Online Threat Protection for Insurers

European Voices7 minutes readFeb 9th, 2015

There can be no doubt now that we are firmly in the transition to a digital age. A generation is growing up who have never had to miss a TV program, ask for directions or had to wait for their holiday photographs to develop. This generation has very different expectations of the businesses that they deal with. They do not want to wait in telephone queues, they do not expect to have to repeat information the business already holds about them and they have a different view of privacy from previous generations. Having said that they expect the businesses they deal with to protect them from data leaks and cyber-attacks.

This creates new challenges for business. How do they meet these expectations? How can they ensure quick and seamless transactions (frictionless) while keeping criminals out?

Insurers have been at the forefront of developments in the use of call centres and the mobile and internet channels when it comes to sales. However, they have lagged behind their counterparts in banking when it comes to “digitalising” the whole consumer lifecycle. There are good business reasons for this. Traditionally Insurers knew little about the person they were actually insuring. While Banks carried out substantial and detailed identity checks, Insurers were less able to validate the policyholder. Asking for their mother’s maiden name and postcode might be good enough to change an address but is not sufficient validation or insight to pay claims which can run into thousands of pounds.

This has led Insurers to be less trusting of their policyholders. While, many Insurers have improved their understanding of who the customer is, they are very aware that the insurance industry is the target of significant levels of fraud. The insurance industry differs from banking in their use of digital channels, and are therefore being confronted by a set of unique challenges, as fraudsters develop new techniques to try and extort money from insurers and their customers.

There are some solutions developed for the banking industry, that can be used as a basis for fraud detection for online insurance, however additional tailor made solutions are required. Against a landscape of a rapidly evolving online service, fraudsters are looking for opportunities to profit. This type of landscape is fertile ground for organised fraud gangs to spot chinks in the armour and to design and develop new fraud typologies. In addition, the proliferation of aggregators masks insurance firms from valuable insights that can be garnered by observing customers behaviour first hand as they go through the application process.

The fraud detection techniques that are outlined in this blog should be implemented by Insurers across all their channels to market, and the intelligence gained should be shared amongst all. These new or growing fraud typologies include the following:

  • Ghost Broking;
  • Quote manipulation;
  • Policy takeover;
  • Fronting.

Just to explain a bit more about the types of fraud:

  • Ghost broking is where an unscrupulous broker acquires a policy on behalf of a high risk individual. The premium, if the policy was purchased directly and legitimately, would be high. However the ghost broker will acquire the policy more cheaply by entering erroneous data, leaving the policy holder unwittingly with a worthless policy.
  • Quote manipulation is the practice of changing key elements of the insurance quotation to get a lower premium. The applicant will fiddle around with key elements of the application and look at the impact on the quotation. For example changing the annual mileage for car insurance or adding a burglar alarm or window locks to home insurance.
  • Fronting, some examples of this type of fraud, include children who use their parent’s address rather than their own, to take advantage of their parents less risky post code. Another example is where a parent takes out insurance for a car and adds the child as a named driver when the child is really the principal driver.
  • Policy takeover is where a fraudster steals a policy holders log-on details and takes control of the policy by changing some of the policy details, for example the correspondence address, email address, bank account details, password. Having diverted all the traffic away from the original policy holder they can then plunder the policy cashing in the policy, making fake claims etc.

All of these fraud methods can obscure the real risk to the insurer and often leads to a policy price that does not reflect the insurers risk exposure. In addition this could leave the customer effectively uninsured as well as opening up the insurer to all sorts of fraudulent claims, and other frauds.

It would be easy for traditionally conservative insurers to retreat back to their ‘pre-digital shells’ and not progress. However, this is not a sensible business option for an industry which is in dire need of developments to regain customer trust and to respond to rapidly changing customer expectations. The good news is that while corresponding with customers through digital channels bring risks there are now solutions to mitigate these risks.

Unisys and RSA Security have devised a solution based around RSA’s Web Threat Detection technology. This service analyses customer online behaviour on a website or a mobile app, and can spot anomalous activities. For example:

  • Scripted inputs – the solution will spot similar data, or data that is cut and pasted into an online form. In addition scripted inputs would take an optimized route through the website, skipping menus and other optional pages, a classic sign of a well planned attack
  • Automated input – similar to the above but often input is abnormally rapid, with data keyed in rather than using drop down list boxes
  • Re-use of common information – input will be similar with only key information changed, common data used in frauds will also be highlighted by fraud analysts
  • Inputs that demonstrate inconsistency – IP address whose location does not tie up with customers alleged location for example

Online users who demonstrate these attributes are probably fraudsters and bear the hallmarks of criminal activity, often it takes the combination of a number of these suspicious behaviours to confirm that fraud is being perpetrated.

Additional information will be fed into the service from RSA’s fraud analysts, who are constantly monitoring the web for new fraud scams, tips and techniques. Feeding in this fraud intelligence at the earliest opportunity can stop these practices before they cause too much damage.

Unisys will run these tools and processes as a service to the industry, sharing data and best practice across insurers for the benefit of all. The service will learn and improve as it sees what “normal” looks like, through monitoring everyday activity. The fraudulent cases that the service observe will provide vital insight, and help the service highlight similar cases.

In pilot studies (these results were shared with the top insurers at a recent workshop), it was demonstrated that within 48 hours of the start of the proof of concept project more than twenty fraudulent activities were identified, none of them similar, all would have otherwise have gone undetected. This was a surprisingly good start that would only improve as more insurers join, and as the services watches and learns.

Fraudsters always target the weakest, and currently there are some new fraud typologies which are specific to the insurance business, which makes insurers and their customers a target. Unisys believes that this proposed service will demonstrate a rapid return on investment and will improve the quality of new business. In addition, by protecting online users this service will delight customers, enhance the insurer’s reputation and strengthen their brand.

Adoption of Web Threat Detection will free insurers to embrace the digital channel with all the benefits this brings for increased sales, consumer access and operating ratios.

Come and see us at Marketforce’s Insurance Fraud event on 24th March 2015 at The Waldorf Hilton in London. Unisys is a key sponsor of the event and we will be exhibiting alongside RSA Security and available to discuss some of the techniques and technologies mentioned above. To join us or to find out more information please email

Tags-   broking Fraud insurance Online threat