Fraud for Thought: The Emerging Threat of Synthetics in Insurance
In a compelling interview from my "Fraud for Thought" podcast, we dive deep into the world of fraud prevention with who has decades of experience in the field - particularly with regards to emerging digital fraud typologies. We explored one of those such themes - Synthetics - and the risk it now poses to the insurance industry. Below are key excerpts highlighting some of the most crucial insights shared during the discussion. On Emerging Threats in Identify Theft & Synthetic Fraud… Alex: What recent and emerging trends are you seeing used by cyber criminals with regards to identity theft and synthetic fraud? Steve: It's been interesting to see the shift take place from the financial sector to the insurance space. Fraudsters will always go where the money is and they realize that's the insurance space. The insurance space, while very mature from an organizational perspective, has always dealt with fraud. But not like the fraud the financial sector has seen.We're seeing these threat actors coming into the insurance space with things such as synthetic identity, deep fakes, and generative AI - being targeted by technology that it just hasn't quite seen yet.The banking sector has been seeing it for the last five or six years and the insurance base is now seeing it. And it's what I call the 'fraud tsunami' where they're seeing the waves come in and that's the fraudsters kind of playing with things, understanding the insurance first of all, understanding that insurance is where the money really is, what the controls are, what the program is, and then they'll launch their attacks with technology.We're seeing a lot of things like bot attacks now that are being used and scripted to apply for a policies for example. Whether they are successful or not, it doesn't really matter to them. It's a testing strategy for them to understand again what the controls are that insurance has in place, to see what they get through. And if they get a policy applied, they may not do anything with it for awhile. They may just sit on it and again understand how the program works, where the control gaps are, what the thresholds are. We call those accounts 'sleeper accounts': they sit there and wait for the activity on the synthetic side.So you're seeing traditional identity theft and you're seeing synthetic identities that are now being, and have been used, groomed, and matured in the financial sector now moving into the insurance space. I was speaking with a large insurance provider and discussing some synthetic identity identifiers and they quickly ran their identifier and found a $5,000,000 life insurance policy that they paid out to an individual that does not exist. They started looking more and more into it and found roughly $40 million in death benefits they paid out to individuals who never lived.That is a huge red flag for the insurance industry: that this threat is coming to them, into their space and will start to expand and land as they move forward. Key takeaway : The utilization of technologies like deep fakes and generative AI by fraudsters is of paramount concern to Quantexa's insurance customers who are taking a proactive stance in preventing and combatting such threats. They are exploring the accessibility of Gen AI tools to fraudsters and the potential implications. On Adapting Tactics with Technology… Alex: From what you've seen, how are insurance companies adapting their tactics to help defeat the fraudster and what strategies and technologies are they putting in place to enhance that capability? Steve: To combat technology, you need technology. The old days of the human firewalls, like massive fraud shops of hundreds of analysts working reports and cues (that really produced a lot of false positives) is no longer sustainable or scalable. Especially with the level of fraud that is coming to the insurance space; it will be equivalent to what the financial sector saw in the last two decades. So, you have to have the appropriate technology. It's pretty easy. The insurance companies just need to look to the banking sector again, what do they do? It's about account onboarding, right? You want to keep the bad guys out of your account at all costs because once they're in the account, then it's very difficult to mitigate them and it's expensive to move them out of out of your portfolio. You're looking at things at the onboarding stage, which is what I call a proactive stance versus reactive. To get into the proactive stance where you eliminate the fraud threat altogether you don't approve the application for the policy, you deny them at the door; but how do you do that? How do you prove fraud intent? This may look like fraud, but until they do something, is it really fraud? Just because I'm carrying a firearm doesn't mean I'm going to go out and commit a homicide, but when I do, then then it becomes a homicide. And so it's very difficult for individual for banks and technology to determine what we call the intent. They're looking at things and tying the data together, such as device information and behavioral biometrics. We're looking at non-traditional data sets instead of your traditional data sets like credit bureaus or large data aggregators. You're looking for things that that would help you tie things together, which ties in the concept of entity resolution. How do you tie all that technology together? How do you tie the data that you've obtained through those technology into a workable queue for your analyst? Because the false positive rate can be somewhere in the 95 percentile. You have to understand the data you're trying to acquire, what you're going to do with it, and then how to use that data in the truth data format to retrain your models and tighten your defenses. Key takeaway: Quantexa customers are going beyond identifying and probing fraud among their existing clientele to preemptively thwart dealings with dubious clients. This requires a proactive approach to refraining from underwriting policies for potentially fraudulent individuals intending to exploit their services. On Balancing Security and Convenience… Alex: How