Visualize: Insights that power innovation

How device-based intelligence can expose insurance fraud

By Barbara Sohn  |  January 1, 2015

Max Anhoury and John Cantwell sat down with Barbara Sohn, Visualize editor and assistant vice president, Corporate Marketing, to discuss device reputation, a powerful technology that can prevent fraud by exposing the reputation of online devices. Industries face online threats continually. Adding device-based intelligence to the fraud detection process can reduce fraud and save millions of dollars.

Barbara Sohn: Max, I’ll start with you. What is device reputation?

Max Anhoury: Device reputation is a service that focuses on the hardware used by a consumer to conduct a transaction through the web — and the online history of that particular device. The hardware could be any type of PC, laptop, tablet, or smartphone, or even other devices that connect to the Internet, such as a smart TV, gaming console, or wearable technology. In the insurance world, the transaction could be a quote, claim report, logging in to an online policy management account, or other interaction. The unique aspect of device reputation is that it doesn’t require evaluation of personally identifiable information or login credentials. Rather, it can rely solely on the status, or reputation, of the device itself to determine if there’s reason for concern.

Sohn: Can you give us an example of how that works?

Anhoury: Sure. I’ll use an example from the credit card industry. Imagine a criminal in the business of securing new credit cards or buying online goods from retailers by using stolen information from one of the recent data breaches. That person is using the stolen identities or credentials to apply online for a credit card in the victim’s name or to use stolen payment credentials to make purchases with different names and addresses. It’s very difficult for the bank to connect one individual with dozens or hundreds of false or stolen names and addresses. It’s even more complex if the perpetrator spreads his or her activity across many different banks and lenders. But a device reputation service can identify whether the perpetrator used the same computer or smartphone, or if he or she used associated devices, even if none of the personal information is connected to the other transactions.

Sohn: Max, in your credit card example, you mention that the device reputation service can help even if the perpetrator was trying to deceive multiple banks. How does that work?

Anhoury: Our service depends on the concept of a consortium, namely, all of our subscribers working together to fight fraud and abuse across many industries, including insurance, finance, retail, gaming, telecommunications, and so forth. Each credit card company subscribing to the service captures information about the device used in every transaction and reports those details to iovation’s device reputation service. Then, in the credit card example, as new online credit card applications are processed, the bank can reach out to the cybercrime intelligence network in real time. As an example, the bank may decide to flag the application if more than ten other credit card applications used the device in the past 60 days. The bank may also flag the application if another bank reported that the device was directly associated with obtaining a fraudulent credit card — or if there were risk factors associated with the device, such as a device trying to obscure its identity by routing through the Tor network or originating from a risky country or IP address.1

1. Tor, or The Onion Router, enables anonymous communication and directs Internet traffic through a free network with thousands of relays to conceal a user’s location and activity.

Infographic depicts device reputation workflow
Above is an illustration of how a device reputation service works at various high-risk customer touch points, such as quote, claim processing, and login.

Sohn: John, this is fascinating technology. How can insurers use it to help fight insurance fraud?

John Cantwell: As Max mentioned, folks are using more and more types of mobile and other Internet-enabled devices to conduct business. It’s becoming easier to shop for insurance in a variety of ways, but that ease of doing business comes with risks. iovation’s device reputation is a technology that provides an additional layer of protection without slowing the shopping process or adding significant data costs.

Sohn: Can you provide examples of what device reputation can help identify?

Cantwell: Sure. Our insurance customers are increasingly concerned about “ghost” or “street” brokers. Those brokers aren’t authorized or appointed by an insurance company but use a carrier’s direct web portal to secure a new policy on behalf of a consumer. In many cases, the policyholder is paying the ghost broker an excessive fee and may not even receive a legitimate policy. A device reputation solution helps an insurer identify a quote from a street broker because the device will have likely been used for many other quotes across multiple insurers. That’s similar to the credit card example because it identifies a situation with a high volume of transactions that an individual consumer wouldn’t normally conduct.

Sohn: John, besides the street broker situation, are there other scenarios where device reputation can help fight insurance fraud?

Cantwell: Insurance fraud and misrepresentation can take many forms. Some people will obtain a policy and pay the deposit installment with a bad checking account number or stolen credit card. In some states and programs, an insurer can cancel a policy back to its inception if the insurer identifies fraud or misrepresentation on the application. And in some cases, insurers are successful in prosecutions of insurance fraud related to underwriting or claims scenarios. The point is that aggregating the devices used in any of those or similar situations can help the industry fight fraud.

Another interesting aspect of the iovation consortium is that it offers “cross-industry” searching. For example, it would be helpful for an insurer to know if the device used for today’s insurance quote was also used to obtain 400 credit cards in the prior 90 days.

Sohn: Max, can you give us a real-world case of how iovation has used its device reputation service to fight insurance fraud?

Anhoury: Absolutely. In a specific fraud case encountered by a U.K. insurer, iovation’s device-based intelligence helped identify and stop a fraud ring. The fraud ring bust saved the insurer £2.3 million.

Sohn: Max, how difficult is it for an insurance company to implement a device reputation program?

Anhoury: iovation offers a straightforward process requiring only limited systems work. The insurer installs a small bit of code on its quoting, claims, or authentication platform that captures the information associated with the device during the insurance transaction. That can support transactions originating in both web browsers and mobile apps, and it’s completely transparent to both good customers and online criminals.

Infographic: What steps do insurers take to identify a fraud ring?
Here’s a depiction of the fraud ring from the perspective of the device used to purchase the original auto policy. The original device was tied to the nine IP addresses shown. Each of the nine IP addresses was in turn associated with one or more policies: two for London Sky Broadband, three for one of the UK IPs, seven for Manchester Sky Broadband, and one for the other IPs.

Sohn: John, a final question for you. There seems to be a high level of interest among insurers for fighting fraud at the point of sale. Yet the customer experience is so important in terms of attracting and retaining policyholders. How do we strike the balance?

Cantwell: Insurers that successfully execute both effective fraud fighting and a positive customer experience will gain a strong advantage. The personal auto business is particularly competitive. Attractive pricing is critical, but so is a fast and easy quote and purchase process. At the same time, carriers need to protect themselves against the small percentage of applicants intent on committing fraud. What better way to do that than at the point of quotation, even before incurring risk? We think a well-integrated set of solutions that can help insurers strike the right balance will provide a winning formula.

Max Anhoury

Max Anhoury, vice president, Global Partnerships, iovation, brings more than 25 years of technology experience to iovation, where he’s worked for the past 6 years. Max is responsible for the oversight and success of iovation’s partner program and driving strategic growth for the company. He has extensive expertise in combating fraud in the financial and insurance sectors.

John Cantwell

John Cantwell, vice president, Auto Product Management, Verisk Insurance Solutions – Underwriting, is responsible for product management and branding strategy and leading the development and launch of innovative new products. Before joining Verisk, he was vice president of underwriting and product development at AIG Direct/21st Century Insurance.