In series: first-party fraud: Indicator or prohibitor?


Insurers are increasingly looking at options to help prevent fraud at the front end. Credit checks are common when assessing the ability to pay but Jane Bernstein asks whether they could also help as a fraud indicator.

Credit rating checks can provide financial services firms with insight into whether customers can afford the financial commitment or monthly payments they are signing up for. But could credit data also help insurers predict whether a policyholder is more likely to commit fraud? In theory, it would certainly provide a valuable indicator — although, in practice, insurers would need to tread carefully through privacy laws and potential objections from customers.

As anti-fraud strategies increasingly focus on the underwriting and quote stage, rather than just relying on identifying fraudulent claims, it is certainly worth asking whether analyses of credit data could become an important tool in the insurer's armory. This can, however, be a dilemma that raises more questions than it answers.

In particular, insurers would need to be aware of the limitations inherent in using customers' credit data. Roger Bescoby, group sales director at Brownsword Group, believes that: "Sadly, the data protection laws in the UK hinder — or can even legally prevent — some of the checks that perhaps should be made."

For those insurers looking to be more innovative in fighting fraud at the underwriting stage, this can, of course, be frustrating. "It absolutely makes sense to carry out more screening at the front end," asserts Mr Bescoby. "We are facing more fraud than ever, but in some ways we have to fight it with one hand tied behind our backs."

Cautious over credit
Insurers need to be cautious when taking credit information into account. Andy Bord, managing director of Frontline, part of the BGL Group, summarises some of the issues at stake: "The principles of reciprocity around the use of credit data state that data is shared only for the prevention of over-commitment, bad debt, fraud, money laundering and to support debt recovery and debtor tracing.†As a result insurers are unable to use credit scoring as part of their underwriting process at policy inception. However, there may be an opportunity to use†credit checking, along with other data points, to verify customer details at point of sale with a view to preventing future fraud."

According to a spokesman for the Information Commissioner's Office: "Under the Data Protection Act, insurance companies may carry out credit checks on their customers as long as they are able to demonstrate that they are only collecting the information for a specific purpose, and that they are processing the information fairly with the knowledge of the individual concerned."

Asked to expand on the concept of 'specific purpose', the spokesman responds: "It would come back to the issue of fair processing and whether the insurance company could demonstrate that it is fulfilling this obligation under the Act. There would also be a number of other factors that might come into play including whether the insurer's actions were in line with any agreements signed between themselves and the credit reference agency, and what the customer has previously agreed to through the insurer's terms and conditions."

The ICO spokesman adds that the insurance company must remain compliant with the Data Protection Act throughout the processing and handling of this information.

Data protection - looking after the information you hold
If you hold and process information about your clients, employees or suppliers, you are legally obliged to protect that information. Under the Data Protection Act, you must:
• Only collect information that you need for a specific purpose;
• Keep it secure;
• Ensure it is relevant and up-to-date;
• Only hold as much as you need, and only for as long as you need it; and
• Allow the subject of the information to see it on request.

Good information handling makes good business sense, and provides a range of benefits. You will enhance your organisation's reputation, increase customer and employee confidence, and by ensuring that the information is accurate, save both time and money.

If data protection was no object, and assuming privacy laws and regulations were complied with, would insurers, in fact, be in favour of using credit data far more extensively to predict potentially fraudulent customers? There are mixed views among industry experts regarding the benefits a detailed credit check would provide.

David Hicks, insurance partner and head of forensic insurance for KPMG, concedes that, theoretically, there is a correlation between fraud and financial circumstances and points out banks use credit scoring extensively from a credit risk perspective. But he does not believe this is a magic bullet in the battle against fraud.

Andy Pagett, Groupama's counter-fraud manager, recognises: "The ability to highlight financial pressures on an individual, as well as a potential history of deception against other industries, would provide a valuable indicator, both at the front end — the underwriting stage — and at the claims stage."

He emphasises, however, that it would be very unwise for an insurer to consider credit rating in isolation as a reason to decline a customer's application. "Financial stress is only one indicator in the overall assessment of the risk," he asserts.

One part of the whole
In fact, there is widespread consensus that credit data analysis would have to be viewed as only one part of a wide-ranging score card of fraud indicators. Gary Humphreys, group underwriting director at Markerstudy, agrees while credit data could be a part of the useful information gathered when assessing risk, it would not be definitive if used in isolation.

He explains it is not insurers' intention to deny insurance protection to those who are less fortunate financially, only to deny it to those who intend to use the policy for fraudulent or criminal activity, regardless of their financial standing.

Quite apart from the regulations and data protection implications, insurers tend to recognise that any information on a customer's financial situation would have to be treated with care.

