An auto insurance fraud primer and more

Auto insurance fraud is a global fraud phenomenon with billions in losses. This primer will cover the basics plus an innovative way to combat it: social network analysis (SNA). SNA tracks claims patterns among individuals, vehicles, and locations involved in accidents, as well as supports entities such as repair shops, law firms and medical clinics. The result? Evidence discovery.

Here's one way to make money. Members of a California auto insurance ring would drive into each other's cars and then submit false claims. The fraudsters received settlements ranging from $5,000 to $52,000 by claiming that they'd lost control of their vehicles because they spilled hot coffee on themselves. They used the same vehicles, addresses and phone numbers, and sometimes the same names. Most made their claims shortly after buying new auto insurance policies. Pretty good scam, for a while — until the Santa Clara County caught up with them in July of 2015 and arrested 33 ring members. (See 33 Arrested in Major South Bay Insurance Fraud Ring, by Alan Wang, KGO-TV, ABC, July 16, 2015.)

Automobile insurance fraud can be divided into three major categories. In opportunistic fraud an individual claimant uses an actual accident as an opportunity to generate illegitimate profits by deliberately overstating the extent of damage related to an accident. A fraudster commits a premeditated scheme by repeatedly charging insurance carriers inflated sums for the costs of goods and services required for car repairs and/or medical expenses. However, the third type of automobile insurance fraud, the organized crime scheme, causes car insurance carriers in the U.S. and Canada the largest claim fraud losses (involving, for example, prearranged car crashes and allegedly spilled coffee). (See Ontario Auto Insurance Anti-Fraud Task Force - Interim Report, December 2011.)

Financial losses attributable to fraudulent auto insurance claims fraud extend beyond the borders of the U.S. According to insurancehotline.com, up to 15 percent of the typical Canadian auto insurance premium of CAD 1,500 — or $225 — in 2014 might have been attributed to fraudulent auto insurance claims. According to Statistics Canada, the nation had more than 21 million registered vehicles (less than 4,500 kilograms — about 9,900 pounds) in 2013. As such, fraudulent automobile insurance claims may be costing Canadian drivers as much as CAD 4.7 billion dollars annually. (See Auto Insurance Fraud: Was That Auto Accident Really An Accident? Aug. 11, 2014, and Statistics Canada.)

In February of 2012, the Toronto Star published a story about Project Whiplash, a joint investigation conducted by the Toronto Police and the Insurance Bureau of Canada, which led to the exposure of a sophisticated auto insurance ring in Toronto's GTA Tamil community. (See Car insurance scam: 37 arrested in Project Whiplash raids, by Wendy Gillis and Josh Tapper, Feb. 23, 2012, thestar.com.)

Project Whiplash resulted in dozens of arrests and a total of 130 charges that revolved around 77 staged collisions. According to Toronto Police, 10 individuals from Markham and Toronto were considered the ringleaders of this large operation. State Farm Canada was one of the first companies to suspect the Canadian fraud scheme, which caused the company about CAD 4 million in fraudulent claims payments.

A successful insurance fraudulent claims ring has a facilitator who directs a network of players including white-collar professionals with high credibility who know the intricacies of the insurance industry, law and finance. The Toronto ring included paralegals, and medical and physiotherapy practitioners from several clinics.

Colluding schemers

According to the Canadian National Insurance Crime Services (CANATICS), here's an example of a typical organized auto insurance claims fraud ring in staging a collision: A key member of the ring (called a "recruiter" by law enforcement), often a savvy legal professional, initiates the fraud by recruiting participants to stage a collision with an innocent driver (or sometimes with another car full of conspirators) and coaches them on the exaggerated injuries they should claim and possibly cues some complicit medical practitioners.

After the accident, a tow-truck driver — also in on the scam — takes the damaged vehicle to a chosen auto repair shop — staffed by participants in the scheme — where mechanics might inflict additional damage to the automobile. The shop then prepares an elaborate accident claim repair estimate. The recruiter directs the participants to a clinic where they feign soft-tissue injuries like whiplash.

