Insurers work hard to make sure they don’t write policies for individuals with fake identities, but bad actors work just as hard to make sure they can’t be detected. What are the latest strategies that fraudsters use to create fake identities, and how can insurers detect and mitigate these techniques?
The Fraudster MO
In general, there are two types of fake identities that insurers need to watch out for:
- Purely fake identities. This is an identity that’s entirely fake – fake ID, fake name, fake address, and so on. Alternatively, these identities might be based on ID information stolen or purchased from someone else.
- Synthetic identities. This is an identity that contains some elements of truth and some elements of falsehood or fictitious information. An ID that combines a person’s real name and a fake social security number is an example of a synthetic identity.
The common factor between fake and synthetic identities is that some of the information involved is real. A fake identity could still use information stolen from a real person, and synthetic identities use a mix of real and synthetic information. This can make these identities hard to detect. That said, why is it hard for insurers to catch identity fraud?
Detection and Capture Obstacles
To stop identity fraud, insurers must take a close look at the way their organization handles identity validation.
A fake or synthetic identity can be difficult to recognize during the application process because some of the personal information submitted is usually valid. If a fraudster submits a valid name and a valid social security number, for example, the insurer might not notice (or even check) if the address is wrong.
In addition, a fake or synthetic identity can surface during any aspect of the claims process: Insured, claimant, witness, etc. These may go unnoticed unless the bad actor submits a suspicious claim. Even then, some identities will resist discovery by anything except a detailed and thorough investigative process.
There are five factors make it extremely difficult to identify stolen or synthetic identities:
- Insurers may only perform high-level validation to speed the onboarding process. If enough of the false information is valid on its face, the fraudster will pass these routine checks.
- Once onboarded, the bad actor appears to be a model customer, making payments on time, renewing on schedule, and submitting only a few claims for small amounts.
- Meanwhile, if the fake ID consists of stolen information, the victim might not be aware. This means that the fraudster’s ID will not be flagged.
- The insurer may only use a single validation tool to make brief checks during the onboarding process. A fraudulent policy has a higher chance of passing muster if only one tool is used to provide a second opinion during pre-bind.
- Short-staffed underwriting teams may not have enough time to fully investigate new policyholders. In companies with high staff turnover, new employees may not know what to look for.
Lastly, insurers may not be incorporating external data into their identity verification process. For example, there may be an external database of valid government IDs, but the insurer may not have the permission or technical resources to access it in a timely manner. By relying only on first-party information to validate identities, insurers are exposing a critical blind spot.
Building a Better Mousetrap
So what are the strategies to catch fake insurance identities?
Many bad actors have figured out that they can get around identity checks by applying for policies at different branches of the same insurer or by using different channels — in person, online, through the call center, and so on. If these channels don’t communicate, then the insurer may not know that the applicant was previously suspected of fraud.
Identity thieves look for ways to avoid detection. They also know that underwriters and claim handlers have competing priorities. For example, an employee that’s pressed to complete onboarding faster will have less time to investigate fake identities.
Insurers have adopted better controls for place and behavior analytics by way of response, utilizing third-party data sources and network analytics to help identify what may not be obvious. Ultimately, ideal methods of addressing – and abetting – fake or synthetic identity fraud come down to:
- Finding better ways to deliver information from external sources at the start of the analysis process.
- Bridging data silos within the insurance organization.
- Making better decisions about segmenting policies and claims and identifying suspicious activity.
Insurers that incorporate these critical strategies into their cybersecurity policies can beat insurance fraud thieves at their own game, while ensuring the security of policyholders’ data to maintain their long-term trust and confidence.
Source: sapiens.com