are some of those technologies helping insurers strike that balance between customer convenience and the stringent validation that should be in place when it comes to identity verification? Steve: It's most important to understand the connections with the data (right back to entity resolution) - understanding that these are transnational groups that are attacking at scale. When you attack at scale there are relationships and connections between those online applications or between those accounts. The trick is to understand what those relationships look like and so you know you're looking at again mentioned device identification for example, individuals who try to spoof their computers. Synthetics have been groomed in the financial sector for the last 20 years, which are truly just data points. Now what we've seen is deep fakes are creating now both visual and audio for the actual synthetic identity: now the synthetic identity has a face and a voice. You've seen a lot of the technology come around about liveliness checks, send us a picture of a selfie, turn your head, go on Webex, go on Teams, whatever it might be to prove that you really are a human. The technology has progressed so quickly in the last two years that's easily defeating most technology that the banks and insurance companies have in place to defend. Banks have been doing that for awhile now through organized groups. The insurance companies do have some organizations within their within their scope of business and the analysts and investigators do talk to each other. But I believe it's very much in an informal structure. There needs to be some kind of formalized structure to take all this data, put it all together and say, we know this is a bad actor because they attacked insurance company A and inform insurance Company B, right? The banks have made that mutual connection in a relationship to say, listen, we're going to free fall together versus looking at as a competitive disadvantage like sending a bad guy from us to them is better for them. That doesn't happen in the banking world these days. They work together from a consortium's perspective to identify those data sets. Key takeaway: Contemporary fraud is driven by transnational groups and advanced technologies like deep fakes. Combatting this demands sophisticated methods such as entity resolution to uncover patterns of fraudulent activity across online applications and accounts, in order to provide a comprehensive approach that balances stringent validation with customer convenience. Conclusion My discussion with Steve highlighted critical insights into the emerging threats facing the insurance sector. Fraudsters are increasingly using advanced technologies such as deep fakes and generative AI to exploit vulnerabilities. This shift necessitates a proactive approach from insurers to effectively counter these sophisticated attacks. Implementing advanced technologies is essential for detecting and preventing fraud before it impacts customers. As these threats evolve, industry collaboration becomes crucial for sharing intelligence and developing robust defenses. Staying informed about these emerging threats and the proactive measures needed to combat them is vital. By understanding and implementing the latest technological advancements, we can collectively safeguard against sophisticated fraud and ensure a secure and trustworthy insurance landscape. Let's work together to protect your interests and strengthen our defenses against these evolving threats. For more Fraud for Thought, visit the Quantexa website: Fraud for Thought It’s time to enhance your strategy to prevent and detect insurance fraud across the enterprise.
Quantexa's SME newly released SME classifier - are you accurately identifying your SME customers?
Quantexa has introduced a new classifier for Small and Medium-Sized Enterprises (SMEs) based on European Commission guidelines, designed to scale for extensive legal hierarchies. This tool addresses the critical need for accurate SME classification, which plays a significant role in various sectors, including credit risk assessment, customer intelligence, and fraud prevention. SMEs are the backbone of the global economy, making up 99% of all enterprises in the EU and two-thirds of its private sector jobs. Their classification is crucial for financial institutions to model risk accurately, allocate capital efficiently, and tailor services effectively. Furthermore, SMEs are often prime targets for fraud, making precise classification essential for robust risk monitoring and protection. However, accurately classifying SMEs presents several challenges. One major obstacle is understanding an enterprise's legal hierarchy, which involves complex calculations of headcount, turnover, and balance sheet totals. The European Commission's definitions add further complexity, requiring precise assessments of ownership percentages and public body influence, where more than 25% ownership by a public body disqualifies an enterprise from being an SME. Figure 1: Required thresholds for SME classification. If an enterprise’s combined totals satisfy the given threshold requirements, then, in addition to some other checks, the enterprise can be classified as an SME. Quantexa's advanced technology, including graph traversal and entity resolution algorithms, facilitates the efficient analysis of these complex legal hierarchies. The Q Knowledge Graph algorithm ensures that large datasets can be processed quickly, enabling accurate and scalable SME classification. Read the full article here: https://community.quantexa.com/kb/articles/240-revolutionizing-sme-classification-quantexas-scalable-solution I would love to hear thoughts on SME classification and your perspectives! As a starter for ten, feel free to use the below questions to share your insights: What are the main challenges your organization faces in classifying SMEs accurately, and how does Quantexa help address these challenges? What future trends do you see in SME classification, and how might they impact financial crime prevention?How Can Decision Intelligence Help Identify Medical Provider Facilitation & Collusion?
