High-tech ways to identify insurance fraud

By Robin Wagner

Fraud-related events and disruptions over the last three years have accelerated digital-driven initiatives as consumers demanded seamless online experiences across industries and services. In tandem with that, a general transformation and migration from brick-and-mortar retail and face-to-face relationships has led bad actors to focus their efforts on organizations and institutions that have direct access to money.

Globally, service providers had to spend $25.66 billion on fraud detection and prevention, with this figure expected to grow to $129.17 billion by 2029. This was mainly because the number of suspected digital fraud attempts in the financial services sector increased by 30% between 2019 and 2022, with true identity theft (when an individual’s personal identifying information is used fraudulently) increasing by 81% and synthetic identity fraud (when true personal identifying information is used alongside fake information) growing by 132%. This was according to the TransUnion 2023 State of Omnichannel Fraud Report, which blends proprietary insights from TransUnion’s global intelligence network, and a consumer survey across 18 countries and regions.

In the insurance industry specifically, TransUnion’s global data revealed that suspected fraud attempts across policy and license agreements and first- and third-party applications increased by 27% between 2019 and 2022. When examining country-specific data, there was a 134% increase in suspected digital fraud attempts against insurance companies originating from India, similar attempts originating from Spain increased by 109%. The number of suspected digital fraud attempts originating in the United Kingdom also increased by 18% over the three years.

Prevent fraud – but don’t chase customers away

It’s clear why insurance companies need to implement comprehensive measures to protect from fraudulent activity and evolve the typical levers used to address fraud, with these measures including premium loading and fraud detection at claims. However, underwriters focused on onboarding tend to have little regard for implementing fraud measures at the beginning of their relationship with the client, as it potentially adds friction to the buying processes and increases abandonment rates.

It is estimated that 3% of sales revenue is lost to false fraud detection positives, as those potential clients mistakenly identified as fraudulent disengage in anger or frustration. This results in a total loss of over $118 billion globally in annual sales.

These false positives and manual reviews often result from a lack of sufficient signals about the consumer. Insurers rely on data to detect fraud effectively, but accessing and analyzing data from various sources can be complex, time-consuming and costly, especially when applied at underwriting where the quantum of transactions is high.

The reality is that fraud must be stopped at the front door, as once it’s on book, it grows like a cancer and is seldom cured, with increased policy loading and detection only possible at claims stage. The best possible balancing act is effective fraud detection efforts at quote stage, while providing a smooth and efficient customer onboarding experience, while avoiding overzealous fraud detection measures that result in false positives and inconvenience for legitimate policyholders.

Friction-right device and behavioral data

Device identifiers stitch otherwise apparently unconnected, legitimate-looking policy and claim identities together. This raises an alert when multiple policyholders or claimants appear with the same device identity or are associated with the same cluster of devices, based on IP addresses, phones, tablets, laptops that are tied together. This could potentially indicate a fraud ring using stolen or synergic identities – and these connections between policy identifiers would otherwise not be visible to the insurer.

The insurer’s sales and servicing process need not be fully digital to capture this data and affect these device connections. It is possible to funnel a manual process into a digital process that collects a powerful set of digital characteristics.

For example, a policy may be sold face to face or on a call, but new policyholders can receive a welcome email with a link to an online portal where the policyholder finalizes verification of policy conditions. The portal has more than 100 device characteristics including device location, whether the device sits behind a VPN, whether the device uses screen emulation, if the device is linked to fraud, if the IP address of the device is associated with fraud. These are all recorded, associated with the policy identity and analyzed in real time. Similarly, if the policy is sold and bound via a call center channel, the agent can send the policyholder an onboarding email with a dynamic link to the policy documentation that requires a digital signature.

The collection of this data requires no effort on the policyholder’s part, only the requirement for their device to interact with a digital environment that automatically extracts the device data from the policyholder’s device. This friction-right fraud data collection keeps the underwriters happy as there is no impact on take up rates. Used in combination with device, behavior produces on average a 60% improvement in risk segmentation, further reducing the false positive and false negative rates.

Device proofing can also be levelled up using behavioral analytics. Software on the insurer’s platform can interpret the way forms are completed and compare this data to billions of data points collected across multiple sites capturing behavior. The collectable data from the form is used to measure risk and evaluate a user’s familiarity with the personal information they provide. This includes the user’s typing speed, hesitations while they’re typing, whether or not autofill is used to complete fields, and how long their computer mouse stands idle, among others. Genuine users typically draw most personal information from their long-term memory – they type it in rather than copying and pasting – while risky users are unfamiliar with personal information and will either take longer to type it in, or they will copy and paste it from other sources.

Robin Wagner is senior vice president: international insurance at TransUnion. He may be contacted at [email protected].