Policyholders are dying with dozens of open digital accounts, no record of what they own, and no plan for what happens to any of it. When that happens, a fraud window opens. That gap has a cost, and insurers are absorbing it. Life insurance is where the stakes concentrate and the exposure is most acute.
Sandra filed the life insurance claim four days after her husband's death. She had everything she was supposed to have: the policy number, the death certificate, executor authority. Her insurer had 17 unverifiable digital accounts, a death record that hadn't reached the broker databases yet, and a fraud window that had been open since the obituary ran.
That's the default condition for life insurance claims today.
The scale of the problem
Policyholders maintain dozens of active digital accounts - financial, medical, cloud storage, subscriptions, social media. Many hold documentation directly relevant to estate and insurance administration. Death doesn't close those accounts; it severs access to them.
Only 36% of Americans use password managers, meaning most policyholders leave no systematic record of what they own digitally or how to reach it. Most major platforms offer some form of legacy contact or digital will feature, but adoption remains low. Death leaves a scattered, largely inaccessible digital estate, one that intersects directly with claims management processes.
Where the cost lands
This is where the exposure becomes the insurer's problem, and that immediate exposure is fraud. After a death, a gap opens between when the death certificate is issued and when that record propagates to the commercial databases that underpin identity verification. During that window, the deceased's digital accounts remain accessible to anyone who can answer a few security questions, questions drawn from the same broker records that haven't been updated yet.
Thieves target recently deceased identities, while life insurers absorb the cost - fraudulent claims, delayed payouts to legitimate beneficiaries, reputational harm when carriers pay bad actors.
There's a legal dimension too. Most platform terms of service were not written with estate law in mind. Even where the Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA) gives executors legal access to digital accounts, platforms often don't honor it in practice. The beneficiary has a legal right that the platform won't act on. The adjuster has no clean path forward.
Health insurance and workers' compensation face the same fragmentation - medical records, employer portals, and benefit accounts scattered across systems that don't communicate. But life insurance sits at the sharp end of the problem, where the industry's exposure is most acute.
The verification gap
The infrastructure for verifying identity after death has a gap built into it. Deceased individuals' records persist in commercial data broker databases indefinitely, with no real-time connection to official death records. Verification systems that rely on those databases can't distinguish between a living person and a recently deceased one. The fraud window is a consequence of infrastructure that was never designed to handle life transitions.
Sandra's experience perfectly illustrates both sides of that gap. Sandra couldn't get to her husband's financial accounts. Platforms that held documentation she needed for the claim locked her out despite her legal authority as executor. While she was fighting for access, the fraud window that had opened at his death was available to anyone with enough of his personal history to answer a few questions. The accounts she couldn't reach to support her claim were simultaneously drainable by strangers.
AI as accelerant
Voice cloning and deepfake technology now allow a bad actor to reconstruct a deceased person's voice or likeness from publicly available material, and use it to defeat authentication systems that were never designed with post-death scenarios in mind. As a result, the cost of perpetrating this type of fraud is falling and the risk is rising.
No standard consent or identity framework currently governs the use of a deceased person's biometric data. No enforceable mechanism exists for people to specify how their likeness can be used after death, and insurers have no protection against the claims that follow.
The limits of individual planning
Those who use password managers are ahead of their peers, but individual preparation has a ceiling. Even the most organized policyholder can't force their bank, their cloud provider, and their insurer to exchange data in a standardized way after their death. That requires infrastructure that doesn't yet exist.
The question is: Who shapes that infrastructure? And will the sectors with the most to lose have a seat at the table when the standards are written?
A call for industry engagement
The Death and the Digital Estate (DADE) Community Group at the OpenID Foundation, which I co-chair, recently published a white paper and a planning guide laying out the problem and recommendations for addressing it. Developing interoperable standards for the full lifecycle of digital estate management will require expertise from every affected sector; the insurance industry's knowledge of fraud vectors, claims complexity, and regulatory exposure is specifically what's missing from this conversation.
The groundwork for those standards is being laid now. The sectors that engage early will shape the agenda before the formal process begins. If your organization has a stake in how they get built - and insurers clearly do - the DADE Community Group welcomes participation.
