NC1703
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
SECURITYUPDATE<br />
PREVENTING<br />
DRIVE-BY FRAUD<br />
MAX ANHOURY, VP GLOBAL<br />
PARTNERSHIPS AT IOVATION<br />
EXPLAINS HOW THE AA USED<br />
DEVICE INTELLIGENCE TO<br />
CATCH INSURANCE<br />
FRAUDSTERS<br />
The observed behaviour seemed to be<br />
harmless. Two Internet-enabled devices<br />
had been submitting less than ten<br />
automotive insurance applications per month<br />
for a couple of years. The steady trickle of new<br />
policies didn't cause alarm until the fraud team<br />
for the Automobile Association (AA), the UK's<br />
largest motoring organisation, noticed an<br />
increasing trend.<br />
"Within a week of taking out the policies,<br />
those customers were calling in to cancel<br />
them," says Stephanie Driscoll, Fraud<br />
Operations Manager for the AA. "We started<br />
listening to recordings of the calls and soon<br />
realised that we were dealing with a group of<br />
five individuals. Each time, the customer was<br />
emphatic that a cancellation letter which must<br />
include a No Claims Bonus declaration should<br />
be issued and sent to them urgently."<br />
In the UK insurance market, ghost brokers<br />
submit applications with falsified or stolen<br />
personal information to get the lowest possible<br />
premium. A cancellation letter featuring a No<br />
Claims Bonus entitlement can to some be a<br />
valuable asset. As soon as the cheap, bogus<br />
policy is sold on to a victim, the fraudsters<br />
quickly cancel the policy, pocket the customer's<br />
payment and quickly disappear.<br />
In an effort to stop such fraud, protect drivers<br />
and preserve its reputation among insurers,<br />
the AA decided to implement devicerecognition<br />
technology from iovation. When<br />
an end user's device interacts with specified<br />
integration points, for example account<br />
creation, application submission, etc. on the<br />
AA's online properties, the iovation solution<br />
can evaluate device attributes and assign it a<br />
unique ID.<br />
Using this method, the AA identified the two<br />
Internet-enabled devices as the sources of all<br />
these mysterious policies and soon suspected<br />
fraud. However, consumer privacy laws<br />
prohibited the AA's fraud team from consulting<br />
with their peers at other insurers about the<br />
personally identifying information provided on<br />
the applications.<br />
"When it comes to collaboration, quite often<br />
we're fighting fraud with one hand tied behind<br />
our backs," says Chris Monk, the AA's<br />
Collections and Fraud Manager.<br />
Using the iovation generated unique device<br />
ID, the AA now had a legal method for<br />
collaboration. The AA posted a query to the<br />
iovation private Fraud Force Community of<br />
over 3,500 global fraud professionals asking if<br />
any other company had encountered these<br />
suspicious devices.<br />
Meanwhile, the City of London Police<br />
approached the AA for information about an<br />
insurance fraud investigation. "We showed<br />
them that their case was linked to numerous<br />
policies we'd already identified using iovation,"<br />
says Driscoll. "Using that data the police<br />
expanded their investigation and<br />
requested more detailed information about<br />
the associated policies and devices. In the<br />
end, we worked closely with the police<br />
over 12 months."<br />
The AA's query had started a productive<br />
conversation at the iovation Fraud Force<br />
Community, where another UK insurer had<br />
also encountered the suspicious devices.<br />
While adhering to UK privacy laws, the two<br />
insurers pooled their observations. They<br />
concluded that the fraudsters were using the<br />
AA's cancellation letters to get cheaper policies<br />
with the other insurer. These policies could<br />
then be sold quickly and profitably on the<br />
black market.<br />
"The City of London Police needed something<br />
to tie the case together. The iovation device<br />
recognition service did exactly that," says<br />
Monk. "By the end of the investigation a solid<br />
case had been built against the fraud ring<br />
involving five automotive insurance<br />
companies." In court, three of the fraudsters<br />
submitted a guilty plea and a fourth was<br />
sentenced for four counts of fraud.<br />
"We're always thrilled when we can contribute<br />
to a fraudster's conviction," says Driscoll. The<br />
AA's fraud team isn't resting on its laurels. They<br />
continue to monitor early signs of fraud and<br />
react immediately to thwart the fraudster's<br />
ongoing attempts. NC<br />
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards<br />
MARCH/APRIL 2017 NETWORKcomputing 21