According to the American Banking Association, Americans owned 364 million credit cards as of the end of 2017,1 and Federal Reserve Bank of Boston data shows that about seven in ten Americans have at least one credit card.2
With proliferation of credit cards comes increased exposure to fraud. Studies indicate more than 40% of American consumers have experienced an incidence of credit card fraud totaling approximately $136 billion in fraudulent charges.3
Why am I talking about credit cards to an insurance industry audience? Because I developed and managed solutions aimed at detecting and preventing fraud for one of the world’s largest payment card (debit and credit) networks for several years and see important lessons insurers can learn from our counterparts in the payments industry.
As fast as companies can build obstacles to prevent fraud, fraudsters will devise new methods of getting around them. It’s important to remember, fraudsters only get paid when they successfully execute a fraud, so they’re extremely motivated. Armed with that knowledge, we must be vigilant in looking for potential vulnerabilities and constantly on guard for new attacks. Once you build one obstacle, start building another.
When payment card companies developed and implemented chip cards – the technology where a computer chip is embedded in a credit or debit card it immediately and dramatically reduced point-of-sale fraud. Chips create a unique algorithm for every transaction, and only the issuer of the card is privy to what that code should be at any given time. This has greatly enhanced the ability to confirm the legitimacy of each transaction originating from a given card. With improved security for in-person transactions, fraudsters turned to developing online schemes, and e-commerce fraud spiked. The industry responded again, with measures such as new authentication standards for e-commerce transactions and the use of technologies such as fingerprint and voice biometrics. These are taking hold in Europe and other markets around the globe.
The lesson for insurers: remain vigilant. RGA’s list of Fraud Red Flags and Investigation Tools provides a guide to the many warning signs to keep top-of-mind, from policy application through claims processing.4 Fraud never rests, so neither should we.
With both payment cards and insurance, one of the best ways to detect fraud is to establish baseline behavior of “normal” applicants and customers. Behavior of fraudsters is often different from that of legitimate consumers – starting with the actual application and progressing through the entire transaction life cycle.
Payment card companies are no longer simply looking at the basic transaction data coming through: card number, merchant, transaction amount. They are considering a variety of factors and weighing them against the usual behavior of the customer, such as:
Was the purchase made from a PC, mobile device, or at a brick-and-mortar merchant?
From where in the world was the purchase made?
At what time of day was the purchase made?
Did the purchase align with the cardholder’s normal spending profile?
For insurers, normal behavior for applicants and claimants and every policyholder activity in between can serve as baseline data to help identify fraudsters’ anomalous activity patterns. It’s also important to take a layered approach to security, and implement the ability to step-up to a higher authentication/ security check if an anomaly is detected. Here, predictive models and machine learning can be useful in detecting fraud’s signs and signals. Deception techniques morph quickly so models must be flexible to allow rapid updating of signals used for detection. Insurers should seek to develop tools and systems to orchestrate the various security layers and seamlessly manage them across all customer channels.
Keep up with trends.
In the payments industry, staying on top of fraud trends is a constant battle. As new vulnerabilities emerge and new workarounds of existing security measures propagate, fraudsters inevitably exploit all openings as quickly and relentlessly as possible until they are closed. The key is to identify trends early and take swift, meaningful action.
The depth and breadth of data breaches in recent years – from Facebook to Macy’s – has unleashed a massive amount of personal data to aid fraudsters in perpetrating fraud. Exacerbating this dilemma are the constantly evolving fraud technologies and tools, such as IP spoofing, malware, bot armies, and more. These developments, along with other contributing factors, have resulted in a range of emerging trends in insurance, among them:
Account takeover fraud – In a recent LIMRA survey of insurance companies, 98% of respondents indicated account takeover fraud is a significant concern for their individual annuities and defined contribution benefit plans. Call centers and web- sites represent the most vulnerable points, and fraudsters leverage both channels to successfully infiltrate accounts.
Synthetic ID fraud – This occurs when fraudsters pull together personal data from multiple individuals to create a new amalgamated identity. From there, they typically apply for credit and get declined. That initial attempt creates an inquiry on credit bureaus, which begins the process of building a history for this synthetic identity. Often the next step is to add the identity as an authorized user on a legitimate account. From this point, there is typically sufficient history for the identity to be approved for an account – and then used to more broadly perpetrate fraud, including against insurers.
Across the payments industry, card companies, banks, and merchants continually work together to develop and implement new standards and network-wide technology solutions aimed at preventing and detecting fraud. As global enterprises, Mastercard and Visa have implemented robust programs that enable rapid detection of emerging fraud trends to protect the banks, merchants, and consumers who rely on them.
At its recent Fraud Symposium, LIMRA debuted a new tool it is developing to help the life insurance industry work together to fight fraud. LIMRA teamed with fraud prevention experts and developers at its member firms to create a fraud information-sharing and alert platform. This was the same impetus for establishing the annual RGA Fraud Conference six years ago. Cooperative efforts like the LIMRA symposium and RGA Fraud Conference represent great steps forward in enabling the insurance industry to benefit from the same type of collaboration taking place across the payments industry today.
Find a balance.
Instant credit decisions and transactions completed in the blink of an eye became the norm in the payments industry years ago. Consumers demanded immediate purchases whenever and wherever they wanted. That meant making debit and credit cards accessible to more people and accepted by more merchants, which required developing a range of new capabilities and technologies. It also meant relentlessly working to improve transaction security and data protection. The lesson: progress cannot move forward effectively if not pursued prudently.
Consumers are now making similar demands of insurers. Today’s prospective policyholder expects the application process to be fast, simple, and convenient. With the growth of direct-to-consumer product offerings, new account/policy fraud is expected to grow significantly. Identity verification of applicants is key, and several good authentication providers are available with which insurers can partner – the same ones that serve the payments industry. Whatever verification is used, it must be balanced with consumer expectations for cost, speed, and ease of doing business.
Fraud is not a problem you solve once; it evolves quickly and always finds new ways to reassert itself. So we must not think about fraud and building solutions only in terms of today. As the insurance industry embraces accelerated underwriting and digital distribution, we must also invest in the strategy, tools, systems, and resources to detect and prevent the new forms of fraud that will accompany these innovations. The cost of advancing unprepared could be substantial, but consciously designing security into the industry’s modernization will propel it forward successfully.
As fraudsters adapt and discover new ways to beat the system, it becomes increasingly important for insurers to leverage expertise, capabilities, and lessons learned from both inside and outside the industry. Engaging in an industry-wide conversation and gathering external perspectives can help develop systems to mitigate fraud through product design, agent requirements, and underwriting standards. The solution lies in consistent, ongoing collaboration. Working together we can tackle the next evolution of insurance fraud.