Cyber-fraud More Than Just a Cost of Doing Business—It May Be Deadly Business

Ara Trembly
Insurance Experts' Forum, November 30, 2009

While most of us will never hear about it, security experts have been telling us for years that some banks and other large companies have been quietly paying protection money to criminal syndicates who would otherwise bring down or seriously compromise their computer systems.  The victimized institutions have apparently accepted such extortion as a given, and are looking at it as just another cost of doing business. 

But can any insurer, broker or other company really afford to be so cavalier about what is happening, even if we’re not talking about extortion? According to former prosecutor and FBI agent Chris Swecker, the answer is clearly no. Swecker, who is the founder of Chris Swecker Enterprises, pointed out in a recent interview with me that, “The potential to commit fraud is magnified on the Internet,” adding that cyber crime is a low-risk and profitable undertaking.  “Law enforcement authorities aren’t likely to arrest some guy in Romania who is part of a hacking syndicate,” he said. 

Obviously, fraud is a huge concern for insurers, which is why they devote so many resources and so much money to preventing it. Yet many insurers acknowledge that below a certain dollar threshold, they don’t find it profitable to pursue fraudulent activity. The dollar amount undoubtedly varies from insurer to insurer, but I have been told that carriers generally set the limit between $3,000 and $5,000. Any losses that come about as a result of fraud that nets a lesser amount are routinely ignored, and written off as a cost of doing business. 

That sounds like good business, but it fails to acknowledge that a man (or a company) may just as easily die from 1,000 cuts as from a single mortal wound. Swecker noted that, “Terrorist financing and criminal actions (like fraud) often intersect.” He said that much of the funding for terrorist activity worldwide comes from the proceeds of such activity. 

“Fraud funds terrorists,” he explained.  “They perpetrate banking or credit card fraud, then use the proceeds to turn around and hurt us again.” In some cases, he noted, terrorists will hire hackers to commit such crimes in order to fatten their own nefarious coffers. 

That really puts a whole new light on the idea of allowing smaller crimes to continue, doesn’t it? Certainly, banking or credit card transactions are an important part of what takes place in the insurance industry, and if it were just a matter of focusing on bigger fish, I would have no problem with that approach. If, on the other hand, cyber-criminals are perpetrating many “small” frauds, then turning around and using the accumulated funds to endanger American lives both here and abroad, I have a huge problem with that. 

What can we do? Swecker suggested that modern fraud sniffing software can help detect patterns of network-based fraud activity that originates in places like Russia, Egypt and Romania. Such software employs aggressive analytics along with a case management system that seeks to manage workflow and to raise red flags. 

Will insurers and others have to spend more money to do this? Absolutely. Then again, what is it worth to your organization to thwart a well-planned series of “small” events that could end up hurting the company overall and—more important—might well cost American lives? 

No one can require us to raise our level of vigilance to this level. But can we afford not to? 

Ara C. Trembly ( is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at

The opinions posted in this blog do not necessarily reflect those of Insurance Networking News or SourceMedia.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

The 5 "I"s of Underwriting Innovation

Underwriting has come a long way in a short time thanks to data and analytics.

Insurers are Losing the Customer Satisfaction Battle – Can Social Media Help or Hurt?

GEICO and Progressive suffered the largest individual carrier dips in satisfaction, according to the ACSI report.

Claims Transformation: Modernization Is Just the Beginning

Claims transformation is bigger than modernization, encompassing changes to the entire claims business model and philosophy rather than simply the day-to-day processes of claims operations.

Why Insurers are Leading on Data and Analytics

A State Street survey finds insurance companies are more likely to be further along in becoming “data innovators” than their financial services counterparts.

Driverless Cars: Unintended Consequences for Insurers to Watch

When bad or unexpected or unusual things happen, the computer gives up control and hands it back to the now woefully unprepared occupant.

The Other Auto Insurance Telematics Shoe Drops

Progressive's decision to charge Snapshot drivers more if their driving data indicates higher risk has started the industry down a road of data-driven adverse selection.