Insurers that embrace OSINT throughout the policy lifecycle stand to reap the rewards through a less risky book of business

With the advent of newer and more sophisticated fraud techniques, it’s becoming harder and harder for insurers to avoid risk in their book of business. These methods are designed to circumvent traditional due diligence; insurers must embrace new practices and technologies such as open-source intelligence (OSINT) throughout the policy life-cycle, to reap the rewards of a better and more profitable book of business in the future.

Perhaps the best (or worst) example of this new wave of fraud, is synthetic identity fraud, a growing and significant threat: not just in the UK, but globally. Identified in 2023 by KPMG as the fastest-growing financial crime in the United States, it costs their banks $6bn. If you’re not aware of it already, you soon will be.

It involves the combination of genuine and false personal information such as names, addresses and other personal data to create new identities. This commonly pieces together multiple items of information stolen from many individuals. The resultant false identities are then used with the aim of applying for credit cards and other fraudulent accounts. Creating an identity which blends the true with the false formulates a persona which doesn’t exist but has the hallmarks of a real person. It’s these elements of truth that make it hard to detect for traditional due diligence processes, but this is also why it’s vulnerable to OSINT-based techniques, more on that later.

So far, this type of fraud has predominantly targeted financial services, commonly banks and credit providers. However, insurance providers are also vulnerable and increasingly under threat – with persons looking to falsify aspects of their policies to obtain cheaper quotes and premiums. As well as the obvious monetary risk losses associated with this type of fraud, there’s also the time wasted in trying to track down an individual who doesn’t really exist. It is important that insurers take steps to harden their processes against this type of fraud.

But how can this type of fraud be detected and future proofed against? One way to augment your companies’ due diligence is by using contact details to make further open-source verification as to whether a person is real or false. OSINT has been expanding rapidly over recent years, and there are more and more players in the space developing exciting and powerful products. Insurers have gotten used to using bureau type data solutions to quote on policies, tighten their book of business and ultimately to try and avoid becoming the victims of fraud. Sadly, we aren’t privy to what all insurers are exploring, but there is certainly a lot that’s possible in terms of enriching this bureau style data with OSINT, and insurers are starting to wake up to it.

Identity verification solutions are already well established, but these can be taken further by making it common practice to quickly establish whether the provided details connect to genuine online profiles. It’s very quick and easy now to rapidly check if an email is registered with an account on hundreds of social platforms and apps that most people use every day, and in what name they’re registered. Obviously, this can make an identity verification process much more robust.

These methods can be developed further for the more adventurous(!), and again relatively easily. In the same way that we expect to be able to ‘validate’ an identity by quickly seeing the contact details link to social accounts matching the name provided, the absence of any of these social accounts should be a huge red flag, or potentially just a big old Jolly Roger.

OSINT as a sector and discipline is here and it’s flying. On the underwriting side, the challenge will be to develop extremely rapid solutions for real time intelligence on the huge quantities of quotes that are generated – but these kinds of solutions are available already and improving all the time. On a case-by-case examination of a policy risk, or later at claims stage, there is much more that’s possible with OSINT, and it’s all worth exploring. Insurers that are open to exploring OSINT will reap the rewards from a lower risk book of business that drives the bottom line, without being overly complicated or expensive.