Takeover Terminated: Preventing Life Insurance Account Takeover with Data and AI

This article originally appeared in the Anti-Fraud Alliance email newsletter and is re-published here with permission.

Life insurance fraud is the second most expensive type of insurance fraud in the United States, with losses totaling an estimated $74.4 billion per year. Anecdotally, many carriers note that, while insurance fraud detection rates are falling, they fear that it may be because flocks of fraudsters equipped with AI are flying under the radar. 

Certainly, life insurers make for appealing fraud targets. Life insurance policies, annuities and retirement account values tend to be higher than the checking or savings accounts held at traditional banks. Adding to the allure, insurers of all kinds have historically invested far less in robust fraud defenses than their banking counterparts. Many carriers, even the well-established players, still rely on antiquated fraud controls like knowledge-based authentication questions to reroute emerging fraud threats.

One particular attack vector troubling insurers in the wake of increased digitalization is life insurance account takeover (ATO). The Life Insurance Marketing and Research Association’s (LIMRA) 2023 FraudShare annual report found that life insurance ATO incidents grew by 13% in 2023, with more than nine ATO incidents detected each month on average.

It's little wonder; committing life insurance fraud is easier than ever. With the popularization of readily accessible generative AI tools, everything that makes artificial intelligence an effective tool to combat fraud is being weaponized by bad actors at every turn. Even “citizen fraudsters” can wield sophisticated deepfake technology, which requires little to no AI skills, to successfully defraud life insurers. 

Two virtual checkpoints in the life insurance ecosystem are particularly vulnerable to exploitation: 

1. The policy application. Information gathered at the time of policy application – or even amidst policy changes – via customer portals (i.e., in a purely digital environment) can be easily exaggerated or blatantly misrepresented.
2.  At account login. AI can enable fraudsters to bypass multifactor authentication and gain access to customer accounts, often without detection by the insurers or the customers.

As ATO attacks climb, securing these facets of the policyholder journey has become an imperative.

Trends in fraud-fighting technology

A recent cross-industry anti-fraud technology study by SAS and the Association of Certified Fraud Examiners (ACFE) revealed that automated business rules and anomaly detection/exception reporting are the data analysis techniques most prevalently used by insurers to combat fraud, cited by 81% and 62% of insurance respondents respectively.

Unfortunately, neither of these techniques is altogether effective at detecting AI-powered ATO attacks, because such attacks are designed to mimic a legitimate customer or policyholder. Unraveling supercharged ATO schemes requires higher caliber anti-fraud technology.

So, where do insurers sit on the advanced analytics maturity curve? The ACFE and SAS’ joint research found that:

• Only two in five (40%) insurance respondents indicated that they use predictive analytics/modeling in their anti-fraud programs.
• Notably, less than a quarter (24%) reported using AI or machine learning (ML) to fight fraud. These findings highlight an imbalance that may be among the reasons insurers are being outmaneuvered by the crooks.

Most carriers aren’t using AI- and ML-fueled countermeasures to combat ATO and other emerging fraud threats – or at least not to the same degree that fraudsters are applying them to criminal ends. Turning the tables requires fighting AI…with AI.

Seizing the machine learning advantage

Machine learning (ML) is a form of AI with enormous potential in unraveling advanced fraud modalities. ML algorithms learn from data, identify patterns and make decisions with minimal human intervention, making them adaptable in thwarting increasingly sophisticated and novel attack vectors.

With ML, a life insurer can authenticate the policyholder behind every device, while enhancing its ability to move good customers through their digital journey faster and deliver a “wow” experience. As a further benefit, the reduction in false positives can help bolster the insurer’s brand reputation and target state actors and citizen fraudsters alike with higher rates of success.

ML is especially suited for this task, because it employs champion and challenger models and A/B testing of data and service providers. Insurers can compare approaches to a comprehensive and impactful identity strategy and deploy what works best in seconds. With ML, insurers can take advantage of a reliable and scalable identity-proofing strategy.

The trouble with data

Insurers often face considerable challenges in implementing an AI-powered plan of attack. Among them, the SAS-ACFE study revealed that eight in 10 insurance respondents named poor data quality or integration a moderate (48%) to major (32%) challenge – second only to budgetary restrictions, cited by 85% of respondents.

More broadly than data quality and integration, data orchestration cannot to be overlooked. Multiple disparate data sources must be harnessed to develop optimally robust capabilities to effectively address ATO fraud at vulnerable points of access. These data sources could include device biometrics, public records, account details and more. Consortium data can be another impactful tool.

Of course, it’s not enough to simply have tons of good data. All this information needs to be coordinated in real-time during a login, application or other engagement. By choosing the right platform, insurers can readily establish a durable data ecosystem and deploy sufficiently advanced AI/ML capabilities to address not only fraud risks but other business needs across risk management and customer engagement.

Conclusion

Protecting customer assets is a foremost priority for life insurers. To terminate account takeover and prevent and detect other forms of life insurance fraud, carriers and antifraud practitioners must prepare to meet in the virtual field of combat with all the technological ingenuity fraudsters possess — and all the integrity they lack.