8CIOReview | | DECEMBER 2021IN MY OPINIONBy Robert Waterman, Head of Fraud Operations & Business Services at MassMutual and Melissa Glynn, Head of Fraud Operations & Controls at MassMutualFive years ago, if you were talking about fraud in the life insurance industry ­ you'd be talking about things like false or exaggerated claims, application fraud or possibly even internal employee fraud.While these fraud risks remain, the increase in 3rd party actors regularly attempting to access customer data and cash value inside of certain insurance, annuity and retirement productsbyimpersonating customers and taking over their accounts, known as account takeover fraud (ATO), has shifted the landscape. Companies across the industry have regularly reported issues with ATO being perpetrated across call centers, websites, mobile apps andeven via paper forms. Despite our collective efforts, ATO remains a prominent issue for our industry -- an industry based on a foundation of trust and security; a promise to be there in our customers' time of need. As we all work to shift away from the paper-based forms of the past for servicing to the digital channels of the future, so too must our ability to authenticate our legitimate customers and identify the bad actors. If done well, we can increase the security of our customers' data and assets while reducing friction, resulting in a positive customer experience. To achieve this objective, below are some key areas that companies should consider integrating into their business and fraud prevention strategies. Given the rapid changes in the digital, cyber and fraud space, companies should also recognize trying to simply keep up will most likely mean falling behind. 1. Customer ProfileDevelop an approach to collect data and identity proof starting at the point of new customer acquisition (including often overlooked details like beneficiary information) and store this information as an enterprise data asset. Capturing and validating information such as device, voice, government ID and customer preference and creating a profile of your customer that starts at acquisition will help ensure you understand ­ and can authenticate - your customer from day one. 2. Identity Proofing and AuthenticationIdentity proofing ­ the verification of an identity prior to the issuance of accounts and/or credentials - requires you to collect enough information at the time of new business acquisition or 1st interaction to validate the customer, often when you have little or no previous information collected. Once successfully identity proofed, it becomes significantly easier to authenticate the legitimate customer on subsequent interactions, although authentication is not without its own challenges. Using a multi-factor authentication approach (the ability to use multiple factors from something you know, have and are) is a reasonable step forward. While this remains a standard for authentication, it often relies too heavily on 3rd party data that can be expensive to obtain, challenging for customers to use and risks being compromised as fraudsters find weak points. It also has an inherent weakness in that it treats authentication as a one-time event. For companies looking to take authentication a step further, a continuous behavior-based authentication approach should be considered.MITIGATING ACCOUNT TAKEOVER FRAUDRobert Waterman
< Page 7 | Page 9 >