Open-source intelligence (OSINT) and data enrichment are valuable allies to help flag suspicious activity.
The shift to doing business in the digital realm has sparked a revolution in insurance. The convenience of having customers apply online, via an app or website, means companies waste less time taking down their details manually and more time customizing the offering to suit their needs. Meanwhile, a wealth of tools help streamline the workflow for agents in areas such as customer relationship management (CRM) systems, document signing, planning and more.
Agents and consumers alike agree that the 24/7 communication opportunities that digital technology provides is vital, at 53% and 52% respectively, according to a 2021 Nationwide survey. The same survey shows that 93% of agents believe digitization has helped them become more successful.
But digitalization isn't a flawless development. Among other things, the digital realm has also opened the insurance world up to higher levels of fraud. However, digitalization also holds the key to combating it.
When it comes to embracing technology that can make insurance agents work better and smarter and can flag suspicious activity, open-source intelligence—OSINT for short—and data enrichment can be a valuable ally.
OSINT refers to intelligence gathered from publicly available sources, including but not limited to newspapers, magazines, web pages, government databases and registers, books and so on. Considering the vastness of this data, it is key to have efficient methodologies and tools to locate and collate the data that is useful to an investigation.
Over time, software has been developed to make better use of OSINT, which is being employed by professionals and amateurs alike. A simple example is a Google Scholar search.
In the fraud detection and prevention sector in particular, OSINT is helpful in identifying bad actors and minimizing the risks for organizations of all shapes and sizes through enriched data.
Proactive Fraud Prevention at Signup
OSINT is helpful to quickly assess the legitimacy and intentions of a new user who has created an account via an app or website. Research by Aite-Novarica Group estimates that average fraud rates at FinTech companies are as high as 0.3%—which may sound limited until you consider that credit cards, which famously are at high risk of fraud, have half that rate, at 0.15%.
Further, cybercriminals like to try their hand at defrauding companies in newfangled sectors, as there are more likely to be gaps in defenses. Additionally, the digital nature generally associated with any new sector also presents opportunities for fraudsters to assume fake identities with more ease.
OSINT allows cybersecurity experts to screen users and applicants as they join the platform, using their email address or phone number. There's an incredible amount to learn from running a few targeted searches on Google, social media and other online platforms using just this basic information. When this is done automatically using a list of primary data and then enriching it, it's called data enrichment and helps both humans and algorithms make quicker and better-informed decisions.
While the results of such a search are all public information, it can tell us a lot more than you might expect. For example, we can determine the following information just from someone's email address:
- Do they have social media profiles? How many and on which platforms?
- Have they ever fallen victim to a data breach? If so, when did it occur?
- Are they using a free or paid email service? Is it a professional account?
- When was the domain registered and with who?
- Do they have accounts on instant messengers, such as WhatsApp and Viber?
- If there are any public aspects to the above profiles, do they agree with the information they have provided at signup? Are these profiles consistent with each other?
Why does this matter? The absence of a lot of these data points can alert us to a fraudulent attempt, as can obvious discrepancies. Cybercriminals are known to take the time to create new email addresses for the fake and synthetic identities they will assume. They will also employ various tools to hide their real-world geolocation, IP and device. However, it is counterintuitive for them to create dozens of social media accounts for each attempt—most of which will, statistically, fail.
For new customers signing up to an InsurTech app account, all these data points come together to enrich data and trigger specific security checks. This is by no means a black or white situation. What these checks will do will depend on the assigned risk rating, as well as on an individual company's risk appetite. It also helps comply with any anti-money laundering (AML) and customer due diligence (CDD) requirements set by law or standards bodies.
It is, for instance, generally considered best practice to introduce a hard know-your-customer (KYC) check for users considered medium to medium-high risk, asking them to prove their identity via video chat or by uploading certain documents. Those who receive a very high-risk score can be automatically blacklisted if the company chooses to do so.
Data Enrichment and Underwriting
When implemented correctly and informed by historical data and industry trends, data enrichment can be a good starting point to weed out fraudsters. However, some might still slip through the cracks to create an account and proceed to apply for a scheme, looking to go through the motions that will allow them to defraud you for as much money as possible.
This is where underwriting comes in, including automated checks by the system and the in-depth investigative work of underwriters. Data enrichment can be of great help at this stage by collating and presenting to underwriters the full picture of applicants' and claimants' public online presence, including social media and other profiles, with the information and posts on these accounts providing invaluable insight during investigations into who they are and their general conduct, patterns and habits.
Moreover, scenarios such as claims fraud, subrogation or financial crime and money laundering attempts can be better identified using OSINT tools, helping us ensure the applicant or claimant is who they claim to be and that their requests are legitimate.
In addition to credit scores and application data, underwriters can glean additional intelligence from looking at reverse email and phone lookup results for a claimant. These can be found via manual application programming interface (API) calls or be the result of data enrichment. When the picture is not as clear, such information can be invaluable to decision-making and can even hint at a stolen identity. This functionality can be fully integrated into the process by introducing machine learning-powered risk scoring—which, especially in InsurTech, can make or break a startup by helping stop fraud early and safeguarding funds.
Into the Future
Meanwhile, industry insiders, including Deloitte in a recent report, expect underwriting by machine to play a major role moving forward. This will be empowered by artificial intelligence (AI) and relying on new source forms of data and more individualized risk selection.
Others are less certain about AI underwriting and focus more on the opportunities of a hybrid underwriting system, where AI and human underwriters work hand in hand with machines helping make sense of the vast swathes of data available and humans having the last word. In both cases, this data will be enriched to power both decisions and manual reviews.
Certainly, data enrichment in insurance is a question of “how" rather than “if." On many levels, these modules are already present and useful.
Gergo Varga has been fighting online fraud since 2009 at various companies—even co-founding his own anti-fraud startup. He's the author of the “Fraud Prevention Guide for Dummies – SEON Special Edition." Varga currently works as the senior content manager/ evangelist at SEON.