Insurance fraud has been around since the dawn of the insurance policy, largely due to its reliance on the honor system. It’s fairly easy to file and process a fabricated claim—just a matter of filling out paperwork online, really. While there are certainly some checks and balances in the claim investigation process, there are often too many variables to make a conclusive determination of a claim’s legitimacy, and with an ever increasing number of policies being created online, the insurance industry needs to take added precautions against fraudsters.

PostOnline.co.uk reports, “Insurers can use indicators and experience of fraud awareness techniques to identify patterns and they are more aware of the possibilities of fraud and exposure they have in the fleet side of the business, but we can’t be complacent.”

According to Damian Ward, head of the fraud team at law firm Halliwells, a more sophisticated variety of fraud involving criminal gangs has been a problem within the industry for quite a while. Ward says fraudsters take advantage of the ease with which motor insurance may be obtained. “With the internet, there is little underwriting control and it is easier for people to set up false policies and claims.”

Insurance fraud investigators may not know what many in the financial, retail and banking sectors are already aware of, which is that the digital devices being used to file claims can be identified as collaborators in a larger conspiracy. Once these PCs, laptops, Macs, tablets, or smartphone are “fingerprinted” and their reputations are established, investigators can begin putting together the pieces of the puzzle in order to take down a criminal enterprise.

ReputationManager 360, by iovation Inc., can re-recognize devices and share the reputation of those devices, plus assess transaction risk in real-time for insurance companies. Hundreds of online businesses use this software-as-service to detect fraud upfront, reduce financial losses and protect their brand reputation.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

All over the world, insurance fraud equates to a multi-billion dollar issue. The Guardian reports that in the United Kingdom, “insurance fraud [has] been on the rise since the recession began. Figures to be published by the Association of British Insurers (ABI) are expected to show that these are still on the rise. As it is, the ABI puts the total cost to the industry of undetected general insurance claims fraud at £2bn per year. This adds around £40 a year to the insurance premiums paid by all policyholders.”

Much of this increase is said to be due to the involvement of organized criminals. The most common fraud technique is known as a “crash for cash” scam, in which criminals slam on their brakes in order to cause an accident with the car behind them, leaving the victim’s insurance on the hook for the cost of damages.

One way of minimizing fraud is to stop organized criminals from transacting with a business over the Internet. Online insurance, retail, gaming, and even dating sites can weed out risky accounts based on devices’ reputations using iovation’s device identification service. When PCs, Macs, tablets, or smartphones collude, a pattern can be detected and fraud can be prevented.

By utilizing iovation’s fraud detection service, insurance companies can not only recognize high-risk devices responsible for creating fraudulent online policies, but also avoid paying for frequent “crash for cash” scams and help to reduce the rise in premiums for honest policyholders.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

The insurance industry is thoroughly regulated, with numerous checks and balances. In the United Kingdom, however, scammers are able to pose as insurance brokers—or “Ghost Brokers”—offering significantly cheaper insurance than legitimate insurance firms.

The Telegraph reports, “The multi-million pound scam is operated by fraudsters who target drivers who are economising and looking for cheaper motor insurance deals. These motorists are likely to be vulnerable pensioners, young drivers struggling with soaring premiums and those living within communities where English is a second language.” (more…)

Insurance is intended to have your back in the event that something goes wrong, but some individuals have found loopholes in the system, effectively turning insurance companies into their own personal banks. These scammers have long been known to engage in “slip and falls,” claiming “whiplash,” and engaging in elaborate scams that can take years to uncover and cost insurance companies millions.

Auto insurance scams are some of the most prevalent in the insurance industry, allowing fraudsters to easily obtain policies and take advantage of the “he said, she said” nature of auto accidents.

Here are five major scams plaguing the industry:

1. Ghost brokers: Even in such a heavily regulated industry, scammers are able to pose as legitimate insurance agents, offering steep discounts on consumer policies that are, in fact, worthless. (more…)

Insurance companies, like banks and retailers, are forced to deal with a wide spectrum of fraud, which costs the industry and its customers billions of dollars each year. According to the Insurance Fraud Bureau, “Undetected general insurance claims fraud total £1.9billion a year adding on average £44 to the annual costs individual policyholders face, on average, each year.”

Savvy criminals who perpetrate insurance fraud have learned to mask their true identities when setting up policies online, regularly changing account information to circumvent conventional methods of fraud detection. Now, more than ever, insurance companies need to be wary of these schemes from the onset and deploy effective solutions to analyze information beyond that supplied by users.

