Whos Who

WHERE ITS HAPPENING

Identity theft can be found in a number of fraud cases, reports Rioux. It is used in auto injury claims cases, medical billing, theft by deception, and other means. Organized insurance fraud rings and individuals who commit insurance fraud continuously work to stay one step ahead of the game, says Rioux. They have begun to realize some companies are starting to use more advanced technologies, business processes, and investigative techniques to expose them.

While the issue often is viewed as a consumer problem, Rioux points out some thefts often end up in the hands of insurance carriers that insure the victims. Assuming the identity of another person allows the individuals to orchestrate the fraud and protect their true identity while distancing themselves from being caught, says Rioux.

A common area for identity theft involves first-party auto injury claims for medical billing fraud. A persons identity can be stolen and used by a fraud ring to commit medical billing fraud, says Rioux. The medical billing company can submit fraudulent bills for medical examinations, treatment, diagnostic testing, and physical therapy to the auto carrier for payment on some or all of the alleged services never provided. Such fraud often is committed in states with no-fault insurance systems. No fault allows for medical bills to be paid directly to a provider for injuries resulting from an auto accident, regardless of fault, he says.
Theft-by-deception cases have been on the rise, Rioux continues, mentioning a case in which an insured car dealer sold five used vehicles to different people using assumed identities. The stolen identity information allowed the individuals to pass credit checks and subsequently arrange for financing to purchase the vehicles and take delivery, he says.

A similar case involved people fraudulently applying for insurance and then buying vehicles from a dealership. The people listed on the insurance policies and the sales agreements were found to be victims of identity theft, he says. Someone had stolen a military persons identity and also that of a city worker living in different states who had no knowledge of the vehicle purchases made.

Crooks at Fair Isaac points out insurers dont know the extent of the identity fraud problem in their industry because there is no single reporting mechanism. There isnt one place where every insurance company can call up and say, We got taken, this is how they got us, and this is how much we lost, he says.
The issue can cross over into the life insurance side, as well. People take out life insurance policies on someone without the insured knowing about it, with the beneficiaries portraying facts about themselves incorrectly. Another area of concern, adds Crooks, is healthcare and the increasing use of card-based care with stored value cards.

HOW TO STOP IT

Much of the concern with identity arose from the passage of the USA PATRIOT Act by Congress, which among other things, required businesses to check their payment schedules against a list provided by the Office of Foreign Assets Control (OFAC) run by the Department of Treasury. Trey Hardy, internal auditor for Germania Farm Mutual Insurance, believes insurers were unsure where they stood with regard to the PATRIOT Act, and many purchased solutions such as the one Germania bought from Penley, Inc. Penley offers a Web-based tool that was attractive to Germania because there was no administration needed by the insurer and no system requirements.

Our major risk is we dont always know whom we are paying claims to, says Hardy. That was my major concern. How can we make sure we have some sort of monitoring of this? The Penley product filled many of Germanias requirements. We needed something quick and streamlined, says Hardy. We were looking for something that wouldnt cause a lot of red tape or create another job.

All of the carriers claimants are run through the system as well as new customers and additional interests. Every 90 days, the entire list is reviewed. Even smaller companies such as Germania must be prepared for anything, cautions Hardy. You cant control whom your customers come in contact with, he says. And sometimes you are targeted [by fraud rings].
Identity theft is on the rise in the U.S. and getting worse, says Cleve Shultz, executive vice president of Penley. It is easy to get someones identity or invent a new identity, asserts Shultz. We use third-party data and take a combination of names, Social Security numbers, addresses, and more to verify against a third party and determine whether its reasonable to believe the people are who they say they are.

In addition to the Web service, Penley also offers its system as a SOAP API. You cant be tied to one data set, Shultz points out. Penley has access to 20 billion records.

