accessibility Is Key

A key consideration was the importance of deploying a mobile experience designed to meet the unique needs of Vhi policyholders. Vhi requested a passwordless experience that is easy to understand and intuitive for their customers, many of whom are senior citizens. A mobile passwordless authentication experience would improve usability - but the security team didn’t want to stop there. Users needed to be able to authenticate with biometrics as well as more familiar knowledge-based factors such as PIN. They wanted to provide users best-in-class protection that was accessible and usable by all age groups, demographics, and devices.

It was also important to Vhi that applications would be powered by an interoperable architecture that would work across iOS, Android and web platforms. Vhi wanted to use a FIDO-Certified solution that would remain interoperable with future authenticators. Finally, the customer required that legacy iPhone 5 devices be supported as well. This presented a unique challenge as older iPhones lack a Secure Enclave and prevent most vendors from deploying passwordless authentication on such devices.

Vhi-quote-Damien

 

 

The ability to deliver strong passwordless authentication to our customers who are using the Vhi App is critical for a secure digital health experience. HYPR’s passwordless authentication has simplified and improved the experience for our customers without compromising on security.

 

Damien Mullan

IT Manager, Vhi Healthcare

The Solution

Vhi quickly integrated the HYPR True Passwordless SDK into the consumer-facing mobile applications. Vhi was now able to deliver strong passwordless authentication to their customers who are using the Vhi App for a secure digital health experience. HYPR’s passwordless authentication simplified and improved the experience for Vhi customers without compromising on security.

Vhi was able to fulfill their PSD2 requirements as HYPR passwordless MFA supports transaction signing compliance, including cryptographic signing of every transaction and unique dynamic linking.

With secure, passwordless technology, Vhi senior citizen users who have older iPhone models without a Secure Enclave can now be protected from credential reuse attacks. The enhanced user experience provided a simple, onboarding process and easy-to-use intuitive platform for their customers. 

HYPR ensured that the passwordless authentication would be fully interoperable and that all devices would be covered, even legacy smartphones. HYPR’s fully customizable user interface enabled Vhi to maintain strong branding and personalize their applications as needed. Each day, thousands of passwordless users authenticate with customer MFA powered by HYPR.

The Results

Vhi’s elimination of passwords has increased security for the company and for their customers, who enjoy faster authentication experiences that are protected against credential reuse. As a result of deploying HYPR, Vhi Healthcare enjoys less password resets and by extension they are seeing a steep decline in the number of customer service requests. In an industry where password resets can send service costs sky-high, Vhi remains many steps ahead.

Related Resources