Modern Insurance Magazine - The Surveillance Group Supplement by Charlton Grant

S U P P L E M E N T

2 0 1 9

INTELLIGENCE · SURVEILLANCE · EVIDENCE

TSG Supplement | 2

Welcome

Welcome to our very special insurance fraud supplement with The Surveillance Group and NetWatch Global® – the market leaders in surveillance operations, OSINT and fraud intelligence.

So, this is where The Surveillance Group and NetWatch Global come in. Leading the way with surveillance and open source intelligence, both teams are able to provide you and your business with cutting edge OSINT software and proprietary tools to combat the fraudsters.

The Surveillance Group provide an unrivalled level of expertise in the world of specialist surveillance, successfully navigating the regulatory landscape to deliver exceptional results to its clients. Armed with an array of skills and experience, The Surveillance Group has the knowledge and insight to offer suitable surveillance solutions for each case. Their sister company, NetWatch Global, is the largest opensource investigation company in the UK. They specialise in providing powerful and actionable intelligence, which clients may need to either rely on in court as evidence or use to make effective decisions. What you might not be aware of are the intricacies involved in the work The Surveillance Group and NetWatch Global do. There have been major changes both driven by technology and legislation, which have had mostly positive effects on the two companies, enabling them to have year on year growth in instruction volumes. Their work involves exploring and interrogating open source data and social media, with the evidence allowing for swift analysis of claims – whether these be genuine claims or suspected of fraud. But while both businesses continue to evolve so too do the fraudsters. As we continue into this modern, digital world, fraudsters are starting to have more options and seem to move from one area of claims to another.

This supplement introduces you to the world of surveillance and open source data and social media. Tim Young, CEO of The Surveillance Group, guides us through the expected changes as technology continues to develop and fraudsters continue to become savvier, while James Beckett, Senior Fraud Manager at NetWatch Global, surveys the fraud landscape for the oncoming trends, challenges and opportunities and offers you a toolkit he recommends for analysis, plus much more! This supplement is jammed packed of top tips to prevent fraud both internally and externally and how to prepare for the changing landscape of the fraud sphere.

Poppy Green Co-Editor, Modern Insurance Magazine 01765 600909 | @Modern_Poppy | poppy@charltongrant.co.uk

Contents Interviews

4 The evolution and revolution of surveillance

Modern Insurance hears from Tim Young, CEO of The Surveillance Group, about his experience in the surveillance industry and what we can expect to come as technology continues to develop and fraudsters continue to get savvier.

10 Collaborating to fight fraud

Modern Insurance spoke to Sarah Hill, Jason Potter and Ben FitzHugh, BLM, about the current trends facing the industry in terms of fraud and how important the aspect of collaboration will be as we move forward and into a changing fraud landscape.

14 OSINT intelligence in a claims investigation – an Irish perspective

22 Why do employees steal?

Terry Streather, Director and Head of Training at Oakwood Training, examines the growing problem of employee theft and suggests what we can do to help prevent it.

24 It’s 2019: Failure to screen online presence before hiring is negligent

David Purcell, the Chief Operating Officer at NetWatch Global, breaks down our queries about whether or not we should be screening potential and existing employees.

26 An interview with James Beckett, Senior Manager at NetWatch Global

Speaking to Modern Insurance, Declan O’Flaherty, Partner at Tormeys Solicitors, outlines the value that NetWatch has provided to his claims investigations, plus those key differences between England and Ireland in the fraud sphere.

We asked James Beckett to outline some of the trends, challenges and opportunities that open source and social media represent to organisations and some of the tools he recommends for analysis.

28 The changing landscape of insurance fraud and counter-fraud measures

18 The evolution of insurance fraud – An interview with Donna Scully

Features

Donna Scully, Director at Carpenters Group, discusses the industry’s fight against fraud and how we are developing together to combat new and emerging threats.

Co-Editor Poppy Green

Tristan Prince, digital fraud prevention veteran and Group CCO at The Surveillance Group, explains how insurance fraud has changed over the last few years and what insurers are doing in order to conquer rising claims.

30 The rise of temporary intelligence

NetWatch Global explain why it is essential that insurers take note of what is referred to as temporary intelligence.

