Fraud for Thought: The Emerging Threat of Synthetics in Insurance
In a compelling interview from my "Fraud for Thought" podcast, we dive deep into the world of fraud prevention with who has decades of experience in the field - particularly with regards to emerging digital fraud typologies. We explored one of those such themes - Synthetics - and the risk it now poses to the insurance industry. Below are key excerpts highlighting some of the most crucial insights shared during the discussion. On Emerging Threats in Identify Theft & Synthetic Fraud… Alex: What recent and emerging trends are you seeing used by cyber criminals with regards to identity theft and synthetic fraud? Steve: It's been interesting to see the shift take place from the financial sector to the insurance space. Fraudsters will always go where the money is and they realize that's the insurance space. The insurance space, while very mature from an organizational perspective, has always dealt with fraud. But not like the fraud the financial sector has seen.We're seeing these threat actors coming into the insurance space with things such as synthetic identity, deep fakes, and generative AI - being targeted by technology that it just hasn't quite seen yet.The banking sector has been seeing it for the last five or six years and the insurance base is now seeing it. And it's what I call the 'fraud tsunami' where they're seeing the waves come in and that's the fraudsters kind of playing with things, understanding the insurance first of all, understanding that insurance is where the money really is, what the controls are, what the program is, and then they'll launch their attacks with technology.We're seeing a lot of things like bot attacks now that are being used and scripted to apply for a policies for example. Whether they are successful or not, it doesn't really matter to them. It's a testing strategy for them to understand again what the controls are that insurance has in place, to see what they get through. And if they get a policy applied, they may not do anything with it for awhile. They may just sit on it and again understand how the program works, where the control gaps are, what the thresholds are. We call those accounts 'sleeper accounts': they sit there and wait for the activity on the synthetic side.So you're seeing traditional identity theft and you're seeing synthetic identities that are now being, and have been used, groomed, and matured in the financial sector now moving into the insurance space. I was speaking with a large insurance provider and discussing some synthetic identity identifiers and they quickly ran their identifier and found a $5,000,000 life insurance policy that they paid out to an individual that does not exist. They started looking more and more into it and found roughly $40 million in death benefits they paid out to individuals who never lived.That is a huge red flag for the insurance industry: that this threat is coming to them, into their space and will start to expand and land as they move forward. Key takeaway : The utilization of technologies like deep fakes and generative AI by fraudsters is of paramount concern to Quantexa's insurance customers who are taking a proactive stance in preventing and combatting such threats. They are exploring the accessibility of Gen AI tools to fraudsters and the potential implications. On Adapting Tactics with Technology… Alex: From what you've seen, how are insurance companies adapting their tactics to help defeat the fraudster and what strategies and technologies are they putting in place to enhance that capability? Steve: To combat technology, you need technology. The old days of the human firewalls, like massive fraud shops of hundreds of analysts working reports and cues (that really produced a lot of false positives) is no longer sustainable or scalable. Especially with the level of fraud that is coming to the insurance space; it will be equivalent to what the financial sector saw in the last two decades. So, you have to have the appropriate technology. It's pretty easy. The insurance companies just need to look to the banking sector again, what do they do? It's about account onboarding, right? You want to keep the bad guys out of your account at all costs because once they're in the account, then it's very difficult to mitigate them and it's expensive to move them out of out of your portfolio. You're looking at things at the onboarding stage, which is what I call a proactive stance versus reactive. To get into the proactive stance where you eliminate the fraud threat altogether you don't approve the application for the policy, you deny them at the door; but how do you do that? How do you prove fraud intent? This may look like fraud, but until they do something, is it really fraud? Just because I'm carrying a firearm doesn't mean I'm going to go out and commit a homicide, but when I do, then then it becomes a homicide. And so it's very difficult for individual for banks and technology to determine what we call the intent. They're looking at things and tying the data together, such as device information and behavioral biometrics. We're looking at non-traditional data sets instead of your traditional data sets like credit bureaus or large data aggregators. You're looking for things that that would help you tie things together, which ties in the concept of entity resolution. How do you tie all that technology together? How do you tie the data that you've obtained through those technology into a workable queue for your analyst? Because the false positive rate can be somewhere in the 95 percentile. You have to understand the data you're trying to acquire, what you're going to do with it, and then how to use that data in the truth data format to retrain your models and tighten your defenses. Key takeaway: Quantexa customers are going beyond identifying and probing fraud among their existing clientele to preemptively thwart dealings with dubious clients. This requires a proactive approach to refraining from underwriting policies for potentially fraudulent individuals intending to exploit their services. On Balancing Security and Convenience… Alex: How are some of those technologies helping insurers strike