To bring the scheme to closure, the recruiter submits claims to insurance companies for fraudulent medical treatment, lost income and inflated repair costs of the vehicle — as covered by the policies. Following the claims settlement process, all involved parties get their proportionate share. The recruiter gets kickbacks from the clinic, body shop and tow-truck driver.

Common schemes

Here are some common auto insurance fraud schemes from the ACFE 2016 Fraud Examiners Manual (1.1005-1.1006):

Ditching: A fraudster finances an expensive vehicle with a minimal down payment, strips the expensive parts for resale, and reports the auto as stolen to the police and insurance company.

Past posting: A person who doesn't have insurance coverage is involved in an automobile accident, purchases insurance after the fact and waits several days before reporting the accident to the insurance company.

Vehicle repair: During the car repair phase, fraudsters replace needed parts in vehicles with refurbished parts. However, the claims they submit to insurance providers reflect pricing for new, premium parts. They might also include claims for unnecessary additional repairs.

Vehicle smuggling: Smugglers purchase expensive vehicles with maximum financing, prepare counterfeit certificates to prove the vehicles are free from debt, ship the automobiles to foreign destinations for sale and report the cars as stolen to insurance providers.

Phantom vehicles: A fraudster provides a counterfeit automobile certificate of title to the insurance agent when he's buying insurance coverage although no real vehicle exists. The fraudster then reports the car as stolen to the police and the insurance company.

30-day special: A fraudster reports a vehicle as stolen, hides the vehicle for a short period (usually for 30 to 45 days) to get a settlement for the claim, then abandons, destroys or sells the car to a "chop shop" after receiving the insurance claim proceeds.

Paper accident: These accidents only exist on paper. An insurance company might not investigate in detail when the repair costs fall below a certain threshold. Because this is a low-risk endeavor and the authorities aren't involved, this is a popular organized crime ring scheme.

Some common staged accident fraud schemes detailed in the Fraud Examiners Manual include (1.1006-1.1007):

Hit and run: The owner of a previously damaged vehicle calls the police and claims to be the victim of a hit-and-run accident. The fraudster uses the police report to file an insurance claim.

Side swipe: A perpetrator takes the same turn many times in a busy intersection with multiple turning lanes waiting for an innocent driver to cross into his lane. When an innocent driver finally does, the perpetrator intentionally drives into the other vehicle.

Drive down: A perpetrator waves on a driver who attempts to merge in front of him, then purposely collides with the merging vehicle and denies having waved on the merging driver. This is scheme is also referred to as a "wave and hit."

Swoop and squat: This scheme involves three vehicles and a victim's vehicle. Two vehicles pass an unsuspecting vehicle, and the second vehicle stops abruptly. The third vehicle drives beside the victim's vehicle to prevent it from the changing lanes. Finally, the victim's vehicle hits the rear end of the second vehicle, which is carrying several passengers who claim to be gravely injured. If skillfully executed, the victims often accept fault in such schemes.

(See Figure 1 below, illustrations of the "Swoop and squat," "Drive down" and "Sideswipe" methods.)

The Fraud Examiner's Manual lists the following important red flags indicative of automobile insurance claim fraud (1.1009-1.1013):

• The time between a claim and purchase of a policy is short — several weeks or a couple of months.
• An insured driver has several claims in the past and/or has an excessive amount of insurance coverage.
• An insured driver shows great knowledge about insurance coverage and claim procedures, which pushes the insurer for a fast settlement of a claim. 
• A claimed damaged vehicle has been discarded before examination by an insurance company claims adjuster.
• The submission of an altered police report by a claimant. (Insurance claims departments should obtain reports directly from law enforcement.)
• Unexplained significantly larger physical damage to an insured car compared to the amount of damage to an uninsured car.
• Inconsistencies among the physical evidence, the loss outlined in the police report and the invoice submitted by the repair shop.
• Submission of irregular documents, such as:
  • Invoice numbers and dates don't correlate for invoices from the same major auto parts store; for example, invoice no. 3255 is dated March 20, 2014, and invoice no. 3245 is dated April 10, 2014.
  • Photocopies of documents instead of the originals.
  • Handwriting on documents or alteration of dates, amounts, names, descriptions etc.
  • Wrong amounts of taxes in invoices and receipts.
  • Missing paid and received stamps on receipts and invoices.