By initiating the application process with a device reputation check provided by iovation Inc., insurance companies can stop fraud before it happens and avoid further checks and fees when a device is known to be associated with identity theft and other frauds.   (more…)

Experian Fraud Director Chris Ryan addressed five major questions about compliance with the FFIEC’s recent guidance on banking authentication. What follows are his responses, summarized:

• What does “layered security” actually mean?

“‘Layered security’ refers to the arrangement of fraud tools in a sequential fashion. A layered approach starts with the most simple, benign and unobtrusive methods of authentication and progresses toward more stringent controls as the activity unfolds and the risk increases.”

• What does “multi-factor” authentication actually mean?

“A simple example of multi-factor authentication is the use of a debit card at an ATM machine. The plastic debit card is an item that you must physically possess to withdraw cash, but the transaction also requires the PIN number to complete the transaction. The card is one factor, the PIN is a second. The two combine to deliver a multi-factor authentication.”   (more…)

As banking applications evolve, common attacks on banks are becoming correspondingly more sophisticated. Small businesses, municipalities, and moneyed individuals are often targeted for obvious reasons: they have hundreds of thousands of dollars, if not a few million, in the bank, but their security is often no more effective than that of an average American household.

The Federal Financial Institutions Examination Council’s (FFIEC) updated security guidelines go into effect in less than a month. It is imperative that financial institutions recognize that the security precautions currently in place are ineffective in the face of new, more sophisticated attacks. Criminals have gotten around the minor hurdles posed by the tools being used to authenticate clients and prevent unauthorized transactions.

Basic multifactor authentication may be relatively effective for bank accounts that generally contain only enough to pay a month’s worth of bills. But high value accounts are more prone to attacks, and require additional levels of security. Ultimately, what is most important is that a security program includes multiple layers of protection rather than relying on a single mechanism of defense. (more…)

A California supermarket chain recently sent letters informing customers that a security breach had been discovered at 20 of their stores. The breach notification letter released by Lucky Supermarkets reads, in part:

“Dear Lucky Customer:

In the course of regular store maintenance, we discovered our credit/debit card readers at the self-check lanes ONLY in 20 stores (listed below) had been tampered with. Steps were taken immediately to remove the tampered card readers in the affected stores, as well as enhance security to every credit/debit card reader in all 234 stores in our company. We are not aware nor have we been notified of any reports that customer accounts were compromised.”

The “tampering” referenced in this letter has been described as skimming, which occurs when a separate piece of hardware is affixed to an ATM or point-of-sale terminal. The hardware is designed to blend in with the face of the machine and record card data whenever a card is swiped. Criminals either remove the skimming device later or retrieve data remotely via wireless Bluetooth or mobile SMS.  (more…)

iovation is the leader in device reputation technology. They work to prevent all types of fraud and abuse on the Internet, including account takeovers, which occurs when your existing bank or credit card accounts are infiltrated and money is siphoned out. iovation also helps prevent new account fraud, which refers to financial identity theft in which the victim’s personal identifying information and good credit standing are used to create new accounts, which are then used to obtain products and services. Stolen Social Security numbers are often used to commit new account fraud.

During this year’s record-breaking Black Friday and Cyber Monday, iovation documented a significant rise in fraudulent transactions, which included account takeover attempts.

Their comparison of the two hottest shopping days of this year vs. last year found:

• 400% increase in the rate of fraudulent transactions on Black Friday (up from 1% to 4%)
• 25% increase in the rate of fraudulent transactions on Cyber Monday (up from 3% to 4%)
• 15% greater transaction volume on Cyber Monday compared to Black Friday
• 4% mobile fraud rate on both Black Friday and Cyber Monday.   (more…)

Every year at the Siciliano household, we have a holiday tradition based on the Italian Feast of the Seven Fishes, which is, as you probably guessed, a meal consisting entirely of fish. There’s lobster, mussels, clams, scallops, shrimp, smelt, and cod, all either fried or cooked in red sauce, spicy sauce, or white sauce. This year we’re dedicating our feast to “Miles for Miracles,” a fundraiser for Children’s Hospital Boston. I’ll be running the Boston Marathon this coming April in support of the cause.

Another of my holiday traditions is to expose the year’s phishing scams. The following examples come straight from my inbox or spam filter, and have been abbreviated to demonstrate the nature of the scam and specific hook being used.

1. This first phishing email appears to have been sent from LinkedIn, but the link that supposedly leads to the FDIC’s website is in fact a virus.