that balance between customer convenience and the stringent validation that should be in place when it comes to identity verification? Steve: It's most important to understand the connections with the data (right back to entity resolution) - understanding that these are transnational groups that are attacking at scale. When you attack at scale there are relationships and connections between those online applications or between those accounts. The trick is to understand what those relationships look like and so you know you're looking at again mentioned device identification for example, individuals who try to spoof their computers. Synthetics have been groomed in the financial sector for the last 20 years, which are truly just data points. Now what we've seen is deep fakes are creating now both visual and audio for the actual synthetic identity: now the synthetic identity has a face and a voice. You've seen a lot of the technology come around about liveliness checks, send us a picture of a selfie, turn your head, go on Webex, go on Teams, whatever it might be to prove that you really are a human. The technology has progressed so quickly in the last two years that's easily defeating most technology that the banks and insurance companies have in place to defend. Banks have been doing that for awhile now through organized groups. The insurance companies do have some organizations within their within their scope of business and the analysts and investigators do talk to each other. But I believe it's very much in an informal structure. There needs to be some kind of formalized structure to take all this data, put it all together and say, we know this is a bad actor because they attacked insurance company A and inform insurance Company B, right? The banks have made that mutual connection in a relationship to say, listen, we're going to free fall together versus looking at as a competitive disadvantage like sending a bad guy from us to them is better for them. That doesn't happen in the banking world these days. They work together from a consortium's perspective to identify those data sets. Key takeaway: Contemporary fraud is driven by transnational groups and advanced technologies like deep fakes. Combatting this demands sophisticated methods such as entity resolution to uncover patterns of fraudulent activity across online applications and accounts, in order to provide a comprehensive approach that balances stringent validation with customer convenience. Conclusion My discussion with Steve highlighted critical insights into the emerging threats facing the insurance sector. Fraudsters are increasingly using advanced technologies such as deep fakes and generative AI to exploit vulnerabilities. This shift necessitates a proactive approach from insurers to effectively counter these sophisticated attacks. Implementing advanced technologies is essential for detecting and preventing fraud before it impacts customers. As these threats evolve, industry collaboration becomes crucial for sharing intelligence and developing robust defenses. Staying informed about these emerging threats and the proactive measures needed to combat them is vital. By understanding and implementing the latest technological advancements, we can collectively safeguard against sophisticated fraud and ensure a secure and trustworthy insurance landscape. Let's work together to protect your interests and strengthen our defenses against these evolving threats. For more Fraud for Thought, visit the Quantexa website: Fraud for Thought It’s time to enhance your strategy to prevent and detect insurance fraud across the enterprise.How Can Decision Intelligence Help Identify Medical Provider Facilitation & Collusion?
⚠ Year after year, we’ve sadly seen a rise in medical provider & billing scams costing the industry millions of $$$ each time! Fraud related to medical practitioners using malpractice, shell companies and straw ownerships of clinics is on the rise. We've recently seen many repeated trends, including a specific case totalling over $1m below 👇 ⚙ With the right #contextualdecisionintelligence technology, you can easily spot hidden patterns, connections and collusive networks. Connecting public records, corporate records, exclusions with internal payments, billing and claims data creates a #provider360 / #supplier360 approach to deliver intelligence to stop this before a big court case / significant losses. 👉 Previously disbarred medical practitioners setting up under new licenses and businesses 👉 Practitioners re-appearing a few years after convictions for bribery, corruption, forgery and tax fraud 👉 Shared location and contact details including family associations with risky clinics &/or practitioners 👉 Shell company registrations, multiple company filings and repeated dissolved companies 👉 Company directors with links to new practitioners not yet under investigation 👉 Business links to residential and temporary office addresses, for example medical manufacturers, pharmacies, physicians and more I would love to hear your thoughts on this? ++
Investigating Network Fraud: 4 Key Areas for Investigators
Following on from my article on why networks are important – I regularly talk with investigators on how best to identify and investigate organised network fraud. I am mindful that there are a lot of seasoned investigators out there so in this article I will be talking basics and from a perspective of using technology only to investigate network fraud. The first principle of investigating network fraud is to have all available data in the hands of the investigators – this sounds quite basic but often we speak to investigators who use different data sources, capabilities, and sources of alerts that are not integrated into one platform. The best technology platforms I have seen take a best of breed approach and provide the ability to integrate easily and onboard data as efficiently as possible to allow for greater data coverage and better investigator efficiency. The second principle is to think of fraudsters as business people, and from that lens we should understand that fraudsters want to “sweat their assets” (vehicles, synthetic IDs, group resources etc.) to make their business (illicit streams of money through fraud) as profitable as possible in the shortest time-frame whilst taking the minimum operational risk. Read the full article here (login required): https://community.quantexa.com/kb/articles/203-investigating-network-fraud If you are not a customer or a partner and would like to see the article, please comment below.Event Roundup: Global Insurance Fraud Summit - Edinburgh
