“We were stopping their devices online, so they began coming through our call center. They knew we couldn’t track them when they called in. Once we figured that out, we made a small change to our e-fulfillment process that cut our fraud rate by 30-40%.”
Meet Matt Gilham, Head of Financial Crime at esure, one of the UK’s leading providers of motor and home insurance products. Just like other UK insurers today, esure gets the majority of its new policy applications through insurance aggregation websites like Gocompare.com (Goco). The rise of digital applications for insurance policies brought with it an increasing number of bad policies. That led Gilham to add device recognition to his fraud-fighting stack in late 2013.
“Originally, the intention was to run a 75-day proof of concept with iovation, but within the first fortnight we had doubled our fraud detection,” Gilham recalls. “Although we were in the middle of our budget cycle, I approached my executives saying ‘we can't switch this off, please can I have some additional budget?’’
Increase the cost to commit fraud
Since that proof of concept, esure has continuously raised their guard against fraudsters without impacting the experience for its legitimate customers. The opportunists have gone elsewhere, but the better-organised and -funded rings have increased the sophistication of their tactics.
When esure added real-time blocking of devices applying for motor insurance on their site, the fraudsters turned to the aggregators to solicit quotes and submit applications. Then, esure and Goco – another iovation user – teamed up to create business rules that stopped bad devices from viewing esure’s policy quotes on the aggregator’s site. esure enjoyed a lull in its fraud rate for months after each change. But the fraudsters would not go away.
Over the phone, synthetic identities would be denied by esure’s identity and financial stress scoring services, but the stolen Personal Data of a reputable victim would slip through. As soon as the call center agent incepted the policy, the fraudster would receive an automatic email with a link to download the policy documents. Then, it was just a matter of time before a bad claim or a distraught ghost-broking victim would follow. “When we began to investigate, I remember one case in particular where we saw the same device downloading 50, 60, 70 different policies,” Gilham marvels. “All in different people's names, all after having transacted through the call center.”
ID checks pass. Device checks deny.
While the fraudsters could change the ways they applied for esure’s policies, and use stolen PII to pass identity checks, they were still reliant on an Internet-connected device to conduct their business. That single point in the process remains fraudsters’ weakness; thanks to iovation.
iovation's device recognition technology uses thousands of permutations of device attributes to identify a device instantly and continue to recognise it over time. (Coincidentally, this feature complements the GDPR’s mandates for data minimisation and privacy by design.).
When any of iovation’s 4,000-plus Community of users encounters fraud from a device visiting their site, they place specific evidence of fraud against the device in iovation’s database of over 5 billion devices, the world’s richest.
Every anti-fraud professional involved is intrinsically motivated to add the highest quality of evidence to iovation’s 55 million reports of fraud and abuse.
“The evidence from iovation’s Intelligence Center helps my investigators to confirm their suspicions about the devices associated with dubious policies or claims,” says Gilham.
With more than 40 evidence types to choose from – ranging from reports placed against a device to technical anomalies like Tor nodes and proxy servers – Gilham and his team can create endless combinations of compound rules to sharpen their transaction decisioning process. Rules can be tuned in real time for immediate and precise control over how each visiting device will be treated.
“Back in 2013 iovation was the standout option,” Gilham explains. “That hasn’t changed. The unique device ID allows us to identify and monitor suspect devices and accounts with exquisite precision. We get more value out of iovation's Intelligence Center with every insurer that joins. Most critically, we can quickly adapt our implementation of iovation as fraudsters shift their tactics.”
Closing loophole cuts fraud rate by more than 40%
After discovering the ‘call center loophole’ that fraudsters were exploiting, esure created a portal for customers’ documents. This was a convenient, secure place for honest customers to access and store their documents in the cloud. For fraudsters, it was the end of the line. If they tried to register an account or log in with a hot device, iovation’s business rules stopped them cold.
“Since we began blocking bad devices at the portal, our fraud rate has decreased by a solid 40%. It’s somewhat counterintuitive, but we've seen a drastic reduction of telephony fraud due to having iovation on the web,” says Gilham. That decline brings a cascade of benefits to esure; “We get more value from our acquisition and onboarding efforts. Our manual review process is more productive. And we have fewer suspect claims to investigate.”