In a day when even voters’ election data is being hacked and stolen, concerns are on the rise when it comes to how to protect the data of plan participants and retirees — particularly on the part of plan sponsors and providers, lest they be held liable for data breaches.
The only thing that’s certain is that some techniques are more effective than others.
In fact, the 2016 ERISA Advisory Council, which was put together to advise the U.S. Department of Labor, just held its third meeting on the subject, the better to advise fiduciaries who could find themselves in the hotseat over compromised participant data. The council is looking at cyber risk management strategies, with an eye toward providing guidance in the protection of personally identifiable information of Employee Retirement Income Security Act plan participants and beneficiaries.
Not that it’s any surprise to the financial industry, but Security Intelligence reported that as data sabotage is being seen as its most recent threat, spending on data security is also going up. The report said that access controls and data monitoring are key in protecting firms’ information from attacks that aren’t even easy to spot. To that end, firms are augmenting existing security features to guard client data from hackers and thieves.
The most recent measure to be put in place comes from retirement services company TIAA, which has introduced voice biometric authentication for clients, adding an extra layer of security — and clients don’t even need a password.
Related: 10 cybersecurity steps for RIAs
The voice recognition functionality allows clients to create a voiceprint that securely identifies them when they call in to speak with a TIAA representative, transfer funds or check account balances. TIAA said that using the secure vocal password allows customers “to skip many of the various authentication steps used today. The system is equipped to detect and safeguard against voice recordings.”
Even the Social Security Administration has been getting into the act with additional authentication measures, but its efforts were rescinded in just two weeks after a backlash from seniors who were locked out of the system by the new security requirements.
In what surely wasn’t a well-thought-out strategy, seniors were required not just to log into their accounts with their usernames and passwords, but also to provide authentication in the form of a code that was sent to their cellphones as a text message. Failure to provide the texted code locked seniors out of their accounts.
However, since many seniors don’t “do” texting, either because they don’t have cellphones to begin with, their phones aren’t capable, the service costs more than they can afford or they lack the physical dexterity to use the feature, there was a flood of complaints to the SSA and within two weeks the additional requirement was withdrawn.
The agency has said it is pursuing other options for more secure authentication and hopes to have another option available within the next six months.
Complete your profile to continue reading and get FREE access to BenefitsPRO, part of your ALM digital membership.
Your access to unlimited BenefitsPRO content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking benefits news and analysis, on-site and via our newsletters and custom alerts
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the property casualty insurance and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