“From: LinkedIn linkedXXX@em.linkedin.com   (more…)

Fresh off the most successful Cyber Monday, which turned into a Cyber Week or even a Cyber Month, spanning from mid-November into December, marketers and advertisers are now positioning themselves for a 2012 Mobile Tuesday.

Forbes reports, “Consumers are going mobile in large numbers, and the 2011 holiday season proved it. IBM Coremetrics recently reported that consumers increased shopping on smartphones and tablets on Black Friday. Purchases made on mobile devices accounted for 9.8% of online sales, which is up 3.2% from last year. GSI announced a 254% increase in US mobile sales on Black Friday. PayPal Mobile announced a 516% increase in global mobile payment volume over last year, and eBay Mobile reported US purchases were nearly two and a half times what they were last year.” (more…)

The Washington Post reports that this holiday season, Cyber Monday expanded into an entire week of record-breaking online shopping. From Sunday, November 27 through Saturday, December 3, consumers spent nearly $6 billion over the Internet, a 15% increase over the same week in 2010. During the first 32 days of the November-December holiday season, online spending had already reached $18.7 billion, also a 15% increase from last year.

Which begs the question: when the dust settles, how much of this uptick in online sales will equate to online fraud? It is inevitable that some consumers will detect unauthorized charges on their credit and bank accounts, and many retailers will suffer high chargebacks.

Consumers should seek out and patronize businesses that implement a comprehensive, in-depth approach to protecting customers from identity theft and financial fraud. They should also check credit and banking statements carefully, scrutinize each and every charge, and call their bank or credit card company immediately to refute any unauthorized transactions.

Retailers should consider adding device identification technology to prevent more crime upfront before product ships and stolen credit cards are charged. This emerging technology examines the PC, smartphone, or tablet being used to conduct an online transaction in order to determine whether the device’s characteristics, behavior, and history indicate a high level of risk. The leading provider of device identification and device reputation services is iovation Inc. Take a look at iovation’s stats from Black Friday and Cyber Monday.

Fraud analysts from online retailers around the world interact with iovation’s database of device intelligence daily, and through sharing information and running real-time risk assessments, they block millions of online fraudulent attempts each year.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discussesCyber Monday on Fox Boston. Disclosures

Auction fraud refers to fraudulent transactions that take place through auction and classifieds websites.  Either a product advertised may be misrepresented by the seller or the items sold are never delivered at all.

This holiday season, as you seek out hard-to-find gifts and look for the best prices, keep in mind that not everyone out there on the wild, wild web has good intentions.

Auction sites are ground zero for scammers. It’s very easy to set up a free auction page from anywhere in the world, collect people’s money, and run.

Here are four tips to keep you safe when shopping through auction websites.

1. Use strong passwords: Use complex passwords that are hard to crack but easy to remember. Passwords should include upper and lowercase letters as well as numbers, and, if possible, other characters.
2. Look out for phishing emails: Any email that appears to have been sent from an auction site should be considered suspect. Certainly there are legitimate communications being sent by eBay and similar sites, but none of them should require a direct email response. To confirm that a communication is legitimate, always go to the website directly via your favorites menu, log into your account normally, and check your “My Messages” folder, rather than clicking any links within the email.

(more…)

My goal is to not enter a single mall this holiday season. If I can do the majority of my holiday shopping at trusted online retailers, and the rest at Costco, then I’ve done well. To me, malls seem to be places for people with lots of time on their hands to drive around looking for parking spots and then stand in line with other people who apparently all enjoy being annoyed by each other’s pushiness. But maybe that’s just me.

Keep safe and sane this holiday season:

1. Look for indications of online security. Depending on your browser, there may be an icon of a yellow lock at the top of the window, near the address bar, or at the bottom, near the taskbar. If the website is secure, the yellow lock should be closed. Some browsers use a color coding system, displaying red to indicate that a website is not secure and may potentially be infected, or green to indicate that it’s okay.  (more…)

Bad guys know perfectly well that when the online bargains begin after Thanksgiving, specifically, on the Monday after Thanksgiving, you will be providing your credit card number to retailers all over the world.

1. Go big. Do your online business with major retailers, or those you already know, like, and trust. The chances of a major online retailer stiffing you, or of their database being compromised, are slimmer than those of an unknown.

2. Do your homework. If you search for a particular product and wind up at an unfamiliar website, do some research on the retailer before putting down your credit card number. Search for the company’s name and web address to see if there have been complaints. (more…)