{"id":20066,"date":"2020-10-28T02:00:00","date_gmt":"2020-10-28T06:00:00","guid":{"rendered":"https:\/\/lifeinsurance-orleans.ca\/Life-Insurance-Blog\/a-shared-solution-to-account-takeover-fraud\/"},"modified":"2020-10-28T02:00:00","modified_gmt":"2020-10-28T06:00:00","slug":"a-shared-solution-to-account-takeover-fraud","status":"publish","type":"post","link":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/2020\/10\/28\/a-shared-solution-to-account-takeover-fraud\/","title":{"rendered":"A shared solution to account takeover fraud"},"content":{"rendered":"
<\/div>\n

Last week, LL Global, the parent company of LIMRA<\/a>, announced the successful one-year anniversary of a shared industry solution that has helped financial-services companies contain the threat of a specific type of insurance fraud<\/a>.<\/p>\n

The solution, called FraudShare, has been the subject of widespread industry interest in the United States. Since its inception, 42 companies have integrated it into their fraud prevention programs, and many others are either undertaking due diligence or well on their way toward adoption. As it stands, the application is poised to cover U.S. companies representing 75% of the in-force life insurance market, 70% of deferred annuity assets, and 30% of the defined-contribution plans market in the country.<\/p>\n

\u201cFraudShare was designed to help combat account takeover attacks perpetrated by unknown, unrelated third-party impostors,\u201d explained Russ Anderson, head of LL Global\u2019s Financial Crimes Services. \u201cThese are individuals who have no relationship or connection to the policy owner or the customer who owns the account they\u2019re attacking, and no relationship or connection to the agent or the company.\u201d<\/p>\n

Anderson explained that the criminals behind ATO attacks are typically foreign-based individuals who obtain people\u2019s personal information through the dark web. While it has been prevalent in the banking and credit-card industries for many years, he said it didn\u2019t spread to the insurance and retirement services markets until 2017 to 2018, when fraudsters realized that people\u2019s insurance policies and retirement accounts could be tapped for vast sums of money.<\/p>\n

\u201cThat\u2019s when they attacked with a vengeance,\u201d he said. \u201cWhen they got data on someone, they don\u2019t necessarily know where that person has an insurance policy, so they contacted each company one by one \u2013 through the call centres, the company websites, or sometimes even through the companies\u2019 fax and phone numbers \u2013 just to find out where their victim has an insurance policy.\u201d<\/p>\n

Once a company confirmed that their victim has a policy with them, fraudsters could proceed to hijack the person\u2019s account and attempt to withdraw funds. If they\u2019re successful, the insurance company was left holding the bag and had to reimburse the customer. Beyond the financial cost, insurers hit with that type of fraud also suffered a blow to their reputations.<\/p>\n

As is the case with all nascent threats, the industry was initially unprepared and vulnerable, but companies soon caught on and beefed up their authentication and disbursement protocols to help detect and prevent ATO fraud. Around that time, when LL Global found out about that threat from LIMRA\u2019s member companies, it pulled different industry representatives from different companies together to learn more and thought about what could be done to fight that fraud activity.<\/p>\n

\u201cIn the early days when this fraud was just starting to occur, a lot of companies had informal networks up and running,\u201d Anderson said. \u201cIf they got hit by a particular fraudster, they\u2019d contact others they had a relationship with and were able to share intelligence around who the fraudsters were and their methods of attack, to help them better prepare.\u201d<\/p>\n

That led to a simple idea: to have an application that would let companies share information on fraud with each other in a safe, secure, and easy manner. And since fraudsters still can\u2019t easily know where their victims have an account, Anderson said, they still have to contact companies one after another, which opens a window for already-contacted companies to put others on notice.<\/p>\n

\u201cWhen other companies get that data, they can use it to be on the lookout,\u201d he said. \u201cWhen that fraudster does attempt to contact them, some red flags go up and they can shut the transaction down accordingly.\u201d<\/p>\n

From there, a founders\u2019 council composed of 10 companies helped design, build, and implement the application in roughly a year. In the 12 months since its launch, FraudShare has helped participating companies detect and\/or prevent 55 ATO attempts. Based on statistics collected by the app, a company can report between three and five attacks a month; the average fraudulent disbursement requested is US$71,000 from an average account value of US$251,000.<\/p>\n

With those and other key statistics, Anderson said companies can get a better sense of the extent and nature of attacks they\u2019ve experienced, as well as those of their peers. Because of that, they\u2019re able to conduct a more informed benchmarking process and determine which areas, if any, they should redouble their fraud-prevention efforts in. Those statistics, he added, won\u2019t be adulterated with numbers from banks, credit-card, and lending institutions like typical reports and studies on fraud in the financial-services industry, enabling a sounder decision-making among insurers.<\/p>\n

Generally speaking, ATO attacks in the U.S. industry has levelled off and declined since COVID-19 hit, but that doesn\u2019t necessarily mean insurers can breathe easy<\/a>. Other types of fraud are on the rise: aside from elder exploitation and romance scams, individual consumers are being targeted with ransomware and malicious emails. Institutions, universities, and healthcare providers are also being hit with ransomware attacks.<\/p>\n

\u201cAs a result of them being successful in these other schemes, they\u2019re harvesting additional customer data, personal information related to all the individuals that they’re attacking,\u201d Anderson said. \u201cThat data is now making its way to the dark web, and it will eventually be used by these fraudsters to then target the individual’s financial accounts.\u201d<\/p>\n

With the view that everything comes and goes in cycles, Anderson maintained that the ATO threat will eventually resurface in the near future: as governments and other entities get wise and become better equipped to fend off COVID-related schemes, fraudsters will move on and use the data they\u2019ve reaped to implement ATO attacks. With that in mind, he said it\u2019s important to keep strengthening the FraudShare system by growing the network further.<\/p>\n

\u201cFraudsters targeting insurance policies don\u2019t necessarily care whether the company is Canadian or U.S.-based, so we believe and know there\u2019s great value in bringing additional members into the mix,\u201d he said. \u201cThrough some initial conversations with members in Canada, we\u2019ve confirmed that ATO attacks are also a concern there.\u201d<\/p>\n

Anderson has made overtures to a handful of leading Canadian insurance companies, demoing the FraudShare app and inviting them to be part of a mini-founders\u2019 council; as of now, the priority is to help evaluate protocols, data security procedures, privacy rules and regulations to ensure everything is applicable to the Canadian market. Longer-term, LL Global said it plans to launch FraudForum, a platform that will allow companies to interact with each other regarding a wide variety of fraud topics beyond account takeover including incidents, training, controls and other best practices<\/p>\n

\u201cI\u2019m optimistic that it\u2019s going to work out, and I hope to officially make FraudShare available in the Canadian market by the end of the year,\u201d Anderson said.<\/p>\n

Read the original article at https:\/\/www.lifehealthpro.ca\/rss\/ <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Last week, LL Global, the parent company of LIMRA, announced the successful one-year anniversary of a shared industry solution that has helped financial-services companies contain the threat of a specific type of insurance fraud....<\/p>\n","protected":false},"author":578,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[],"tags":[],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/posts\/20066"}],"collection":[{"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/users\/578"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/comments?post=20066"}],"version-history":[{"count":0,"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/posts\/20066\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/media?parent=20066"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/categories?post=20066"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.lifeinsurance-orleans.ca\/index.php\/wp-json\/wp\/v2\/tags?post=20066"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}