Project Manager & Event Sales Rachael Pearson

All material is copyrighted both written and illustrated. Reproduction in part or whole is strictly forbidden without the written permission of the publisher. All images and information is collated from extensive research and along with advertisements is published in good faith. Although the author and publisher have made every effort to ensure that the information in this publication was correct at press time, the author and publisher do not assume and hereby disclaim any liability to any party for any loss, damage, or disruption caused by errors or omissions, whether such errors or omissions result from negligence, accident, or any other cause.

TSG Supplement | 3

Clearly the whole issue of insurers needing to prove that surveillance was both â&#x20AC;&#x2DC;proportionate and justifiedâ&#x20AC;&#x2122; provided us with a rule-based system to focus on. Rather than sit back and let surveillance instruction volumes slowly dry up, we felt that social media and open source data held the key to creating the next generation of surveillance capability and development

The Evolution & Revolution of Surveillance Modern Insurance hears from Tim Young, CEO of The Surveillance Group, about his experience in the surveillance industry and what we can expect to come as technology continues to develop and fraudsters continue to get savvier.

4 | TSG Supplement

Evolution is effectively the ‘survival of the fittest’ or rather in the service industry: ‘survival of the most fit for purpose’ Having been in the surveillance industry for over 35 years, I have seen some major changes that have been driven by both technology and legislation. I still recall the excitement of being given my first body worn camera back in the late 80’s where the lens was small enough to be inserted into a button on a jacket. Sadly, the video recorder it was attached to was the size of a double decker bus and had to be housed in a rucksack. Video tapes only lasted half an hour and the system had the unfortunate habit of emitting a loud click followed

by a very obvious sound as the tape rewound to the beginning. I still have sleepless nights over one personal injury case when I was standing behind a claimant who was ordering a new carpet. The claimant in question had sustained a head injury and was purportedly unable to shop without assistance or manage their own affairs. I still hope to this day the list of impairments included an inability to recognise a covert video tape audibly rewinding in a deathly quiet carpet shop!

TSG Supplement | 5

There is, however, a darker side to the availability of technology where legislation and licencing have not evolved at the same pace

Technology has obviously moved on a great deal with an array of miniature covert products being available to anyone who has access to eBay or Amazon. It might be argued that the digital revolution in covert technology is a good thing, with all courts now being presented with High Definition footage with crystal clear audio. There is, however, a darker side to the availability of technology where legislation and licencing have not evolved at the same pace. Vehicle based trackers are a good example, with devices the size of a matchbox freely available online. Unscrupulous operators might utilise such devices to cut corners and reduce their costs by deploying less operatives on a surveillance instruction because they know they can track where a claimant is remotely. In my mind, the deployment of a tracking device would entail tampering with property and an element of trespass and I cannot envisage a single scenario where such activity is justified. Fortunately, in our post Levenson world, insurers are fully aware of the brand damage such unscrupulous deployments might create and their supply chain contracts prohibit the use of such devices. Claimant solicitors are also more than aware of such technology and I actually welcome the fact that they will pick through surveillance footage in order to ascertain exactly how their client was followed. During the Levenson Enquiry in 20011-2012, it became apparent that smaller private investigation firms, working on an ad hoc basis for clients, were often not bound by the same contractual obligations as us larger companies. This meant many were able to utilise sub-contracted staff potentially without the requisite training to undertake a surveillance in the correct manner and often that would use technologies such as trackers and other practises to reduce cost or ensure a result. The lack of basic training may also be the catalyst, which drove in many cases flagged by the inquiry; an inherent disregard for an individual’s right to privacy. Insurers themselves were not immune to a wave of negative public opinion following the Levenson Enquiry and unfortunately this was compounded by a couple of high-profile cases where surveillance companies were deemed to have been overly intrusive and breached claimants’ right to privacy. The obvious reaction by insurers was a massive reduction in the use of surveillance and much tighter internal controls relative to its use. Effectively, claims handlers were asked to provide internal audit trails to prove that their use of surveillance was both ‘justified and proportionate’. Thirty years in the industry has taught me that insurers are incredibly good at self-regulation, especially when dealing with processes that could have such a negative effect on their brands.