⚠ Year after year, we’ve sadly seen a rise in medical provider & billing scams costing the industry millions of $$$ each time! Fraud related to medical practitioners using malpractice, shell companies and straw ownerships of clinics is on the rise. We've recently seen many repeated trends, including a specific case totalling over $1m below 👇 ⚙ With the right #contextualdecisionintelligence technology, you can easily spot hidden patterns, connections and collusive networks. Connecting public records, corporate records, exclusions with internal payments, billing and claims data creates a #provider360 / #supplier360 approach to deliver intelligence to stop this before a big court case / significant losses. 👉 Previously disbarred medical practitioners setting up under new licenses and businesses 👉 Practitioners re-appearing a few years after convictions for bribery, corruption, forgery and tax fraud 👉 Shared location and contact details including family associations with risky clinics &/or practitioners 👉 Shell company registrations, multiple company filings and repeated dissolved companies 👉 Company directors with links to new practitioners not yet under investigation 👉 Business links to residential and temporary office addresses, for example medical manufacturers, pharmacies, physicians and more I would love to hear your thoughts on this? ++
Investigating Network Fraud: 4 Key Areas for Investigators
Following on from my article on why networks are important – I regularly talk with investigators on how best to identify and investigate organised network fraud. I am mindful that there are a lot of seasoned investigators out there so in this article I will be talking basics and from a perspective of using technology only to investigate network fraud. The first principle of investigating network fraud is to have all available data in the hands of the investigators – this sounds quite basic but often we speak to investigators who use different data sources, capabilities, and sources of alerts that are not integrated into one platform. The best technology platforms I have seen take a best of breed approach and provide the ability to integrate easily and onboard data as efficiently as possible to allow for greater data coverage and better investigator efficiency. The second principle is to think of fraudsters as business people, and from that lens we should understand that fraudsters want to “sweat their assets” (vehicles, synthetic IDs, group resources etc.) to make their business (illicit streams of money through fraud) as profitable as possible in the shortest time-frame whilst taking the minimum operational risk. Read the full article here (login required): https://community.quantexa.com/kb/articles/203-investigating-network-fraud If you are not a customer or a partner and would like to see the article, please comment below.Event Roundup: Global Insurance Fraud Summit - Edinburgh
This month, the Quantexa team and customers participated in the Global Insurance Fraud Summit (GIFS). This summit aims to bring together global consortia and insurance organisations as well as law enforcement such as the Insurance Fraud Enforcement Department (IFED) and Interpol. Quantexa and our customers participated in several panels and presentations. One consortium in Asia indicated the importance of bringing together technology, training and operational processes, with the rollout undertaken this time taking into account of all three for maximum benefit to its members. It was also great to hear from our Public Sector customer, who provided learnings on how to tackle fraud as there are commonalities between insurance fraud and public sector fraud. This organisation also stressed the importance of using data correctly in conjunction with accurate entities and networks, highlighting that they had saved close to £311m overall as an organisation. It was fascinating to hear from other countries on how they are tackling fraud, and to hear from David Glawe, the CEO of NICB. The key common threads throughout the majority of the presentations were: Fraud is commonplace across all territories with a huge victim or consumer impact Fraudsters are like business organisations, and like businesses have extended their supply chains, impact and networks globally The use of technology on the fraudster side is increasing, and only by insurance organisations doing the same can fraud be tackled sufficiently It was also great to hear the insurers’ view on these panels as well, with senior executives talking about the importance of a single customer view for use in multiple use cases as well as understanding that at the moment it is a tough financial climate due to inflation. There was an appetite to work together with bureaus, however this process needs to be easier either through the mechanisms of sharing data more easily or understanding global schemes or problems centrally. It was a great pleasure to take part in the Global Intelligence Sharing panel, and during this we discussed how can insurance organisations share more easily, and by sharing it won’t be as easy as sharing data globally due to the many different data sharing restrictions we have globally. Rather, we must start with understanding how we are sharing currently, what learnings we can take from there and then building on this to start sharing modus operandi or common trends.The changing shape of fraud in the UK market - ABI Fraud Statistics
With the latest release of the ABI fraud statistics, there have been some interesting numbers highlighted. The figures indicate that the total number of fraudulent claims detected fell by 19%. But looking deeper at the figures – whilst the number of fraudulent claims detected reduced, the average value of a suspicious or fraudulent claim increased to £15,000 – a 20% increase from the previous year. Does that mean fraud has reduced? My view is that looking at the numbers it implies that insurers may have good measures in place to detect the traditional fraud scams, however an increase in the average claim indicates that fraudsters are changing the way that they are trying to defraud an insurer through cost-layering for example. One figure from an insurer in the market as an example highlighted that previous to the OIC and Whiplash Reforms being implemented, only a fraction of claims had psychological damage whereas now it features in 60%+ of claims that are being made. This changing nature of fraud has always been a common trend, and this is further implied from the latest ABI fraud statistics with the rise in value of property frauds, which rose £134m and up 8% from the previous year. With the cost-of-living crisis, and with the advent of new technical capabilities in the market – insurers need to be constantly adapting to new changes and modus operandi through efficient use of technology. The ABI itself highlighted an increase in opportunistic fraud of 2% demonstrating that unfortunately individuals previously unknown to the insurer may attempt to make fraudulent claims due to economic circumstances. AI is seen as the silver bullet but without better context, using the data more efficiently and enabling investigators more, fraud will just get displaced into other areas of business which without identifying as soon as possible will cause even more challenges for insurers down the road. Read here about how poor data quality can hurt the insurance industry's ability to detect and prevent fraud.