Erie uses an innovative mix of fraud technology, data mining, and predictive software to uncover fraud, says Rioux. Those tools and the review of information against industry external databases represents the best line of defense, he maintains.
Our intelligence analysts are using the technology to help identify both direct and indirect patterns and relationships in claims and claims-related data, Rioux says. Suspicious activity in groups of claims and parties to the loss can be identified. Connections and links can be made to people, identification numbers, vehicles, addresses, or phone numbers used in other claims. Still, someone using an individuals identity with a relatively squeaky-clean history may not stand out in the crowd and would most likely go undetected.

STANDING OUT

Discrepancies in the information provided on an insurance application or claims report can signal a potential identity theft, Rioux believes. By comparing the information supplied against public records, databases, and other sources of information, we can reveal clues to a potential identity problem, he says. It could be something as subtle as an address, phone number, or other reported information not matching up.

Criminals stealing someones identity can get hold of a persons name, birthdate, and Social Security number. Erie investigators are trained to look for red flags, such as the use of a cell phone number as a means of contacting the customer or the use of a rental mailbox as the address. Erie can trace the address to a database of known commercial rental mailbox locations across the country. If the fraud being attempted requires contact information to complete the fraud scheme, then contact information provided may not match the contact information of the person whose identity was stolen, says Rioux.
He suggests insurance carriers have a customer identification program (CIP) in place. Some vendors and software companies already are offering new data tools for CIP compliance, says Rioux.

PROBLEMS ABROAD

Pat Smith, director of Aquilo Business Solutions in Great Britain, points out insurance fraud has been estimated by the Association of British Insurers as costing not less than one billion pounds per year. There is a vigorous movement to tackle fraud in the UK, he says. The Financial Services Authority has charged the industry to produce its plans for tackling fraud, he says. You have to have a strategy.

He adds it is difficult to stay ahead of the criminals, citing greed and overconfidence more than anything intuitive as reasons some fraud has been detected. The popular theory in the UK is 10 percent of the population are liars, 10 percent never lie, and 80 percent will swing either way, he asserts. What the industry is attempting to do is to close that opportunity for those who might swing either way. The majority of customers at any one time are telling the truth. [Stopping identity theft fraud] needs to be about validating truth rather than proving fraud as an outcome.

GOVERNMENT GAPS

Fair Isaacs Crooks believes the whole area of identity theft fraud is confusing because the U.S. governments point of view and the insurance industrys point of view are quite different. The government takes a broad range of possible cases and calls them all identity theft, he says. Bankers break what the government calls identity theft into 12 or 13 different buckets. If you ask bankers how much identity theft they have, its maybe 10 percent of what the government says. If you go to insurance executives and ask what they lose in identity theft, I think the general answer is they dont know. Part of that is because the schemes in insurance are more subtle, they are harder to categorize, and collecting the stats is more difficult.

Many insurers realize theyve been taken by fraud but dont know exactly how. Its an area where theres a bit of fog and confusion because the cleverness of the adversary is pretty much unlimited, says Crooks. There always are new schemes, new ways of doing it. There are technical issues that prevent us from being able to answer questions in a nice crisp way about how big a problem it is.

COMMUNICATION
IS THE KEY

It is important for some governing body or industry to get all the institutions and industries talking to each other, advises Crooks. That could be a complex solution, he acknowledges but insists, We have to link them all together so our systems can talk to each other in real time. Once that linkage goes into insurance, well have a better handle on the losses theyve had and what proportion are due to identity theft.

It also is important to maintain the trust of the customers. Many industries have struggled with e-commerce because of the fear consumers have they will lose their identity over the Internet. Interestingly enough, a restaurant is just as risky a place to use your credit card as the Internet, says Crooks.

SCARY SITUATION

Five years ago, car thieves would steal a car off the street. Today, they will steal someones identity and walk onto a car lot and drive off with a new car the dealer thinks was sold to someone with a perfect credit record. Rioux believes the issue of identity theft will take fraud into the corporate structure of America and the world. Every business, and not just insurance, must continue to look at emerging technologies and other tools that will help prevent, detect, and investigate identity theft, he states. Companies need to be vigilant and do what they can to help protect their customers against fraud and the unauthorized use of information.