Mitigating The Risk Of Insurance Fraud
Originally published at Broker World Magazine.
Technology creates many benefits in the life insurance sales process and in underwriting. It also opens up opportunities for fraud. I conducted an interview with Paul Marquez, vice president and Kevin Glasgow, VP of Investigative Solutions—both from Diligence International Group, LLC. Both Paul and Kevin are involved in mitigating the risk of insurance fraud, and I have asked them to help explain the types of fraud they are seeing and how to mitigate the risk. Let’s start with:
Why is it important that companies mitigate the risk of fraud? Afterall, isn’t the cost of fraud baked into the price of doing business?
Well, yes and no. Fraud costs everyone. Overall, the Coalition Against Insurance Fraud estimates that fraud costs consumers over $308 billion annually. This has to be “baked” into the premiums we all pay for insurance coverage, or else insurers would go out of business. For life insurance fraud, it is difficult to put a number on the true cost for many reasons, but one is that it is difficult to detect if the deaths occur after the policy has been in force more than two years. Simply put, companies may be paying claims that they do not know are fraudulent, which makes the cost of fraud difficult to quantify.
I would also like to point out that companies that do not have strong controls will be targeted and will potentially pay a price much higher than anticipated, and certainly higher than competitors. We have heard stories of the same applicant attempting to purchase online policies with the same company over 20 times using slightly different parameters to find what will and will not kick out. We have also heard sales calls where the insurance agent is telling the caller the thresholds used by their company along with ways to get around other, non-financial, controls such as IP addresses.
From a public policy perspective, fraud shouldn’t be tolerated and, in fact, most states have requirements that insurers have fraud detection and mitigation plans to protect the public and the company against the financial impact of payments due to fraud.
Okay, so we now know that as consumers of insurance, we all pay for fraud. When you think of fraud, what types of fraud are there?
First, there are two main types of fraud: Opportunistic fraud and systemic fraud. Both are important to mitigate, but the impact on insurance companies and how they manifest are different. Opportunistic fraud, sometimes referred to as reactionary fraud, is in response to something that has happened to the proposed insured. Some examples include a recent change in health, financial issues, or legal issues. These tend to manifest as misrepresentations on an application related to these topics. Traditional tools to mitigate the risk of this include obtaining medical records and a paramedical exam. Today, we see more reliance on records from prescription drug warehouses and companies that aggregate lab results.
Systemic fraud, on the other hand, is pervasive, organized, and often more difficult to detect. Nearly all systemic fraud with life insurance involves an imposter posing as someone who is at high-risk for an early death. The applicant is not the insured although the insurance company is led to believe that the applicant is the insured. The result is the issuance of what is essentially a fraudulently obtained contract that is a wager on the insured’s early death. Perpetrators of systemic fraud are often well-versed in how life underwriting works, the tools used (along with their strengths and weaknesses), and how to get the death records to match so the death benefits will be paid. There are many organized groups and rings that study the insurance industry, test our methods, and then seize on opportunities when processes change.
I want to come back to this systemic fraud and how it is done. First though, I have to ask, has this changed since COVID, and if so, how?
The schemes themselves have not changed per se—we have seen wagering contracts and switched identities for decades. What has changed since COVID are the methods and opportunities for the schemes to succeed.
Can you elaborate?
Certainly. COVID was a catalyst to many changes in how insurance companies operate. Many of those changes were already in the development and testing phase when COVID hit, and then the changes were catapulted into the forefront when COVID hit.
Some of these changes include moving away from the traditional safeguards for mitigating these risks such as higher thresholds for medical records, paramedical exams, and agent involvement. In some cases, the requirements were eliminated entirely. This was a direct result of the difficulty in getting these requirements when business hours were reduced or closed, and social distancing was the norm.
We also began more automated solutions and accelerated processes which rely on new digital tools. These digital tools are effective in most cases, but they were not designed to defeat the type of systemic fraud we see as evidenced by the increases.
Top all of this off with the push automation for certain claims. Many companies are not requiring death certificates, and death records are easy to falsify.
This makes life insurance a perfect environment where there is little risk of getting caught, and even if one does, generally there are few legal ramifications if any.
You mentioned new, digital tools for underwriting. Do they work?
