Privacy-Enhanced Fraud Detection

Background

Insurers lose an estimated $80 billion USD to fraud every year so it’s not surprising that the global fraud detection and prevention market, currently valued at $17 billion USD, is expected to more than triple in size by 2025.

Increased spending on existing technologies, however, does not provide a guaranteed fix for all types of insurance fraud schemes. For example, state-of-the art AI and machine learning software solutions that query and analyze siloed business data have limited utility when trying to identify specific activities, such as duplicate claims fraud, that can only be spotted through cross-organizational data sharing.

Data Privacy Risks

Insurance companies currently have limited options when it comes to identifying fraud attributed to duplicate claims submitted by a policyholder seeking reimbursements that exceed their out-of-pocket expenses. Investigations into this type of fraud currently require insurers to either share sensitive business data amongst themselves, or rely on a trusted third party to centrally store, manage and analyze sensitive business data. Both of these options are problematic from a regulatory and security perspective.

In the first scenario, insurers who share sensitive claims data may be operating in a legal grey area and, in some countries, this is a clear violation of privacy protection laws. In addition, sharing raw data for collaborative analyses exposes businesses to significant risk, particularly when competitors are able to view sensitive business information belonging to other members of their ecosystem. In the case of using a trusted third-party to aggregate and analyze insurance claims, centrally stored data remains highly vulnerable to hacks, leaks and other damaging exploits – a particularly scary prospect considering that 6 in 10 companies dealt with a data breach over the past three years.

How can insurance providers collaboratively identify fraud and simultaneously comply with data privacy regulations?

How can insurers share insights about their claims data to identify fraud without violating data privacy protection laws and still protect their confidential business records?

HomeFraud Detection

Solution Description

QEDIT provides a cross-organizational fraud detection service using a cryptographically-secure technique called ‘private set intersection’ to help insurers identify instances of fraud similar to the scenarios described above. At its core, private set intersection allows parties to compare two or more data sets and identify matching elements within the sets without revealing any information about the data, except for the fact that certain elements intersect.

Secured hashes of data derived from insurance claims are uploaded to QEDIT via a web console or API. These commitments are generated by one-way functions that cannot be decrypted to reveal the original data. Private, proprietary data never leaves the insurer’s network and the cryptographic commitments stored by QEDIT are safe from hacks, leaks, and brute force attacks.

Once the cryptographic commitments are uploaded, they are instantly scanned for matching claims. If fraudulent activity is detected, the account is flagged and the relevant insurance providers receive a notification so they can take action in accordance with their risk management policies. Insurers using QEDIT are able to identify instances of fraud that are only detectable in a collaborative setting, and they’re able to do so while preserving the privacy of users and remaining compliant with data privacy regulations.