Insurance fraud was around long before the Internet. People in auto accidents who greatly exaggerated injuries and medical bills with the help of unscrupulous physicians; arson; phony disability claims; insurance brokers who overcharged their customers, then pocketed the difference or flat out kept premiums that should’ve been sent on to the insurance company, leaving their customers high and dry – unless it were for flood insurance, which, presumably would’ve left them “low and wet.” The bottom line is fraud impacts an insurance company’s bottom line.
While there has always been insurance fraud, cybercriminals have exacerbated matters. Dr. Stephen Topliss, services and support director, EMEA, ThreatMetrix™, points out that “recent CIFAS (UK Fraud Prevention Service) shows the startling impact of identity theft: 65% of all frauds now relate to the misuse of identity details. The report said clearly ‘the age of data enabled fraud is here to stay.’ This comes as a harsh message for the public and private sector, where increased fraud awareness and traditional detection techniques have failed to stop the surge in identity crime.
“Insurance companies are starting to be hit from all sides with ingenious identity fraud scams. Recently, the identity of a doctor was stolen, resulting in fraudulent claims submitted to multiple companies worth over £1 million (almost $1.6 million USD). Other cases have been reported where the stolen account credentials of brokers, agents and partners have been used to commit fraud, leveraging authenticated communication mechanisms.
“Many people are using false driver’s licenses or other documents to purchase insurance policies. The Insurance Fraud Bureau (IFB) reports that it was recently involved in one of the UK’s biggest investigations into identity fraud, helping Metropolitan Police investigate people who are using false identities to purchase insurance and make fraudulent claims.
“Insurance companies have shored up their security technologies to prevent hacking and infiltration [among] the many data exchange touch points. But this defense has come at a cost. Preventing (cybercriminals) from exploiting the various technology interfaces between agents, brokers, customers, claims processors and the insurance companies’ own business systems severely slows down the agility necessary to operate in a fast-paced business environment.
“Using device identification and online malware protection solutions allows insurance companies to roll out new business processes quickly and securely.
“Similarly in a fluid agent/broker environment these solutions allow insurance companies to bring new independent agents online quickly and securely.
“To protect against identity theft and online fraud, I strongly advise insurance companies be proactive – to implement technology to detect a scam before it occurs. Step one is to ensure that partners connecting to online claims processing systems are who they claim to be. Next, compromised accounts must be detected. Finally, alerts must be sent before suspect transactions are executed. It is also important to identify good customers who are unknowingly using devices infected with malware, alert them of this threat, and then be able to execute a secure transaction anyway.”