Something that looks like fraud, sounds like fraud and tastes like fraud still might not actually be fraud. The reality is that identifying and fighting insurance fraud gets harder by the day.
Sophisticated state actors and fraud amateurs alike have access to both an abundance of personal data and powerful AI tools. The market has responded by creating specific insurance products and identity theft services to protect us from the dark side of a digitally enabled planet. Such novel protection services continue to grow in popularity.
When will you get hacked?
Cognitive Market Research estimates the global identity theft insurance market at around $715 million in 2024, expected to grow to a 15% CAGR by 2031. This market breaks down by North America 40% revenue, Europe 30%, Asia Pacific 23%, and all other markets making up the remainder.
The global identity theft protection services market will grow to about $24 billion in 2029 at a CAGR of 13% which includes continuous or “always-on” 24/7 monitoring bundled with recovery services. Such vigilance seems necessary when 39% of UK companies report they’ve experienced a cyber-attack (2022) – and in just the first half of 2022, more than 53 million US individuals were impacted by cybercrime.
It's not a matter of if you get hacked, but when. This certainly can make transacting insurance business online tenuous for insurers who can’t distinguish between the malicious and the bona fide.
The deep state – and tasty targets
A breach in early 2024 allegedly exposed 170 million people’s personal data in the US, UK and Canada. This represents 2.9 billion records that included:
- Full names.
- Social Security numbers or National ID numbers.
- Mailing addresses.
- Email addresses.
- Phone numbers.
All are fields used for multifactor authentication and account recovery, new policy applications or claim settlements. Surprisingly, the techniques used in attacks like this can be rather basic – even when the bad actors are sophisticated.
As one account details, a group known as Midnight Blizzard used a “password spray” tactic – using common words – to eventually gain access to executive emails and documents.

Once hackers illicitly obtain data, they do not necessarily take over an account or attempt to gain entry. They can (and sometimes do) hold organizations hostage or threaten to release their data. In one instance, the threat involved a $22 million demand in cryptocurrency, and patient photos were released online.
Since some insurers have Scrooge McDuck Money Bin levels of data, they can be tasty targets.
Consider life insurers. Their policies can be assigned, grow substantial cash value, or be surrendered. Life insurers not only have to secure their data – they need to be prepared to fight fraud hand-to-hand, one transaction at a time.
Citizen fraudsters
Everything a person would need to falsify documentation, stage an accident, file a claim or secure a policy is available and easily accessible from behind a computer screen. How has this shaped the face of fraud in recent times?
- Using AI deepfakes, it’s possible to create (in a matter of seconds) a fake car accident scene – which appears to be a credible image at first glance.
- ChatGPT and other large language models (LLMs) can create incredibly convincing communications instantly. One customer in India faked her death – twice – reportedly having insurance policies with at least five different carriers, and successfully defrauding two insurers with fake documents.
- Even a cursory Google search turns up advertisements for creating fake death certificates using AI.
Account takeover (ATO) continues to grow in popularity among bad actors. Life insurance is a prime candidate for this type of fraud since life insurance policies build value and cash withdrawals can be made.
In a 2023 FraudShare report, the Life Insurance Marketing and Research Association (LIMRA) found that life insurance ATO incidents are up 25% over the prior year. The success rate of attacking a customer portal is 72%. The average account target value is more than $300 thousand. Horrifyingly, the average detection time is almost seven days.
With AI, committing fraud is easier than ever.
A better bitcoin (and the potential of cryptocurrency)
Cryptocurrency may seem to be the bane of financial institutes for its anonymity, decentralization and launderability, but it just might be one answer to the increasingly difficult war on fraud.
The need for sentiment analysis, identity authentication and entity resolution have never been greater. Claims payments can be made via blockchain technologies. The immutability of a distributed ledger could help tamp down on account takeover attacks. The same underlying peer-to-peer validation of records and transactions that power crypto can be used to secure the business of insurance in the digital realm.
Brazil, for example, has adopted an Open Insurance Initiative (OPIN). Its smart contracts, powered by blockchain technology, may hold the key to the country’s aspirations for a unified, interoperable and secure insurance ecosystem. Such contracts have clear applications for “know your customer,” fraud prevention and anti-money laundering activities.
The bottom line: Don’t bring business rules to an AI fight
In its anti-fraud technology study by SAS and the Association of Certified Fraud Examiners (ACFE), automated business rules and anomaly detection/exception are most cited by 81% and 62% of insurers to detect fraud. Only 24% are using AI or machine learning. Every insurer must have an identity-proofing strategy leveraging machine learning.
The ability to learn from patterns, make decisions and thwart AI-powered attacks in seconds represents tremendous value.
The same study notes that 8 of 10 insurers indicate poor data quality or integration as a primary obstacle to implementing AI tools. Data sources that include device biometrics, public records, account details and more are available, often through consortiums with pooled data about known scams or criminal enterprises. These data sources can help feed an enterprise-wide fraud strategy.
Ultimately, insurance is a business of trust, with insurers the stewards of every policyholder’s data. And make no mistake – platform choice matters.