Awareness: The key to protecting your practice from identify theft

By Joy Dawe and Hannah Wittmer

Identity theft has reached new heights as a serious fraud scheme within the insurance industry. As technological advances and the means for electronic communication continue to grow, fraudsters are using sophisticated tools to access privileged information, including insurance professional information. At times, it can be very difficult to distinguish between legitimate communications and those initiated by a fraudster. Now more than ever, awareness is key to mitigating this type of fraud in order to protect your practice and your clients.

Here are some fraudulent schemes that target insurance professionals and could compromise privileged information, resulting in an increased risk of fraudsters accessing client information.

Email takeovers occur when a fraudster gains access to your email account. Gaining access to your email account could compromise certain client information, including insurance policy information stored in your email box. Your carrier or account passwords also could be compromised if these are stored in your email box, giving fraudsters the ability to gain access to carrier portals.

Impersonations occur when fraudsters pose as regulatory representatives. Fraudsters may pose as representatives from state insurance departments, the Financial Industry Regulatory Authority or other regulatory bodies. When receiving a call from a regulator, insurance professionals typically try to be as accommodating as possible.

In this scheme, fraudsters take advantage of your diligence in trying to cooperate with a regulator, forcing you to not second guess the caller’s true identity. In your attempt to immediately cooperate and provide any information being requested, personally identifiable information could be compromised. This scheme is used to surprise the insurance professional by promoting a quick response to questions.

Professional credential takeovers occur when fraudsters make changes to your professional licenses and carrier appointment information. Professional licenses are being compromised by fraudsters who change the demographic information associated with an insurance license to make changes to policies written under the license. After the fraudster changes an insurance license, they then can make changes with appointed carriers to access policies written under the license with the corresponding carrier.

All of these schemes assist fraudsters in perpetrating a much larger plan in which insurance professionals unknowingly open access to privileged client information. This ultimately could result in account takeovers, initiating policy loans or requesting access to policy cash values.

Leading industry organizations work to raise awareness of these issues and help financial professionals protect their practice with several suggested fraud prevention steps to mitigate the risks of financial professional identity takeovers. Insurance professionals must continue to take proactive measures to ensure the continued protection of their information as well as their clients’ information. A good first step is raising your A-W-A-R-E-N-E-S-S of the current fraud schemes in the marketplace and communicating opportunities to lessen these risks.

Awareness of the various schemes used by fraudsters to gain access to client information will help you protect your practice.
Watch for changes being made to your insurance license and carrier appointments by periodically reviewing your resident and nonresident state insurance license information to confirm the accuracy of your information.
Authenticate who you communicate with over the phone, via email or in person. Always confirm an individual’s identity and credentials over the phone. Regulators typically will not call you directly. If they do, you should ask for their information, look them up online and call them back using the publicly available contact information.

If content within an email, an email address or a signature block looks suspicious, certify the individual before responding. When responding via email, use secure email providers, limit the use of personally identifiable information, and only use and share information on a need-to-know basis. Do not include customer information such as name and policy number in an email subject line.

Retain records as required by law. These requirements provide you with the opportunity to appropriately dispose of electronic or hard copy information. This decreases the chance for privileged information to be compromised.
Ensure your license information remains accurate by reviewing your demographic information listed with the corresponding state department of insurance or other licensing resources.
Never disclose privileged information over the phone unless you have completed a thorough authentication of the calling party.
Escalate data breaches or suspected data breaches to the corresponding regulatory body.
Secure the data you maintain electronically by regularly changing your computer, phone, email and carrier logins and passwords, along with any credentials needed to access various carrier or industry portals containing client information. Properly dispose of hard copy records using secure methods of destruction, such as shredding paper records.
Secure email communications by limiting any personally identifiable information when sending emails or by using secure email methods when sending this information.

Fraudsters constantly search for new ways to gain access to client information. Remaining diligent when it comes to protecting against identity takeover is paramount. It’s vital for financial professionals to stay aware and focused when it comes to safeguarding their clients and their business.

Joy Dawe is senior vice president, market conduct, Crump Life Insurance Services. She may be contacted at [email protected].

Hannah Wittmer is market conduct specialist, Crump Life Insurance Services. She may be contacted at [email protected].