From “Project Whiplash,” a Toronto car insurance scam that involved 77 staged accidents and a sophisticated ring of conspirators, to scammers who attempt to collect a claim on a phantom vehicle, incidents involving insurance fraud are rising—and they are not cheap. Today, the FBI estimates insurance fraud costs the average family $400 to $700 a year in the form of increased premiums.
While auto and property insurers are exploring the use of artificial intelligence to spot fraudulent claims before they are processed, there is one area where insurers are increasingly vulnerable to theft: payment fraud.
In 2017 alone, a record 78% of organizations experienced payment fraud, according to a survey by the Association for Finance Professionals (AFP) and J.P. Morgan. The biggest source of payment fraud is check fraud, cited by 74% of organizations surveyed.
For insurance companies, it may be a sign that they need to move away from paper-based payment and adopt electronic payment of claims.
Alternatives to Paper Payment
Why are paper-based checks such a high target for fraud? For one thing, paper-based checks are easy to forge, whether by forging the signature on the front of the check or the endorsement on the back. It is also fairly simple to create a counterfeit check or to alter the amount of the check or the name of the payee.
Some companies use positive pay, a fraud detection tool that automatically matches checks presented for payment with the company’s list of issued payments. It is an important step to take, but the wide net cast by scammers trying to divert paper-based payment from its rightful source calls for additional solutions.
Electronic funds transfer (EFT) eliminates paper-based check fraud and the headaches associated with it. It provides greater convenience for policyholders and other parties, such as auto shops, towing companies, window glass suppliers and health care providers, and results in faster receipt of payments. The most common form of EFT is an automated clearinghouse (ACH) payment.
Another e-payment option beginning to take hold in the insurance industry is virtual cards. Virtual cards are widely used by other industries, with total spend for business-to-business transactions expected to reach $377 billion this year. Virtual cards support faster reconciliation of payment because claims remittance data can be sent alongside the payment, reducing time spent on administrative activities by staff.
Virtual cards are loaded only with the amount of the payment, further easing reconciliation efforts and eliminating fraud. Unlike ACH, no enrollment is required to accept virtual card payments, which means service providers do not have to share sensitive bank information to receive payment. And since virtual card payments can also include the remittance advice with each transaction, the impact on administrative efficiency for service providers is steep.
The use of e-payments when paying policyholders directly, and in multiparty payment situations, is also increasing. New applications—typically compatible with mobile devices—enable payees to each choose their preferred method of payment. For policyholders and claimants, the benefits include convenience, faster payment, and an improved claim payment experience, with mobile communication the instant a payment is available. With electronic endorsements of multiparty payments, service providers gain immediacy of payment, increasing their satisfaction with the insurance company. Meanwhile, electronic multiparty payments eliminate the costs of paper checks and reduce customer service calls related to claim payments.
Creating an Electronic Defense
Defending your organization against payment fraud is not just a matter of protecting revenue and sensitive data. It is also an important step toward protecting your company’s reputation. A KPMG survey found 33% of consumers would stop making purchases from a company for at least three months after a cybersecurity attack.
There are three strategies companies should consider in making the move toward electronic claims payment:
1. Pay attention to security credentials. Payment providers need to demonstrate their commitment to cybersecurity by obtaining and maintaining the relevant credentials and certifications.These certifications offer assurance that the claim payment processor has invested in the training, tools and resources needed to maintain the highest levels of security and compliance protocols for electronic payment and more:
- Payment Card Industry (PCI) Security Standards certification, which supports protection for sensitive payment card information and is critical in an era of digital transactions as well as in-office payment
- Service Organization Control (SOC) 1 and 2 compliance, which focuses on financial audit controls (SOC 1) and operations and compliance controls (SOC 2)
- NACHA Certified, which is a voluntary accreditation program for third-party senders and those that send automated clearinghouse (ACH) payments that includes a solid risk and compliance program, stability, sound governance and strong core ACH practices
2. Assess third-party providers’ cybersecurity risk. Ask for proof that penetration tests and vulnerability scans have been performed—and request a copy of the results. It is also important that any third-party vendor and its subvendors complete an annual IT security questionnaire. Answers should be reviewed by your IT specialists or an outside firm to gauge the level of cybersecurity risk the vendor presents and critical issues should be addressed before work begins.
3. Evaluate the vendor’s business continuity and disaster recovery strategy. Just as customers experience disasters that can temporarily disconnect them from critical information, so can claim payment processors—unless the right protocols have been established in advance. Ask the vendor to share the investments it has made to ensure data will be protected and available to your company at all times in the event of a disaster of any type. It is also important to ask:
- What investments has the vendor made in data backup capabilities—and how do these investments align with industry best practices?
- Is all sensitive information managed onshore, or will overseas personnel have access to the information as well?
- Is sensitive information encrypted in transit as well as at rest?
Across the nation, organizations of all types are experiencing an uptick in payment fraud—especially check fraud. Selecting a payment approach that both increases customer satisfaction and protects dollars and data from theft is an important step toward mitigating risk.