Locking insurance's front door: New business as attack routes

It’s impossible for insurers to completely protect their new business channels from fraud – and they shouldn’t. But there is a middle way

To combat fraud it is crucial that an organisation understands its points of vulnerability. For insurers, the most important are new business channels be this via an aggregator, broker, intermediary or direct to an insurer and as most insurers typically complex integration and infrastructure architecture, this creates a stubborn and challenging problem.

An array of third parties carry out work on behalf of insurers – settling claims, managing data, hosting software systems, carrying out transactions on their behalf and validating customer and device identity to name but a few. And it is within this complex network that the insurer must be proactive with its fraud defences.

Insider Threat
Many acts of fraud perpetrated against insurers require the assistance of insiders – either existing employees recruited by organised criminals or criminals purposefully securing employment within a company. However, the insider threat reaches further than the insurer’s own staff. Those working within the broader supply chain pose just as potent a risk.

In 2018 Jorge Fausto Espinosa, who owned a loss-adjustment firm in Florida, was jailed for 20 years after pleading guilty to racketeering, organised scheme to defraud, more than 28 counts of arson and multiple counts of insurance fraud and grand theft.

Recruiting willing homeowners into his scheme, Espinosa set many homes on fire and flooded others to make fake claims worth $14 million.The network required was large, with police making 31 arrests.

Vulnerable Supply Chains
This is an extreme case, but it illustrates powerfully how an unguarded supply chain acts as a green light for fraudsters. But while this vulnerability in supply chains is inherent – and sometimes unavoidable – it can nevertheless be managed.

Many insurers have fraud managers to manage and audit suppliers, using data analytics to study every individual involved in the management of a claim. Relationships between supplier and claimant can be identified.

Data is one of an insurer’s most attractive assets and the third parties involved in managing it must be closely monitored.

To do this, insurers have started to develop security standards – either their own or industry-recognised – and to use these as a prerequisite for working with them.

Supply chains are vulnerable because they are largely outside insurers’ control – and none can be rendered 100% secure without compromising their effectiveness. But with selective monitoring and controls, and the creation of robust minimum security requirements, insurers can bring a valuable degree of security to their business.

(Editor's Note: The article was written by Chris Andrew; original article here. Reposted with permission.)