Privacy-Enhanced Fraud Detection

Background

Insurers lose an estimated $80 billion USD to fraud every year so it’s not surprising that the global fraud detection and prevention market, currently valued at $17 billion USD, is expected to more than triple in size by 2025.

Increased spending on existing technologies, however, does not provide a guaranteed fix for all types of insurance fraud schemes. For example, state-of-the art AI and machine learning software solutions that query and analyze siloed business data have limited utility when trying to identify specific activities, such as application and duplicate claims fraud, that can only be spotted through cross-organizational data sharing.

Data Privacy Risks

Insurance companies currently have limited options when it comes to identifying fraud attributed to the intentional omission or misrepresentation of information on policy applications, or to duplicate claims submitted by a policyholder seeking reimbursements that exceed their out-of-pocket expenses. Investigations into this type of fraud currently require insurers to either share sensitive business data amongst themselves, or rely on a trusted third party to centrally store, manage and analyze sensitive business data. Both of these options are problematic from a regulatory and security perspective.

In the first scenario, insurers who share sensitive applications and claims data may be operating in a legal grey area and, in some countries, this is a clear violation of privacy protection laws. In addition, sharing raw data for collaborative analyses exposes businesses to significant risk, particularly when competitors are able to view sensitive business information belonging to other members of their ecosystem. In the case of using a trusted third-party to aggregate and analyze insurance records, centrally stored data remains highly vulnerable to hacks, leaks and other damaging exploits – a particularly scary prospect considering that 6 in 10 companies dealt with a data breach over the past three years.

How can insurance providers collaboratively identify fraud and simultaneously comply with data privacy regulations?

How can insurers share insights about their claims and application data to identify fraud without violating data privacy protection laws and still protect their confidential business records?

HomeFraud Detection

Solution Description

QEDIT provides a cross-organizational fraud detection service using a cryptographically-secure technique called ‘private set intersection’ to help insurers identify instances of fraud similar to the scenarios described above. At its core, private set intersection allows parties to compare two or more data sets and identify matching elements within the sets without revealing any information about the data, except for the fact that certain elements intersect.

As insurers process incoming applications or claims, they are able to use their QEDIT web console or API to upload cryptographic commitments about specific, preselected line items from the corresponding documents such as the applicant’s/claimant’s name, the date and value on an invoice, or answers to certain background questions on an application. These commitments are generated by one-way functions that cannot be decrypted to reveal the original data. Private, proprietary data never leaves the insurer’s network and the cryptographic commitments stored by QEDIT are safe from hacks, leaks, and brute force attacks.

Once the cryptographic commitments are uploaded, they are instantly scanned for discrepancies on applications and matching claims. If fraudulent activity is detected, the accounts are flagged and the relevant insurance providers receive a notification so they can take action in accordance with their risk management policies. Insurers using QEDIT are able to identify instances of fraud that are only detectable in a collaborative setting, and they’re able to do so while preserving the privacy of users and remaining compliant with data privacy regulations.