Are You Fraud-Friendly?

Insurance companies have money and don't protect it as well as banks do. We as an industry look like we deserve to be stolen from.

A Person Holding a Black Pen

No matter how much you say you protect yourself from fraud, you don’t know what server your last email came from and certainly don’t know where the next email you send goes.  

Trust is invisible yet somehow tangible in daily digital and electronic transactions.

This is not an insurance industry phenomenon, but because everyone has risk and almost everyone has insurance, yes, it is. In this respect, we insure tangible invisible transactions--sometimes our own operational work process, many times interactions with vendors, policyholders and claimants and other times actual named perils in a cyber policy. 

See also: How Technology Is Changing Fraud Detection

You can’t see a digital punch, but you can feel it

Trust issues can be like the wind. They can hit everywhere all at once at global scale, so digital identity is unworldly in every possible respect. That is a digital blind spot, and as we stumble toward modernization it is getting bigger.

The current digital, social, internet, connected, IoT-enabled world, and its surrounding cybersphere, is full of high-trust transactions as well as risky ones. The high-trust stuff is end-to-end encrypted with established security and verification protocols. The risky stuff is everything else to varying degrees.

Our legacy of paper and people process underpins our approach to technology adoption. And in a P&C world of people, places, vehicles, services and businesses, that means physical world thinking dominates our day-to-day practices. Digital is not that. 

Digital stands on trust alone. We won’t dive into AI fakes and deep cyber shenanigans here but focus on a more mundane topic -- identity capture.

The data we think of in the physical manner is usually captured in free form fields where data is simply entered as names, addresses, titles, numbers and such. Much is to establish identity and the ability to contact someone, which now may include digital labels like email or a website address.

While it is easy to assume a digital label relates to a physical presence, IT DOES NOT.

For example, one bad actor can have several variations of their legitimate name, address, phone number and email address. With a little effort, that same bad actor can create alternative additional addresses, business aliases, phone numbers and email addresses. Some are simple ways to hide their identity, others are fake data to make it impossible to contact them outside of their preferred channel. And each contributes to disaggregating the monetary impact you recognize at any level of perpetrator and their extended network of identities as well as those of their conspirators.

If you knew you were paying the same person multiple times for the same thing, or that a host of payments were all going to a fictitious identity, of course you would stop it. Because you don’t... you are fraud-friendly.  

Ghosts and mirages of every kind seem to exist in your data from marketing and advertising, to underwriting, pricing, schedules and claims. Some are data errors, others are intentional. Both contribute to doubt and mistrust, yet ennui and acceptance that the same data is in multiple systems yet inaccessible and unmatchable for most practical purposes.

If you fall in cyberspace, only headlines might catch you

Data, private information, system access, operation interruptions, trade secrets, ransom, reputation and other forms of value are also fungible, if perhaps latent, still a form of money. While there is a lot of non-financial motivation in some devious use cases, most people steal from insurance companies because they have money and don't protect it as well as a bank. Add to that all the manual processes and siloed data architectures, and we as an industry look like we deserve to be stolen from.

It's not like all the old fraud, waste and abuse menagerie of threats have gone away. And add to the list of “not to be trusted”: e-pickpockets, scammers, skimmers, online hackers, deceptive practices, fake claims, false identities, synthetic accounts, papermill billings, forgeries, data stealers, phishing, viruses, ransomware attacks, malicious actors, insider threats, corporate espionage, misinformation, malinformation, hostile governments in some cases or clever business email compromises and deepfakes of all varieties. All continue to make headlines.  

See also: Disaster Fraud — The Dark Side of Insurance Claims

Maintenance that matters

Without persisting entity resolution processes over your data, you make it easy for untrustworthy transactions to proliferate across your enterprise and throughout the insurance ecosystem.  

Savvy companies have multi-tiered supply chains of connectedness under persistent identification monitoring, as well as adding pre-fill and form flow application programming interfaces (APIs) to get the data right the first time while avoiding duplicate data entry everywhere. Ensemble data feeds augment analytic efforts while governance programs improve master data management.

It is a common issue everywhere as company after company is missing their digital transformation targets. It is as if we meant to take five years and do nothing more than move a few core applications to the cloud with little if any process change -- just a virtual mainframe lift & shift. Corporate-speak now calls that continuous modernization.

If you don’t know the businesses you do business with or underwrite, why not look them up using a digital entity resolution service? This outside-in master data management approach can then have all the digital attributes and technographic features and values kept current for your daily use.  

These data can also be historically accessible to show changes over time and monitor all sorts of necessary updates, changes and links. That last bit has added benefits of logged caching so you can forensically create feedback and plan to manage your relationships with digital entities based on their behavior and readiness to work with you over time -- at a renewal event or at a transaction event in real time.

If you don’t stay up to date on your vulnerabilities, how do you address them? Less obvious, yet equally on point, your connected partners and suppliers may not know their vulnerabilities (which are now yours, too). 

If you don’t know yourself, and you don’t know others, your “unknown unknowns” is a much larger window than you realize. No one can hear an AI scream in cyberspace -- but those voices all say, “send money.”

Catastrophic financial events and operational and reputational compromises occur with long lingering periods of latent system access to culprits. This will be easier than ever with newer AI capabilities for even the most novice of bad actors. 

Be savvy. Invest in a full-spectrum entity resolution service to power trust and to repel fraud. Don’t be fraud-friendly.

Marty Ellingsworth

Profile picture for user MartyEllingsworth

Marty Ellingsworth

Marty Ellingsworth is president of Salt Creek Analytics.

He was previously executive managing director of global insurance intelligence at J.D. Power.


Read More