By Clark Frogley, Global Head of Fraud Solutions, Quantexa | December 6, 2024
After spending years raking in billions from synthetic fraud schemes targeting companies in the banking and automotive industries, criminal actors have set their sights on fresh game: insurers.
This move is not surprising when you consider how much money moves around in the insurance space. Thieves will always go where the money is. And what criminal doesnβt prefer to take the path of least resistance to achieve their goals? Indeed, the bad actors shifting their focus to the insurance industry are currently encountering few obstacles to success because many firms simply arenβt doing enough to understand and protect themselves from the emerging threat of synthetic fraud.
Meanwhile, technology is helping criminals to become even more agile in their ability to pivot to new targets while continuing to make the most of old ones. Rapid leaps forward in the power and availability of AI tools, including generative AI, over the past two years have unleashed a massive wave of highly sophisticated synthetic identity creation.
Synthetics are challenging to detect β until itβs too late
Unlike traditional fraud, which involves real people or tangible assets, synthetic fraud is characterized by the creation of fictitious identities or entities. AI is a powerful tool for criminals generating this original βcontentβ quickly, at scale, and at a high level of quality. It can take just minutes for a fraudster using AI tools, including widely available off-the-shelf options, to build and deploy a convincing synthetic ID.
Synthetics can be dangerously effective, as most automated verification systems recognize these profiles as legitimate. Only after substantial damage has been done do most targets realize theyβve been defrauded. For leaders in the insurance industry, taking a proactive stance toward containing the rising tide of synthetic fraud is a must to protect their firms from significant financial losses, reputational damage and potential regulatory penalties.
While criminals are using AI to help them execute synthetic fraud, the technology can also play a crucial role in helping insurers to detect and stop these acts of fraud, as weβll explore later. Insurers can also benefit from the lessons learned by longtime targets of synthetic fraud β namely, banks. First, letβs take a deeper dive into what synthetic fraud is, and how fraudsters β which include large, organized gangs of criminals whose activity transcends borders around the globe β use it to their advantage.
What is synthetic fraud, and what does it look like in the insurance sector?
Put simply, synthetic fraud involves the creation of illegitimate identities, which criminals then use to carry out fraudulent activities. To create these identities, criminals will use stolen real data, such as Social Security numbers, and combine that information with fake names and other details. Well-crafted identities appear legitimate and are difficult to detect because credit checks and institutions recognize them as valid based on the real personally identifiable information (PII) used to compose the profile.
Criminals can build and refine these so-called βFrankenstein IDsβ gradually over time. They work to establish credit histories and take other actions, like securing loans, to help make the synthetic identities seem legitimate. They can continue to strengthen the credibility of a synthetic ID until the decide to engage in βbust-outβ fraud, where they max out loans or credit lines and leave creditors holding the bag.
When targeting insurers, fraudsters will use synthetic identities to apply for insurance policies, file false claims, and extract payouts. The two primary types of synthetic fraud in insurance are:
Identity-based synthetic fraud
As described above, fraudsters will create a fictitious identity by combining real personal information (e.g., Social Security numbers, addresses) with fake details (e.g., names, birthdates). They will then use the fake identity to purchase insurance policies and file fraudulent claims.
For example, a bad actor might use a synthetic identity to apply for a life insurance policy. They will pay the premiums over time to maintain the policyβs legitimacy. Eventually, the fraudster may file a false claim, such as reporting that the synthetic person has died. They might then provide falsified death certificates and other supporting documents to initiate a payout. Since the identity seems real on paper, the insurance company is likely to process the claim and pay the death benefit.
This type of scheme is difficult to detect because the fake identity may have no immediate red flags, and the fraud is only revealed during an investigation
Entity-based synthetic fraud
This form of synthetic fraud targeting insurers involves creating fake businesses or organizations that exist only on paper and have no business operations. Criminals use these entities to purchase insurance policies, submit claims, and collect payouts.
For instance, a bad actor executing entity-based synthetic fraud might create a fake shell company and then use falsified documents, such as business registration records and tax IDs, to apply for a commercial insurance policy for that illegitimate business. They could insure fake employees under workersβ compensation or purchase liability coverage for nonexistent operations.
Once the policy is active, the fraudster might file fake claims, such as staged workplace injuries or property damage that never occurred. They might, for example, file a workersβ compensation claim for a synthetic employee, submitting fake medical bills and falsified injury reports.
These schemes are particularly damaging because they often involve large sums of money, and the fraudulent entity can be dissolved or abandoned once claims are paid.
The Impacts of Synthetic Fraud on Insurance Firms
Financial losses are the most immediate and stinging impact of synthetic fraud for insurers, of course. There are the losses due to paying fake claims, but also, the often substantial costs involved in investigating and rectifying fraud cases. Other fallout from synthetic fraud can include:
- Reputational damage: Customers and stakeholders expect insurers to protect their assets and ensure that payouts are made only to legitimate claimants. A high-profile fraud case can erode trust and lead to customer attrition.
- Loss of market share: To offset the losses from fraud, insurance companies may be forced to raise premiums for all their customers. This can make policies less competitive and lead to the loss of market share, particularly if the firmβs competitors are perceived to be more effective at preventing fraud.
- Regulatory scrutiny and penalties: Insurance firms that fail to adequately address synthetic fraud can risk attracting attention from regulators. The failure to comply with anti-fraud regulations can result in fines, sanctions, and increased oversight, all of which can be costly and damaging to the firmβs operations.
