Increased regulatory and security requirements around multi-factor authentication (MFA) are beginning to impact independent agents and their business interactions, according to a recent survey from the Big “I" Agents Council for Technology (ACT).  

Of the 271 agency representative respondents, nearly half (48%) say their carrier partners are requiring MFA to some extent. Of those, 44% say that three to five of their carrier partners are requiring MFA while 17% say that most of their carriers have MFA requirements.

When required to use MFA by carrier partners, 50% of agencies must use it at every login with 43% having the ability to use “Save my Device" for future logins for up to 60 days. Only 4% are using ID Federation/sign-on once for participating agency and carrier systems.

When it comes to specific types of MFA, the most preferred by agencies is text message at 24%. And 18% prefer adaptive MFA, which recognizes a previously used device. 

While 1% of respondents said that none of their carriers are requiring MFA, they are still receiving communications about its future implementation. When asked how much time their carrier partners are giving agencies before MFA becomes mandatory, 34% are said to be seeking compliance within two or more months, with 35% seeking compliance within one month.

Of the myriad issues and actions needed to address cyber risks and implement a solid cybersecurity program, MFA is quickly gaining focus as a requirement, according to the report, which noted that the independent agency system is clearly at a critical inflection point with MFA in the distribution channel.

In general, agent feedback has been one of understanding and reception, with carriers not reporting any measurable impact to quoting, sales or service volumes. Similarly, most agent respondents are indicating they are seeing minimal-to-no agency workflow impact from implementation of MFA. Less than 3% indicate they see MFA as another step for staff, a lengthened workflow process or frustrating for customer service representatives or front-line staff.

But whether agents understand the reasons behind MFA implementation is another question. While 43% of agents indicate their carrier partners are using similar MFA implementations, less than 1 in 3 agents see the value of it and 12% do not see the value of implementation in the industry.

When it comes to an MFA wish-list, agents would like the system to be simple and effective, with one method of security to be adopted across the industry with multiple ways to authenticate—including apps, text and voice—as well as a single sign-on capability.

Olivia Overman is IA content editor.