Social network analysis for detecting fraud

In the fight to better detect auto insurance claims fraud, major property and casualty insurers are increasingly relying on data analytics to track claims patterns among individuals, vehicles and locations involved in accidents, as well as to support entities such as repair shops, law firms and medical clinics providing services to the accident victims.

In Canada, CANATICS uses sophisticated analytics tools, such as Aviva, to better identify staged collisions and help their members. (See the news release.)

An evolving type of analysis called social network analysis (SNA) is useful in the fight against auto insurance fraud. Fraudsters have many interactions when committing these frauds within the ring. SNA can effectively analyze large amounts of data from multiple sources to identify trends and correlations leading to the detection of a fraud pattern, according to Véronique Van Vlasselaer (now an analytical consultant at SAS Belgium and Luxembourg) in her Nov. 25, 2013, YouTube presentation, Social Network Analysis for Fraud Detection.

SNA investigates social structures by mapping and measuring relationships among people, entities, groups, computers, URLs and other interconnected data and information sources in terms of graph and network theory, according to the paper, Social network analysis: a powerful strategy, also for the information sciences, by Evelien Otte and Ronald Rousseau, Journal of Information Science, December 2002, Vol. 28, No. 6.

A network includes nodes and edges (also called links, connections, ties, relationships and interactions) in which nodes are people, entities or groups within the network; and edges are the relationships between the nodes. SNA can execute both visual and mathematical analysis of human, entity, and group relationships.

SNA can analyze linking information such as "who knows whom," "who calls whom," and "who does business with whom." With the SNA technique, the relationship and structure of a social network in a sea of data can be established on a graph for further investigation, according to Degrees Of Separation: Social Network Analysis Using The SAS® System, by Shane Hornibrook.

A social network isn't just represented by websites and apps such as Facebook, Twitter and LinkedIn but covers far more. Any organizational transactional data that shows an explicit or implicit relation among two or more persons, entities and objects can create a social network, according to Van Vlasselaer.

Transactional data representing an event can be financial, logistical, work-related, insurance costs, claims, etc., according to WhatIs.com.

Fraud examiners can apply SNA to an auto insurer's database to map and model relationships among people, entities and objects involved in a claim such as claimants, vehicle identification numbers, claim numbers, locations, addresses, service providers, etc., to form network graph diagrams.

They can retrieve exceptional results beyond the programmed thresholds by executing SNA metrics available in SNA solutions, such as link frequencies, density and centrality. For example, they can retrieve a large volume of claims by the same claimant, multiple rejected claims with the same claimant and many claims in a short timeframe from members of the same family. (See the SAS publication, Combating Insurance Claims Fraud.)

See Figure 2, the "Kite Network" below for a basic SNA analysis of actors in a network. David Krackhardt, a leading researcher in social networks, developed this model. Two nodes are connected if they regularly talk to each other or interact in some way. Andre regularly interacts with Carol but not with Ike. Therefore, Andre and Carol are connected, but there's no link drawn between Andre and Ike. (This network effectively shows the distinction between the three most popular individual centrality measures: Degree Centrality, Betweenness Centrality and Closeness Centrality. See Orgnet's explanation.)

SNA tools can import and export data into various file formats plus provide different types, views and visualization layouts of a network. An SNA's clustering functionality helps to discover clusters (subnetworks) in a network on the basis of similar characteristics.

A dense subnetwork with too many interactions is suspicious and might be an insurance fraud ring. SNA tools calculate various centrality (the degree of influence of a node in a given network) and density (ratio of the number of observed edges and theoretical maximum number of edges possible in a network) metrics. Fraud examiners can investigate nodes and networks that have higher centrality and density than the normal values to discover frauds. For example, the node (person) having high-degree centrality might be the facilitator of an organized auto insurance claim fraud and the subnetwork that he or she represents might be the fraudulent network.

