How insurers can tell real online consumers from fake ones

Being able to quickly identify a “true” customer compared to a synthetic identity created by a cybercriminal can help insurers tailor offerings to the right customers early in the account creation process, a security engineer said Friday.

“If you know it’s a form of automation… then what you can do is put some blockages in there to prevent that automation from trying to commit fraud,” said Don Duncan, security engineer with NuData Security in Vancouver. He used the example of an “application speed bump” or a captcha program designed to distinguish between human and machine input.

“If you know it’s a human… then make the experience as pleasant as possible and allow them to enter the information they have during that account creation process so that they can do what they need to do very quickly.” This allows a broker to quickly engage with that client and to start positioning appropriate services, Duncan said.

He spoke to Canadian Underwriter in advance of the Retail Secure Conference on Sept. 20 in Mississauga, Ont., where he will be presenting on the state of ecommerce losses.

Duncan said cybercriminals are using machines to create fake accounts in bulk and then using them to commit fraud. For example, a fraudster may create a digital synthetic identity to establish an “online reputation” and a credit rating. Then, they will take this credit rating to create fraud on another site. Or they may create an account to “initiate some type of transaction from a claims process to commit that fraud.”

Companies like NuData Security can look at various data points – such as if a person is long pressing or short pressing, if they are using their left or right hand and how they are holding the device – and across multiple interfaces. They can then provide that information to an insurer to allow them to make an educated decision as to whether the user is a real person or a fraudster.

“You may not recognize somebody right off the bat, but as you engage with them more and more, you start to build similarities with them and a comfort level,” Duncan said. “And based on that you can determine the level of risk.”

Last year, NuData looked at all accounts created by its data customers and found 36% of new accounts being created were fake. “Do you really know who you’re dealing with behind the device because you’re not seeing that person face-to-face?” Duncan asked.

“Being able to identify and validate that user very quickly in the engagement cycle as that account is being created allows you to determine how are you going to engage with them going forward.”