AIA Hong Kong & Macau connects customers to a world of secure and trusted digital experiences using Microsoft Azure Active Directory B2C

By opening its digital platform, AIA made a commitment to make sure its customers were not left in the wild to struggle with complex sign-in processes or left unprotected in facing constant fraud risks and security threats in the online world.

In 2018, AIA Hong Kong & Macau unveiled AIA Connect, its all-in-one digital platform to all of its valued customers. With AIA Connect, customers can now manage all their insurance needs—from life, medical, pension to wellness products—using a single-pane-of-glass platform, that is available 24/7 and seamlessly weaved into day-to-day life. AIA Connect was an instant hit with rapid market adoption and now has over 700,000 customers enjoying the AIA Connect digital experience, which scores a four-star average rating in both the Apple App Store and the Google Play Store.

In a mission to provide the best possible digital experience to customers, AIA is relentlessly pursuing innovation to make AIA Connect better and more secure. The company’s multi-year digital transformation program was initiated to stay ahead of rising customer expectations.

“Our ultimate goal is to deliver a complete and trusted digital experience that is user-centric and empowers our customers to fully support and protect themselves during all life challenges,” says Gary Ho, Head of Digitalization, Innovation and Enterprise Architecture, AIA Hong Kong & Macau.

Growing user demand and the need for constant innovation around AIA Connect created a trifecta of issues—a longer and less reliable customer sign-in process, a growing risk of security fraud incidents, and the slow rollout of new features and innovations. The core cause was the aging legacy in-house platform that managed user identity and sign ins, which was struggling with scalability and a lack of compliance to modern standards.

Overcoming legacy challenges to enhance customer experiences

The aging legacy platform compelled AIA Hong Kong & Macau to upgrade its AIA Connect app with a new customer identity access management (CIAM) platform to provide its customers with a more secure, convenient, and reliable, sign-in experience that aligns with industry standards.

AIA Hong Kong & Macau selected Microsoft Azure Active Directory B2C (Azure AD B2C) as the primary CIAM platform while using Microsoft Azure Kubernetes Service (AKS), and Microsoft Azure SQL Database on the backend. The cloud-based approach allowed AIA to move the critical, resource-intense CIAM system off its own systems, which provided immediate scalability, on-demand performance, and flexibility.

The new system had to meet industry standards for security and provide future-proof performance to facilitate expansion of features and services in the evolving digital landscape. It had to enhance the authentication process stability and performance by offloading workloads from the AIA on-premises infrastructure. While integration with external identity providers via industry standard authentication protocols like OAuth 2.0 was critical, ultimately the chosen solution had to also be cost effective and efficient to deploy and manage.

Azure AD B2C is a white-label authentication, B2C, identity-as-a-service platform capable of supporting millions of users and billions of authentications per day. Customers can sign in via the platform through a fully customized AIA branded user experience, while the backend ensures reliability, consistent response, and performance.

Improving stability, security, and innovation

While deployment time and cost were big wins for AIA, the most critical benefits were three-fold. The first fundamental improvement was greater stability and performance so that users could quickly, conveniently, and reliably sign in. This allowed AIA to spend much less resources and time supporting this process and divert efforts to more impactful and growth-oriented projects.

Second is the crucial improvement of security capabilities. The previous system lacked support for multi-factor authentication and industry standards, such as the OAuth 2.0 protocol. Prevalent across many modern, leading consumer financial services platforms, OAuth 2.0 provides specific authorization flows for web applications, desktop applications, mobile phones, and living room devices to give providers and users a trusted authentication process. 

Enhanced security features mean AIA now benefits from improved monitoring and visibility of the sign in process with automated alerts for suspicious and potentially fraudulent activities. AIA worked with regulators who insisted on overseeing the early stages of the CIAM integration to ensure compliance with regulations and industry standards.

The third key benefit is that the platform now allows for faster innovation and shorter time-to-market for new features and services. The new platform is standards-based with more modern modules, which need to be constantly updated against new security issues. This means new services can be developed far quicker with far less effort than before.

Using the new CIAM with AIA Connect allows customers to fully self-register for the app—a process that previously required additional support from AIA to complete. All sign in changes, such as the forgot ID/password and change password features, can now be completed in a fully self-service manner.

Creating the seamless social sign-in

Another feature that will soon take AIA Connect another step forward in the pursuit of user experience excellence is social media integration. AIA is developing social sign in, which is enabled by the Azure AD B2C single sign-on capability, allowing authentication via social or enterprise account identities in the future.

Looking ahead, AIA has set its sights on even higher levels of digitalization. With COVID-19 having spurred the increased web usage and the demand for service accessibility, a key ambition for many financial service providers today is to provide fully digital customer onboarding or electronic “know your customer” (eKYC) processes. 

Increased regulatory requirements, stringent anti-money laundering, and heightened security demands have made eKYC a complex and highly challenging feature to enable. But the promise of simpler and faster account openings significantly lowers customer acquisition effort and cost. 

Much of these features are down to the high level of integration that the new CIAM platform provides to AIA. While account opening and sign-in processes should be a given, the challenge of enabling eKYC and the rise in modern data privacy and security concerns, highlight how this entry point into online services cannot be taken for granted. 

The new CIAM deployment has been a bold and pioneering approach by AIA given its customer base of 3.3 million and the complexity and ambition of its digital transformation plan. But the commitment to delivering new possibilities to customers with an equal emphasis on trusted and secure access is paying off.