This month, the Quantexa team and customers participated in the Global Insurance Fraud Summit (GIFS). This summit aims to bring together global consortia and insurance organisations as well as law enforcement such as the Insurance Fraud Enforcement Department (IFED) and Interpol. Quantexa and our customers participated in several panels and presentations. One consortium in Asia indicated the importance of bringing together technology, training and operational processes, with the rollout undertaken this time taking into account of all three for maximum benefit to its members. It was also great to hear from our Public Sector customer, who provided learnings on how to tackle fraud as there are commonalities between insurance fraud and public sector fraud. This organisation also stressed the importance of using data correctly in conjunction with accurate entities and networks, highlighting that they had saved close to £311m overall as an organisation. It was fascinating to hear from other countries on how they are tackling fraud, and to hear from David Glawe, the CEO of NICB. The key common threads throughout the majority of the presentations were: Fraud is commonplace across all territories with a huge victim or consumer impact Fraudsters are like business organisations, and like businesses have extended their supply chains, impact and networks globally The use of technology on the fraudster side is increasing, and only by insurance organisations doing the same can fraud be tackled sufficiently It was also great to hear the insurers’ view on these panels as well, with senior executives talking about the importance of a single customer view for use in multiple use cases as well as understanding that at the moment it is a tough financial climate due to inflation. There was an appetite to work together with bureaus, however this process needs to be easier either through the mechanisms of sharing data more easily or understanding global schemes or problems centrally. It was a great pleasure to take part in the Global Intelligence Sharing panel, and during this we discussed how can insurance organisations share more easily, and by sharing it won’t be as easy as sharing data globally due to the many different data sharing restrictions we have globally. Rather, we must start with understanding how we are sharing currently, what learnings we can take from there and then building on this to start sharing modus operandi or common trends.The changing shape of fraud in the UK market - ABI Fraud Statistics
With the latest release of the ABI fraud statistics, there have been some interesting numbers highlighted. The figures indicate that the total number of fraudulent claims detected fell by 19%. But looking deeper at the figures – whilst the number of fraudulent claims detected reduced, the average value of a suspicious or fraudulent claim increased to £15,000 – a 20% increase from the previous year. Does that mean fraud has reduced? My view is that looking at the numbers it implies that insurers may have good measures in place to detect the traditional fraud scams, however an increase in the average claim indicates that fraudsters are changing the way that they are trying to defraud an insurer through cost-layering for example. One figure from an insurer in the market as an example highlighted that previous to the OIC and Whiplash Reforms being implemented, only a fraction of claims had psychological damage whereas now it features in 60%+ of claims that are being made. This changing nature of fraud has always been a common trend, and this is further implied from the latest ABI fraud statistics with the rise in value of property frauds, which rose £134m and up 8% from the previous year. With the cost-of-living crisis, and with the advent of new technical capabilities in the market – insurers need to be constantly adapting to new changes and modus operandi through efficient use of technology. The ABI itself highlighted an increase in opportunistic fraud of 2% demonstrating that unfortunately individuals previously unknown to the insurer may attempt to make fraudulent claims due to economic circumstances. AI is seen as the silver bullet but without better context, using the data more efficiently and enabling investigators more, fraud will just get displaced into other areas of business which without identifying as soon as possible will cause even more challenges for insurers down the road. Read here about how poor data quality can hurt the insurance industry's ability to detect and prevent fraud.Perspectives on the impact to insurers of the consumer duty act in the UK
Introduced to enhance consumer protection, the new Consumer Duty Act places a greater emphasis on fair treatment, transparency, and customer-centricity has significant implications for the insurance market. Insurers are now mandated (not just recommended) to act in their customers' best interests, ensuring that products and services meet individual needs and circumstances. The act requires insurers to provide clear and accessible information, making policy terms and conditions easily understandable. This promotes informed decision-making and empowers consumers to compare offerings from different insurers more effectively. Additionally, the act aims to address potential conflicts of interest by requiring insurance providers to manage these conflicts and prioritize their customers' interests. I think this could result in a more competitive and customer-oriented market as insurers adapt their practices to comply with the new regulatory requirements. However it also puts more focus on the data which is used to conduct those "best interest" decisions across the value-chain. Something I wonder if most insurance carriers are well equipped to deal with. See more on this here: https://www.quantexa.com/blog/consumer-duty/ Would love to hear your views
