A new analysis says insurance companies are particularly vulnerable to e-commerce fraud, and a recent report says a second round of data breaches has occurred at cities that use the Click2Gov application for payment of utility bills, parking tickets, and related municipal payments.
It’s practically an iron law that as industries convert to online commerce, fraud rises, and now this effect is turning up in the insurance business. According to news released Tuesday, an analysis of some 10 billion online transactions of all types conducted by risk-management firm iovation Inc. over the 12 months leading up to September led the firm to classify 5.09% as “risky.” But for the subset of insurance transactions, the risky percentage was nearly twice as high, at 9.14%.
At the same time, insurance transactions are increasingly going digital. Iovation, a Portland, Ore.-based unit of the Chicago-based credit-reporting giant TransUnion LLC, cited a study by research firm Mintel that found that only 9% of U.S. consumers used their health insurer’s mobile app in 2017. Just one year later, that proportion had soared to 25%.
“The advantages of an online insurance offering is undeniable. It makes business processes more efficient and the consumer experience more convenient,” said Melissa Gaddis, iovation’s senior director of customer success, in a statement. “However as transactions move online so will the fraudsters. With U.S. consumers becoming increasingly comfortable transacting with insurance companies online, we expect new types of digital fraud to emerge here like they have in other parts of the world.”
Forms of online fraud that affect insurers include application fraud, bad debt, account takeovers https://www.digitaltransactions.net/behavioral-solutions-arrive-to-fight-a-fast-rising-plague-of-account-takeover-losses/, and claims and contact-center fraud. This list also includes something called ghost broking, according to iovation. In this scheme, fraudsters buy policies with false credentials or create convincing policies out of whole cloth, then sell the bogus coverage to unsuspecting victims. Overall, so-called online third-party application fraud rose 139% for iovation clients from 2015 to 2018, the company reports.
Meanwhile, New York City-based Gemini Advisory last week issued a report saying 20,000 records compromised in attacks that began last month against Click2Gov systems at eight cities in five states have been offered for sale by fraudsters. Six of the eight cities had been hit by an earlier wave of attacks stretching from 2017 to late 2018 that compromised more than 300,000 payment card records in more than 40 U.S. and Canadian cities using Click2Gov, according to a December analysis by Gemini.
“While many of the affected cities have patched their systems since the original breach, it is common for cybercriminals to strike the same targets twice,” Gemini says in a blog post. “The second wave of Click2Gov breaches indicates that despite patched systems, the portal remains vulnerable. It is thus incumbent upon organizations to regularly monitor their systems for potential compromises in addition to keeping up to date on patches.”
As with the first breach, stolen card records from the second attack are showing up for sale on the Dark Web, according to Gemini.
A spokesperson for Click2Gov‘s provider, CentralSquare Technologies of Lake Mary, Fla., did not respond to a Digital Transactions News request for comment by late morning Tuesday.
—With additional reporting by Jim Daly