Proven Strategies to Help Combat Synthetic Fraud
To effectively protect their business, customers, and bottom line from synthetic fraud, insurance leaders must take a multifaceted approach that includes making strategic investments in modern technology and opening the door to new ways of analyzing data.
For inspiration, they can look to the banking industry, where companies have a lot of knowledge to share on the topic of synthetic fraud. Following are some best practices to help insurers meet the scourge of synthetics head-on, based on best practices that many leading financial institutions have adopted.
Step up the use of biometrics to verify real user identities
Unique biometric markers tied to real human beings, like fingerprints and voice patterns, are very difficult for criminals to replicate. By integrating biometric authentication during the application process for policies or claims, insurers can verify that the person attempting to access services or file a claim is indeed real, not a deep fake and matches their records.
For instance, facial recognition technology can be used during the onboarding process for insurance products, ensuring that the person applying for the policy is physically present and matches stored biometric data. Similarly, biometric authentication for filing claims ensures that only legitimate policyholders can make claims, reducing fraud risk.
Invest strategically in advanced analytics and AI
Fraud prevention requires having a complete, contextual view of customers and their networks of relationships. But insurers will often look at activity, behaviors, companies, and individuals in isolation when underwriting policies or approving claims. As a result, they are unable to connect the dots and develop the bigger picture needed to detect fraud and uncover hidden risks.
With advanced analytics tools powered by AI and machine learning (ML), insurers can analyze vast datasets in real time to identify patterns and anomalies that might indicate fraud. For instance, ML algorithms can detect unusual behaviors, such as multiple insurance policies being taken out by a single individual or discrepancies in personal information across different accounts.
These systems can learn and adapt over time, becoming more accurate as they are exposed to new and diverse data, including device information and behavioral biometrics, from more internal and external sources. Importantly, this continuous learning process benefits insurers by helping them gain an edge on the sophisticated criminal operators constantly evolving their strategies and tactics to evade detection. And by adopting more advanced capabilities like predictive analytics, insurers can even get a step ahead.
Use decision intelligence to operationalize all available data
Building on the point above about investing strategically in AI and ML, many top financial institutions today are specifically using decision intelligence solutions to fight fraud, including synthetic fraud, more effectively β as well as proactively.
These solutions use AI to connect all data from previously siloed and scattered points to create a single accurate and reusable resource. This process is known as entity resolution, and the result is a complete, meaningful view of data across an enterprise that reflects the real-world connections between people, places, and organizations. Entity resolution allows organizations to build a contextual data foundation for uncovering hidden risks, as well as discovering unexpected opportunities.
With the right platform in place to enable decision intelligence, insurers can amplify their fraud detection capabilities by connecting and operationalizing their internal and external data to gain a holistic, 360-degree view of customers and their networks of relationships. In short, they can quickly gain a richer and more precise understanding of every applicant, customer, claimant, third-party, and supplier across their value chain and better determine who or what is real or synthetic.
Enabling real-time monitoring and automated alerts
Entity resolution is a vital process for helping insurers uncover patterns of fraudulent activity across online applications and accounts. But to spot synthetic fraud as it happens, they also need technology that can provide them with real-time insight into and notification of potential red-flag activity.
Real-time monitoring is progressive technology that helps to implement systems to monitor transactions and activities as they occur. ML algorithms can identify, monitor, and assess transactions as they happen, making it possible to flag anything right away that doesnβt seem right, like multiple insurance claims filed from the same IP address or sudden changes in a customerβs account information.
With early warnings from automated systems that are in tune with key fraud typologies, insurers can take a risk-based approach to detection and alert prioritization.
Stopping synthetic fraud at the front door
Fighting fraud is not a new challenge for the insurance industry, but threats like synthetic fraud make it that much harder. As criminals become more sophisticated β and persistent β in their exploits, insurers must adopt proactive and innovative strategies for fraud detection. Those who embrace innovation and integrate advanced technologies into their operations will be better equipped to safeguard their business. They can create better experiences for their legitimate customers as well.
For example, AI is increasingly being used for claims processing, so insurers can quickly and accurately assess claims while detecting for potential fraud β and ideally, stopping it at the front door. AI-driven claims processing systems can analyze claim details, compare them with historical data, and flag any anomalies that may suggest evidence of fraudulent activity. If a claim appears similar to a known fraud pattern or if the claimantβs information matches that of a synthetic identity, the system can automatically flag it for further investigation. Meanwhile, real customers can see their claims resolved faster.
Connecting all relevant data points, internal and external, and adding context to data are really the keys to everything when it comes to creating a holistic view of risk and containing the growing wave of synthetic fraud targeting the insurance industry. Insurers need to establish and work from a strong foundation of quality data and combine all their information with intelligence, at scale, about the relationships between entities such as people, organizations, and places.
The actors behind synthetic fraud schemes include highly sophisticated and well-funded transnational groups that have the methods and means to attack at scale. βGoing bigβ with acts of fraud can be profitable, but it also creates risk for these criminal operators. By attacking at scale, they are creating a complex and expansive web of relationships and connections between online applications or accounts. With the right technology to uncover, analyze, and understand those many strands, how they relate to each other, and whether they are even legitimate, insurers can determine faster and with greater accuracy whether they are dealing with a real person or entity β or not.
About the author:
Clark is a global financial services leader with extensive experience in banking, insurance, anti-money laundering, KYC, sanctions and counter-fraud, complex investigations, security, and business resiliency. He served as the FBI’s assistant legal attachΓ© in the US embassy in Tokyo, and then as an executive with companies such as Goldman Sachs, EY, and IBM.