West Bend
About the Company
West Bend Mutual Insurance Company is a Midwest-based insurer that’s committed to providing peace of mind to its customers. When it comes to data protection, that means ensuring customer information is safely stored and managed, and internal systems are maintained to be available whenever they need to be accessed.
Product Used: Universal Tokens
The reality of risk
Storing sensitive data in your environment increases the risk and potential impact of a data breach and subjects your internal systems to regulatory compliance obligations and other requirements for protecting and retaining data. Unfortunately, in many instances, storing this data can be unavoidable.
“From my seat, the issue is that it’s necessary for business,” said Ryan Dove, West Bend Mutual Insurance’s director of information security. “There’s a lot of government entities that require us to capture and retain that information, which usually means we can’t purge it fast enough from a security perspective because we need to be able to maintain the integrity of that data long-term.
“Not only am I worried about maintaining the personal financial information (PFI), but I’m also worried about how you maintain a system for 25-30 years to be able to support the information in order for it to be recovered. That’s the real challenge when we start to focus on this.”
Keep sensitive data out
West Bend worked with IXOPAY to remove the PFI from its internal systems – strengthening its security, minimizing its risk, and reducing the potential impact of a breach all while accommodating its unique environment and data-retention requirements.
This reduced the impact of a breach by 1.5 million records and required no significant changes to West Bend’s legacy database structure and existing operations.
“We were able to convert our entire claims and personal-line systems within a year and completely reduce our impact by probably a million-and-a-half unique records,” Dove said. “Implementing with the IXOPAY APIs was very simple and straightforward, and we use them both in a batch-process method and the real-time methods, single value, multiple times a day.”
How it works
First, West Bend sends PFI to IXOPAY via API and batch file processes to remove the sensitive data from its environment.
Then, West Bend receives a nonsensitive multi-use token that can be safely stored within its internal systems.
When West Bend needs to access the original data or send it to a third party, it simply returns a token to IXOPAY who then fulfills the request.
“We were looking for opportunities to reduce the impact of a breach, and the way we saw to do that was to eliminate personal financial information that is stored in our systems.”