USAA and Amica Mutual were the only two out of 12 insurersincluded in a recent report to score “A” or above for protectingclients' information when payments are made online.

The report, released by financial services technology monitorCorporate Insight, Inc., tracked measures that companies utilize ontheir login pages to protect clients who enter sensitiveinformation.

“Online security is always an area of concern where personalinformation is at stake. Normally, banks and brokerage firms havemade cyber security a top priority, but if you have a P&C or arenter's account, your personal information is easily vetted andavailable if someone hacks into your account,” says Lauren Wistrom,Corporate Insight's senior P&C analyst.

The CI report, titled “Login Security: Keeping PolicyholderInformation Safe”, focuses on several key security recommendationsthat insurers should follow:

• Offer access to the company website with visible login boxes insections of the private site.
• Create a two- step identification process, including entering apassword and a PIN number.
• Ask customers to answer more than one security question forenhanced identity confirmation.
• Implement advanced security measures such as computerauthorization software (tokens).
• Link to company security practice FAQs and customer safetytips.

Of the firms studied by Corporate Insight, 10 offer login accessat the top of the static homepage menu, nine ask security questionsas part of the login process, and half of firms offer loginsecurity information. Also, two firms (The Hartford andProgressive) allow bill pay without login, letting users makepolicy payments without storing vital information.

Five firms — including GEICO, Liberty Mutual, Progressive, StateFarm and USAA — discuss their SSL encryption techniques on acustomer-accessible page. However, only four firms require users toselect policy type when logging in and only four remind clients toclose their browser upon logout.

USAA (A+) and Amica (A) stood out because of USAA's option tolet customers set their own security questions, retrieve lost logincredentials and receive their PIN number via text message; andAmica's utilization of a security image along with a two-stepidentification process- the only company surveyed to use the extrasecurity metric.

Identity theft was named by the FBI as second-leading type ofcybercrime in 2011.