Steve Phillips, head of fraud services at Legal & General's insurance business, comments: "It would be wrong to assume that just because someone has financial difficulties, they are necessarily going to create a false or exaggerated claim. There is not a 100% correlation between the two factors and, obviously, very genuine and honest people can get into financial hardship and work their way through it."

Craig Scarr, a senior partner at Mazars, raises wider concerns about the prospect of anybody being turned down by insurers or scrutinised more heavily simply because they had fallen on hard times. He explains: "People may get a bad credit rating because of the recession — because they are struggling. Suddenly, the next time their renewal comes up, they are turned down because their credit rating is too heavily relied on. This means they can't insure their vehicle and have to give up their car, which can impact on their job prospects. You could end up driving fundamentally law-abiding people into a downward spiral in society."

One key message is that while insurers need to know their customers, they also need to bear in mind that a bad credit rating is not necessarily an indicator of somebody's honesty. Mr Scarr adds: "A bad credit rating can easily happen — you've only got to miss a couple of monthly credit card payments by a few days and your credit rating falls. There is also the whole issue of identity theft. Somebody's credit rating might be bad because they themselves have been victims of identity theft and the first they hear about it is when their motor insurance is turned down."

The question of credit data checks needs to be seen in the context of insurers' efforts to be increasingly proactive at the front end rather than just reacting to fraudulent claims. This is proving successful and many agree that it also sends the right message to fraudsters — that insurers will not tolerate fraud at any stage. But are insurers concerned about the impact of increased checks on honest policyholders looking for a quote? As Mr Bescoby points out: "It is a very competitive market and insurers can't afford to make it too difficult for people to become customers."

Mr Pagett observes, however, that customers are already aware insurers make a variety of checks, adding: "This shouldn't be seen as a barrier and we should continue to utilise all available information when assessing a risk that is presented to us."

Yet Mr Bord explains: "The current limitations around the use of credit data mean there would be significant change required — both technology and process — which would certainly impact on the customer experience."

Instant feedback
He adds: "It is important to recognise that customers expect instant feedback when trading online and any changes will, therefore, need to reflect this. However, a one-size-fits-all approach is probably inappropriate and changes — including additional questions and checks — to existing processes based on specific customer 'triggers' during the whole customer lifecycle are likely in the near future."

There is, of course, no doubt that insurers need to maximise the benefits of all the information available to them in order to fight fraud. Gabby Stephenson, compliance analyst at Wolters Kluwer Financial Services Europe, asserts: "With criminals becoming more knowledgeable and sophisticated by the second, firms in the financial services industry need to stay one step ahead and ensure they have adequate systems and controls in place in order to combat customers' intent on committing fraudulent activity."

She adds that fraudsters tend to engage in collusion using various techniques and client details to submit multiple policy applications, which result in fraud losses to the industry that are often very difficult to identify and unravel.

Many insurers are already investing in increasing the checks and controls at the underwriting stage — to validate customer information, and to guard against non-disclosure, for example. It is also useful, of course, to be aware of a customer's financial background. But the inherent limitations to the use of credit data mean that credit checks are unlikely to be the fraud panacea insurers are looking for.

Data protection and credit checks

Peter Oakes, head of fraud at Hill Dickinson, provides a legal perspective on credit checks:

"The key legislation in the UK regulating collection and use of personal data is the Data Protection Act 1998. Financial information about any identifiable individual falls within this category and insurers must ensure they comply with the Act when they access information on credit data. The crucial data protection principle is that any processing — meaning any acquisition or use — of data must be lawful and fair.

"The 'lawful' test is easy to satisfy — for example, the information must not be stolen. The 'fairness' test, is harder to define but fortunately places insurers in a strong position. The insurer can say it has a legitimate interest in the data and that credit checks are necessary in underwriting a contract of insurance. There are further onerous obligations placed on insurers by the Act, involving notifying the customer of the information and its intended use, as well as ongoing obligations in keeping the data secure.

"A cast-iron approach to initial compliance would be to gain the consent of the potential policyholder to credit checks as a pre-condition of the consideration, or offering of the insurance contract. Note that it is not in any way mandatory to obtain consent before making credit checks, but it is the simplest way to justify it. As long as the Act is complied with, insurers are fully entitled to make use of credit checks on both existing and potential policyholders.

"There is no prohibition against the use of credit check data against the customer in underwriting decisions. Insurers must, however, be careful of using tenuous links found in credit checks to third parties as it is these situations where data use could be classed as unfair. One example would be refusing cover based on the poor credit history of a third party individual that previously lived at the same address as the customer, but was otherwise unrelated. As long as insurers are sensible about the use of data in credit checks, it can be a useful tool in establishing risk. With the ever-present risk of fraud, it would almost be imprudent not to."

  • LinkedIn  
  • Save this article
  • Print this page  

You need to sign in to use this feature. If you don’t have an Insurance Post account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an indvidual account here: