A shared solution to account takeover fraud

Success of anti-insurance fraud application could soon be replicated in the Canadian space

A shared solution to account takeover fraud

Last week, LL Global, the parent company of LIMRA, announced the successful one-year anniversary of a shared industry solution that has helped financial-services companies contain the threat of a specific type of insurance fraud.

The solution, called FraudShare, has been the subject of widespread industry interest in the United States. Since its inception, 42 companies have integrated it into their fraud prevention programs, and many others are either undertaking due diligence or well on their way toward adoption. As it stands, the application is poised to cover U.S. companies representing 75% of the in-force life insurance market, 70% of deferred annuity assets, and 30% of the defined-contribution plans market in the country.

“FraudShare was designed to help combat account takeover attacks perpetrated by unknown, unrelated third-party impostors,” explained Russ Anderson, head of LL Global’s Financial Crimes Services. “These are individuals who have no relationship or connection to the policy owner or the customer who owns the account they’re attacking, and no relationship or connection to the agent or the company.”

Anderson explained that the criminals behind ATO attacks are typically foreign-based individuals who obtain people’s personal information through the dark web. While it has been prevalent in the banking and credit-card industries for many years, he said it didn’t spread to the insurance and retirement services markets until 2017 to 2018, when fraudsters realized that people’s insurance policies and retirement accounts could be tapped for vast sums of money.

“That’s when they attacked with a vengeance,” he said. “When they got data on someone, they don’t necessarily know where that person has an insurance policy, so they contacted each company one by one – through the call centres, the company websites, or sometimes even through the companies’ fax and phone numbers – just to find out where their victim has an insurance policy.”

Once a company confirmed that their victim has a policy with them, fraudsters could proceed to hijack the person’s account and attempt to withdraw funds. If they’re successful, the insurance company was left holding the bag and had to reimburse the customer. Beyond the financial cost, insurers hit with that type of fraud also suffered a blow to their reputations.

As is the case with all nascent threats, the industry was initially unprepared and vulnerable, but companies soon caught on and beefed up their authentication and disbursement protocols to help detect and prevent ATO fraud. Around that time, when LL Global found out about that threat from LIMRA’s member companies, it pulled different industry representatives from different companies together to learn more and thought about what could be done to fight that fraud activity.

“In the early days when this fraud was just starting to occur, a lot of companies had informal networks up and running,” Anderson said. “If they got hit by a particular fraudster, they’d contact others they had a relationship with and were able to share intelligence around who the fraudsters were and their methods of attack, to help them better prepare.”

That led to a simple idea: to have an application that would let companies share information on fraud with each other in a safe, secure, and easy manner. And since fraudsters still can’t easily know where their victims have an account, Anderson said, they still have to contact companies one after another, which opens a window for already-contacted companies to put others on notice.

“When other companies get that data, they can use it to be on the lookout,” he said. “When that fraudster does attempt to contact them, some red flags go up and they can shut the transaction down accordingly.”

From there, a founders’ council composed of 10 companies helped design, build, and implement the application in roughly a year. In the 12 months since its launch, FraudShare has helped participating companies detect and/or prevent 55 ATO attempts. Based on statistics collected by the app, a company can report between three and five attacks a month; the average fraudulent disbursement requested is US$71,000 from an average account value of US$251,000.

With those and other key statistics, Anderson said companies can get a better sense of the extent and nature of attacks they’ve experienced, as well as those of their peers. Because of that, they’re able to conduct a more informed benchmarking process and determine which areas, if any, they should redouble their fraud-prevention efforts in. Those statistics, he added, won’t be adulterated with numbers from banks, credit-card, and lending institutions like typical reports and studies on fraud in the financial-services industry, enabling a sounder decision-making among insurers.

Generally speaking, ATO attacks in the U.S. industry has levelled off and declined since COVID-19 hit, but that doesn’t necessarily mean insurers can breathe easy. Other types of fraud are on the rise: aside from elder exploitation and romance scams, individual consumers are being targeted with ransomware and malicious emails. Institutions, universities, and healthcare providers are also being hit with ransomware attacks.

“As a result of them being successful in these other schemes, they’re harvesting additional customer data, personal information related to all the individuals that they're attacking,” Anderson said. “That data is now making its way to the dark web, and it will eventually be used by these fraudsters to then target the individual's financial accounts.”

With the view that everything comes and goes in cycles, Anderson maintained that the ATO threat will eventually resurface in the near future: as governments and other entities get wise and become better equipped to fend off COVID-related schemes, fraudsters will move on and use the data they’ve reaped to implement ATO attacks. With that in mind, he said it’s important to keep strengthening the FraudShare system by growing the network further.

“Fraudsters targeting insurance policies don’t necessarily care whether the company is Canadian or U.S.-based, so we believe and know there’s great value in bringing additional members into the mix,” he said. “Through some initial conversations with members in Canada, we’ve confirmed that ATO attacks are also a concern there.”

Anderson has made overtures to a handful of leading Canadian insurance companies, demoing the FraudShare app and inviting them to be part of a mini-founders’ council; as of now, the priority is to help evaluate protocols, data security procedures, privacy rules and regulations to ensure everything is applicable to the Canadian market. Longer-term, LL Global said it plans to launch FraudForum, a platform that will allow companies to interact with each other regarding a wide variety of fraud topics beyond account takeover including incidents, training, controls and other best practices

“I’m optimistic that it’s going to work out, and I hope to officially make FraudShare available in the Canadian market by the end of the year,” Anderson said.