Yes, to a point. The new digital tools are great, but like all tools, they have their limitations. Prescription checks and lab checks do not have 100 percent coverage, and if someone is interested in defrauding an insurer, there are ways around detection which, for obvious reasons, would be inappropriate to share. Also, these tools are not adept at detecting the true identity of the person who is making application for the coverage. This is the biggest threat I see to the financial health of insurance companies
Can you expand upon that?
Sure. While we are seeing more health misrepresentations on applications within the claims we are investigating, we see the largest threat to be the systemic fraud from applications taken by people posing as someone else when applying for coverage. Fraudsters do this in a couple of ways. First, they can steal the identity of a person who is either ill or at a high risk of death. Once they steal the identity of this person, they pose as that person when applying for life insurance. The second way to do this is to create a synthetic identity.
Interesting. What is a synthetic identity and how can they be created?
Synthetic identities are made-up identities that do not represent a real person. They are fake, and this is hitting the financial industry particularly hard. Some prominent sources including the Federal Reserve Board and Forbes have stated that this type of fraud is the fastest growing financial fraud, and life insurance is not immune. To create a synthetic identity, the perpetrator must first choose the name, Social Security number, and date of birth that they want to create. They then apply for credit knowing the credit will initially be declined, but this creates a profile with the credit bureaus. Rinse and repeat. They continue to apply for credit, and as the application history builds, so does the profile of the synthetic identity. Eventually, they will get some level of secured loan which they pay off. This raises the credit profile. They continue borrowing and paying off the credit until they get it to the point that they perform a “break out” by taking out larger loans and then disappearing.
In the context of life insurance, they find an unidentified body and claim it as the synthetic person, or they simply falsify death records.
Detecting a synthetic identity is difficult because the perpetrators spend years cultivating them. Even the credit bureaus are having tremendous difficulty with this which is why we have heard and believe that some form of biometric identity verification will become standard for certain financial transactions in the not-too-distant future.
Of the two schemes, which is the most common?
As sexy and concerning as synthetic identities are, stealing the identities of people at high risk of an early death and then posing as that person when applying for coverage is by far the greatest concern. This scheme isn’t new. What is new is the degree in which it is occurring due to the reasons we have already discussed. As to synthetic identities, what is concerning is when the identity stolen has multiple synthetic identities, as described below.
Keep in mind that there are organized groups who perpetrate life insurance fraud and whose members will have multiple identities that are used for different purposes. A person’s medical records may have one date of birth, but the person has other dates of birth and social security numbers they use for other records such as life insurance, legal matters, etc. This allows fraudsters to circumvent current underwriting tools looking for prescriptions or lab results, as the identifiers provided on the application don’t match the identifiers on the potential records. It also becomes easy to switch identities at time of death so that the person who died becomes the person who is on the insurance policy, which has aged to the point where the claim is unlikely to be questioned. We’ve learned that in many cases, the information reported on death certificates has been self-reported to the funeral home by the insured’s “family.” In reality, the “family” are other members of these organized groups who provide the funeral home the identifiers that match the identifiers on the policy. Assuming the policy is outside the contestable period, the claim receives little scrutiny and the benefits are paid.
How can an insurance company protect itself from systemic fraud and wagering contracts?
The best way to mitigate the risk of these types of contracts is to know the actual identity of the applicant—not who they say they are, but who they actually are. Checking that the name on the application has a real credit record doesn’t stop this type of crime. Insurers have to identify the applicant despite who they claim to be. This is true whether the applicant is a sibling posing as someone who is involved in gangs or whether the applicant is posing as the patient whose identity they stole.
Knowing the applicant involves many factors including database verification techniques and knowing the actual location of the applicant—not the IP address, but the physical postal address where the applicant is. We also believe that biometrics will become the new norm in a few years. The financial industry is ahead of the insurance industry on this, but it is bound to happen. Biometric identification can take many forms including voice patterns, facial recognition, and even how a user interacts with their cell phone.
It is because of the fraud we see getting through underwriting that we developed Prodigi. Prodigi is a software suite of tools that was designed specifically to speed the life insurance application process while mitigating the risk of the type of fraud we see getting through underwriting today.