How Synthetic Identities Are Impacting the Insurance Industry
Synthetic identity theft involves creating a new identity from pieces of real and false information. Fraudsters often use real Social Security members (SSNs) combined with fake names and addresses to create these “synthetic” identities. These fraudulent profiles can be used to open credit card accounts, apply for loans, or even take out insurance policies. The challenge for insurance companies is that these synthetic identities often go undetected until it’s too late – by which time the fraudster has already taken out the policy or service using the stolen identity. The best way for insurance companies to combat synthetic identities is by implementing an enterprise-wide digital strategy that validates customer data at the point of collection in real time. This could include requiring customers to provide additional forms of identification and validation of signatures, personal identifiable information and documentation of records when applying for coverage. Additionally, insurers should monitor accounts regularly for suspicious activity and use entity resolutions and artificial intelligence and machine learning technology to identify patterns that may indicate fraud. In addition to utilizing advanced analytic and fraud detection solutions, companies should focus on training employees on how to spot signs of potential identity fraud and what steps they should take if they suspect fraud in occurring on a policy, claims, or account. Synthetic identity fraud is becoming increasingly common in the insurance industry and can be difficult to detect without the right technology in place. Fortunately, there are steps insurers can take to protect their business, customers, and insureds from this type of fraud – such as using advanced entity resolution technology, network generation and perpetual customer monitoring for suspicious activity – to ensure that only legitimate customers area able to access their policies, accounts, and services. By taking proactive steps now, insurance companies can reduce their risk of falling victim to synthetic identity fraud.The insurance single customer view.. What actually is it ?
In the last week I've had about 5 interesting conversations with insurers about their "single customer view" strategy. It's also been interesting that I got completely different interpretations of what that strategy actually should be. Development of an accurate product density view across unique individuals and companies across all my product lines and regions to understand exactly what products my customer are buying to assess bundling and cross-sell An ability to recognise, in real-time, existing customers through direct quoting processes such as on websites or price comparison websites to provide a tailored discount based on existing "length of service" The creation of a "customer reference asset" (exclusively from external and third-party industry data) to give me a 360-degree view of my customer across data bureaus, public records ++. An analytical "customer master" which contains all my historic and operational enterprise data assets, connected together to deliver a single place place to perform enterprise analytics (such as ratings, loss propensity & fraud) A deep understanding of a new applicants "connected entities" (locations, vessels, vehicles, ownership structures, associated corporations, directors and officers++) in order to perform deeper due-diligence of that customer for screening, credit risk, ESG & corruption. In reality, our belief is that there is no "single view" of customer. Because in each of these cases you would not only want to use different data but also different tolerances by which you connect the data (fuzziness). You also probably want to segregate the views based on permissions within your internal staff (especially for sensitive data). It is also our belief that actually this also shouldn't be limited to a customer view as it can translate to any party (claimant, supplier/provider, witness, employee, agent) or even entity (locations/properties, vehicles or vessels, bank accounts or devices, contact details+++). That is the beauty of a dynamic holistic view of entity. It can be deployed enterprise-wide, across any data set and can be delivered to serve dynamic views for different teams, business units and value-chain applications. To learn more about this capability see here as well as a discussion on Linkedin here. Also see the comments for a 4 part blog series on this topic. We would love to hear more about your experiences of this and where you see the value in your "single customer/party view"??... @Areefih @Alan_Haskins @Shyam_Bhatt @Arnaud @Marcus_Hayes @Chris Sanders @Delphine_Masquelier @Clark @Patricia Arenas @Molly @HollyInsurance data privacy & ethics - how far does the market need to go?
Since the inception of GDPR in Europe & CCPA in the U.S. (both in 2018) the world of data privacy and ethics has been a hot topic within the insurance market. As individuals we all should care about how our personal information is obtained, stored, accessed and used. For fraud and financial crime there are usually legitimate interests in any regulation outlining the sharing and use of data for prevention and detection of fraud. Do we think they go far enough? Or do they go too far? What about for non-fraud decisions and interactions with insurers? Does this all depend on the context of the questions being asked and the data being used? See some perspectives on this with regards to fraud here: https://www.quantexa.com/blog/data-ethics-insurance/
Welcome to the Group
✔️Don't forget to 'join' this group, once you have joined you will be able to participate in conversations within the group. It will also mean you can stay up to date with all the latest. As the cliche goes, it takes a network to catch a network! We're delighted you have joined the growing global Financial/Economic Crime community here at Quantexa. To make the most of the membership, we encourage you fully engage, ask questions, initiate discussions and collaborate. 👋Introduce yourself below to start growing your Quantexa network!
