Locking insurance's front door: New business as attack routes

Mar 12, 2020

It’s impossible for insurers to completely protect their new business channels from fraud – and they shouldn’t. But there is a middle way

To combat fraud it is crucial that an organisation understands its points of vulnerability. For insurers, the most important are new business channels be this via an aggregator, broker, intermediary or direct to an insurer and as most insurers typically complex integration and infrastructure architecture, this creates a stubborn and challenging problem.

An array of third parties carry out work on behalf of insurers – settling claims, managing data, hosting software systems, carrying out transactions on their behalf and validating customer and device identity to name but a few. And it is within this complex network that the insurer must be proactive with its fraud defences.

Insider Threat
Many acts of fraud perpetrated against insurers require the assistance of insiders – either existing employees recruited by organised criminals or criminals purposefully securing employment within a company. However, the insider threat reaches further than the insurer’s own staff. Those working within the broader supply chain pose just as potent a risk.

In 2018 Jorge Fausto Espinosa, who owned a loss-adjustment firm in Florida, was jailed for 20 years after pleading guilty to racketeering, organised scheme to defraud, more than 28 counts of arson and multiple counts of insurance fraud and grand theft.

Recruiting willing homeowners into his scheme, Espinosa set many homes on fire and flooded others to make fake claims worth $14 million.The network required was large, with police making 31 arrests.

Vulnerable Supply Chains
This is an extreme case, but it illustrates powerfully how an unguarded supply chain acts as a green light for fraudsters. But while this vulnerability in supply chains is inherent – and sometimes unavoidable – it can nevertheless be managed.

Many insurers have fraud managers to manage and audit suppliers, using data analytics to study every individual involved in the management of a claim. Relationships between supplier and claimant can be identified.

Data is one of an insurer’s most attractive assets and the third parties involved in managing it must be closely monitored.

To do this, insurers have started to develop security standards – either their own or industry-recognised – and to use these as a prerequisite for working with them.

Supply chains are vulnerable because they are largely outside insurers’ control – and none can be rendered 100% secure without compromising their effectiveness. But with selective monitoring and controls, and the creation of robust minimum security requirements, insurers can bring a valuable degree of security to their business.

(Editor's Note: The article was written by Chris Andrew; original article here. Reposted with permission.)


We use intelligence-led insights to help defend governments, nations and societies from financial crime and cyber-attacks. We spent the past two decades serving more than 175 customers globally, including more than half of the world’s top 40 financial institutions, to detect and combat financial crime. We employ data science practitioners and subject matter experts with more than 15 years of domain and financial services experience.

Our solutions provide a breadth of functionality: holistic platforms, white box detection, efficient and intuitive user interfaces, and tight integration. Our unprecedented access to world-leading analysts and market-leading technology means we can help our customers adapt, evolve, and stay ahead of the criminals.

Other Articles