Transactional Insurance Fraud Threats

Preview:

Citation preview

2015 Pindrop Security™. Confidential.

TRANSACTIONAL INSURANCE FRAUD THREATS

Matt Garland, Vice President of ResearchPindrop SecurityAugust 26, 2015

2015 Pindrop Security™. Confidential.

NOTE

These slides are from a webinar held August 26,

2015.

You may view a recording of the webinar at

www.pindropsecurity.com/webcast-archive

2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.

Physical

THE PHONE IS THE WEAKEST LINK

1995 2010

2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.

Physical Online

THE PHONE IS THE WEAKEST LINK

1995 2010

2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.

Physical PhoneOnline

THE PHONE IS THE WEAKEST LINK

1995 2010

2015 Pindrop Security™. Confidential.

PHONE VULNERABILITIES

2015 Pindrop Security™. Confidential.

CUSTOMER SERVICE REPRESENTATIVES

• Human Element• Social Engineering• Focused on customer

service

2015 Pindrop Security™. Confidential.

KNOWLEDGE BASED AUTHENTICATION

• Social Media• Online Black Markets• Data Breaches• High Failure Rates (15-

15%)

2015 Pindrop Security™. Confidential.

CALLER ID / ANI

• Easy and cheap to spoof caller ID and ANI

2015 Pindrop Security™. Confidential.

VOICE BIOMETRICS

• Voice Distortion• Background Noise• Call Quality• Enrollment• Privacy Issues

2015 Pindrop Security™. Confidential.

THE GROWTH OF PHONE FRAUD

2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.

RISING PHONE FRAUD

2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.

PHONE FRAUD RATES

Avg. C

all C

enter

Banks

Brokera

ges

Credit C

ardReta

il

Mobile

Dev

ice In

suran

ce1 in 2200 1 in 2650 1 in 3000

1 in 900 1 in 1000

1 in 300

2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.

FRAUD EXPOSURE

Banks Brokerages Credit Card Mobile Device Insurance

$0

$2,000,000

$4,000,000

$6,000,000

$8,000,000

$10,000,000

$12,000,000

$14,000,000

$16,000,000

2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.

OTHER LOSSES

Reputational Risk

2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.

OTHER LOSSES

Customer Privacy /Data Breaches

Reputational Risk

2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.

OTHER LOSSES

Customer Privacy /Data Breaches

Customer ExperienceReputational Risk

2015 Pindrop Security™. Confidential.

PHONE FRAUD TECHNIQUES

2015 Pindrop Security™. Confidential.

PHONE FRAUD STEPS

Reconnaissance Account Takeover Fraud Triggers Monetize the Attack

2015 Pindrop Security™. Confidential.

PHONE FRAUD STEPS

Reconnaissance Account Takeover Fraud Triggers Monetize the Attack

2015 Pindrop Security™. Confidential.

PHONE FRAUD STEPS

Reconnaissance Account Takeover Fraud Triggers Monetize the Attack

2015 Pindrop Security™. Confidential.

PHONE FRAUD STEPS

Reconnaissance Account Takeover Fraud Triggers Monetize the Attack

2015 Pindrop Security™. Confidential.

RECONNAISSANCE

• Identify policy holders• Determine policy value• Collect KBA answers

2015 Pindrop Security™. Confidential.

ACCOUNT TAKEOVER

• Change contact information• Reset password• Setup online account

2015 Pindrop Security™. Confidential.

REDUCE FRAUD TRIGGERS

• Verification intercept

2015 Pindrop Security™. Confidential.

MONETIZING ATTACKS

• Loans or surrenders of policies

• Loans or liquidation of retirement accounts

• File fraudulent claims

2015 Pindrop Security™. Confidential.

DETECTING PHONE FRAUD

2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.

BEST PRACTICES

Track Phone Fraud

2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.

BEST PRACTICES

Track Phone Fraud Detect Phone Fraud

2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.

BEST PRACTICES

Track Phone Fraud Detect Phone Fraud Authenticate Callers

2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.

LOSS• Packet loss • Robotization • Dropped frames

SPECTRUM• Quantization • Frequency filters• Codec artifacts

NOISE• Clarity• Correlation • Signal-to-noise ratio

147 audio features

UniquePhone

Geo-Location Risk Factors

PHONEPRINTING™

Phoneprint™

Call AudioRequires 15 seconds

of call audio

Risk Score

Call Type

2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.

RISK BASED AUTHENTICATION

Quick verification of good calls reduces call

time and improves customer satisfaction

Bad callers are flagged and losses stopped

2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.

CONCLUSION

• The phone channel represents the weakest link for transactional fraud attempts

• Phone channel fraud is a significant and increasing risk for insurance providers

• Best Practices• Monitor and track fraud back to phone channel• Use PhoneprintingTM to detect phone fraud• Implement risk-based authentication

2015 Pindrop Security™. Confidential.

PINDROP SECURITYPhone Fraud Stops Here.

For more information contact info@pindropsecurity.com

Recommended