Fraud examiners at insurance companies are finding that SNA technology is making detection of auto insurance fraud much more effective than only 10 years ago. While the research project leading to this article focused on the use of SNA during the claims processing phase, the incorporation of SNA as an essential part of the risk underwriting process at the time of policy issuance — along with its use during the claims processing phase — is bound to produce even better results, even though it will likely result in slower initial policy underwriting processes.

SNA solutions abound

Several SNA open-source and vendor solutions are available to fraud examiners at insurance companies. This new technology will undergo significant improvements within the next decade. (The authors have received no remuneration of any kind from these companies.)

NodeXL Basic is a network analysis and visualization software package for Microsoft Excel developed and released in 2008 by the Social Media Research Foundation. The foundation released the latest version, 1.0.1.342, in January 2014.

NodeXL allows users with little or no programming experience to collect, analyze and visualize a variety of networks. According to the foundation, as of October 2015, NodeXL Basic has been downloaded more than 425,000 times.

On Oct. 12, 2015, the foundation released the commercial version, NodeXL Pro, which includes some advanced features of network metrics calculation, sentiment analysis and publishing reports.

Gephi is a stand-alone, open-source network analysis and visualization software package written in Java and initially developed by students of the University of Technology of Compiègne in France, according to Security Analytics for Data Driven Risk Decisions, by Jurgen Visser, Aug. 25, 2015. The latest version, 0.8.2 beta was released in December 2012. To date, Gephi has been downloaded more than 1.2 million times, according to Gephi.

Pajek, a Windows-compatible program, provides tools for analytics and visualization of large networks, which have some thousands or even millions of vertices. The word Pajek in the Slovenian language means spider. Andrej Mrvar and Vladimir Batagelj began developing this program in November 1996 with some contributions from Matjaz Zaversnik. Pajek released its latest version, 4.05, in August of 2015, according to the reference manual.

SAS Fraud Framework for Insurance (SASFFI) was released in 2009 by SAS Institute Inc. The main intent of this framework, which includes business rules, anomaly detection, predictive modeling, and social network analysis modules, is to detect and prevent fraudulent claims. SNA, which is the major module of the framework, enables an investigator to analyze relationships and activities within a network. The visualization interface of SNA depicts clear relationships and enables detection of previously unknown relationships. (See SAS Offers New Fraud Framework Featuring SAS® Social Network Analysis.)

Cumulative effectiveness in the detection of auto insurance claim fraud increases when SNA technology is applied together with other modules. For example, SASFFI has other embedded modules — including SNA — such as business rules, anomaly detection and predictive modeling, whereas open-source solutions might not have such supplementary modules.

Attacking global problem with effective tools

Claim-related fraud is the major fraud type in the auto insurance industry — causing steep increases in insurance premiums worldwide. Opportunistic, premeditated and organized fraud schemes are the three major categories of auto insurance fraud. Fraud examiners at insurance companies can use SNA — one of the most important technologies to fight fraud — to investigate social structures by mapping relationships among people (or entities) in the form of network diagrams. Insurance fraudsters beware.

Subhash Satyal, MISAM, CFE, CPA (Canada), is a graduate of Concordia University of Edmonton's Master of Information Systems Assurance program. His email address is: s.c.satyal@hot4mail.com. 

Shaun Aghili, D.B.A., CFE, CIA, CISSP-ISSMP, is an associate professor of information systems security and assurance at Concordia University of Edmonton. His email address is: shaunaghilli@gmail.com.

Pavol Zavarsky, Ph.D., CISSP, CISM, CISA, is a professor and director information systems security research at Concordia University of Edmonton. His email address is: pavol.zavarsky@Concordia.ab.ca.

This article is a summarized and practitioner-friendly version of a 2015 research project completed by the authors at Concordia University of Edmonton, in Alberta, Canada, A Study on the Use and Applicability of Social Network Analysis (SNA) Tools and Technologies to Detect Fraudulent Automobile Insurance Claims. Readers interested in obtaining a copy of the research paper may download a copy. — ed.