Poor human judgment and lax telephone security protocols are allowing fraudsters to rip off insurance companies.
Call centers are seen as a weak backdoor for scammers. As insurance companies boost their cyber security profiles, telephone security can be forgotten – exposing vulnerabilities that are being exploited, in a scamming technique called “social engineering”, for big money.
David Dewey, director of research at Pindrop, a telephone security firm, recently spoke to Insurance Business about his company’s “2017 Call Center Fraud Report” and the issues specifically facing the insurance industry.
According to the report, “the insurance industry is … taking severe hits from phone fraud.”
Life insurance policies and policies for mobile phone replacements, in particular, have been heavily hit.
Dewey said about one in every 12,000 calls to life insurance companies are fraudulent. About one in every five of those is successful, he said. For mobile device insurance firms, about one in every 200 calls is fraudulent, while the same one in five success rate applies.
“The major failing is in the knowledge-based authentication questions,” Dewey said. “The problem is they just don’t work.
“It’s very often that the legitimate customer doesn’t know the correct answers to the questions. And those call centre operators are used to dealing with legitimate customers who don’t know the answers.
They’ll oftentimes help them [the customers] work through it.”
The target of call center fraud attacks is the employee on the other end of the line. Call center employees are trained to remedy problems for often disgruntled customers. Taking dozens or hundreds of calls a day, it can be difficult to spot the real from the fake customer.
“One of the most devious and costly [scams] we see is in life insurance, specifically, is where fraudsters will … call in pretending to be a policyholder,” Dewey said. After tricking the call center that they are the genuine policyholder, the scammer will take out a loan against the policy, or claim back some of the policy in cash.
“And a lot of times these things can go unnoticed for years, because how often do you really look at your life insurance policy? It happens a lot more frequently than we would think,” he explained.
With “social engineering”, the scammers will research a target customer and do background about where they live, where they went to school, their family connections, workplace, geography near their home – all things that can be searched online, but all things which might be asked in security questions over the phone. If a scammer is able to get most of these correct, then the call center operator may end up believing them.
In some phone systems, it is also possible for a fraudster to try and try again through an automated system until they have the answers they need, before moving on to a real phone operator.
“By far, the highest fraud rate of any single industry is seen in the device insurance sector,” the Pindrop report stated. “For companies that provide payments to consumers whose mobile phones are lost or stolen, one in every 194 calls is fraudulent. That rate increased 55% over 2015, when device insurance already had the highest phone fraud rate of any vertical.”
To counter the telephone fraudsters, companies should employ phone security technology, Dewey said. Phone security can feature voice recognition or, in the case of Pindrop’s system, “phone printing” – whereby the technology can identify a phone’s unique “audio signature”, and flag it in a register to tip off call centres to fraudsters on the line.
Phone security needs to be enhanced in line with cyber technology. Otherwise, Dewey said, “all that work that’s done on cyber threat prevention can be completely unwound with a single phone call”.
Related stories:
Bank offers cyber insurance, covers wire transfer fraud
Why auto insurance agents are still needed in the digital age