6 | TSG Supplement

It is ironic that at the same time as the above, The Surveillance Group’s footage was responsible for a series of high profile ‘Contempt’ charges in the High Court, relative to high value personal injury claims. The first of these was the landmark case of Kirk v Walton, but this was quickly followed by Edward William Neild and Acromas v Graham Jeffrey Loveday and Susan Loveday, Minaxi Shah v LV and James Shikell v MIB. In all these cases, the surveillance footage we obtained directly contradicted major elements of each claim and presented a means for insurers to bring what amounts to criminal proceedings against claimants who, hitherto the landmark case, would simply have folded up their tent and stolen quietly away. I think what the contempt charges did for most of the clients we work for was prove that they shouldn’t throw the proverbial surveillance baby out with the bathwater. I used the term ‘evolution’ in the title of this piece because in my mind, the combination of events from 2011 to 2013 meant that many companies in our sector were facing extinction and had to evolve in order to survive. In our experience is wasn’t necessarily about doing less surveillance, certainly year on year we have seen growth in instruction volumes ever since, it was more about insurers and in fact any company using surveillance doing the necessary due diligence before an instruction was sent. Some of our success and ability to weather the storm was certainly down to the shear length of time we have been contracted to our major insurance clients but most of this I would have to attribute to our clients trusting our training, processes and judgement on a case by case basis. We are fortunate to have the UK’s largest dedicated surveillance training business, which teaches law enforcement, military, government and global brands, our unique style of surveillance. This has not only allowed us to keep our technology and methodology current but more importantly it allows us to share best practice with organisations who, like insurers, have a need to utilise surveillance on a daily basis. As our own physical surveillance technology evolved, we developed miniature unmanned cameras that allowed HD quality footage to be captured 24 hours a day over an entire week. This offered insurers an alternative means of assessing a claimant’s pattern of life. With a week’s unmanned deployment costing the same as a day’s manned surveillance; the service has also proved incredibly useful in identifying care regime fraud or a claimant’s working shift patterns that wouldn’t normally be captured during manned surveillance. There are common factors that influence the success of any given period of surveillance with chance/luck being

a major contributor. It’s effectively about being in the right place at the right time and hoping that your teams will witness a compelling event. The blending of manned and unmanned surveillance removes a large element of chance as prior knowledge of regular patterns of life, especially linked to fraud, allows insurers to spend less money on manned surveillance. Evolution is effectively the ‘survival of the fittest’ or rather in the service industry: ‘survival of the most fit for purpose’. Clearly the whole issue of insurers needing to prove that surveillance was both ‘proportionate and justified’ provided us with a rule-based system to focus on. Rather than sit back and let surveillance instruction volumes slowly dry up, we felt that social media and open source data held the key to creating the next generation of surveillance capability and development. As an aside, it still amazes me that claimant solicitors erroneously think that we only film events that are of benefit to the insurer. We have to be objective at all times and in these days of GDPR we are only given very basic information by our clients anyway. It is also important to note that footage showing that a claimant is incapacitated still saves an insurer money, it allows handlers to treat such individuals with greater care and often settle cases faster. Our challenge was to somehow create both internal software and a managed service to provide initial intelligence that proved surveillance was justified. Taking geotagging of social media posts as a starting point it soon became apparent that major incidents attracted a lot of social media coverage from photos, names, witness

accounts and videos. Compare this to the relatively limited and often redacted information obtained from a police accident report and clearly social media back in 2011 represented a rich source of data that insurers were not utilising. A social addiction to smart phones and platforms such as Facebook and Twitter had already begun creating a new data points for claimants which, unlike one-dimensional credit data, gave valuable insight into not only incidents but also people’s lives both before, during and after a claim. By starting with what we wanted to achieve in terms of output, our mission was clear; to create a service that offered a cost effective and fully compliant alternative to certain types of liability investigation or as a precursor to surveillance. It was at this point that we went to market with a totally new company NetWatch Global Limited.

NetWatch Global NetWatch Global acted as the leading light in the OSINT surveillance and intelligence industry; founded with the mission to transform the way surveillance and intelligence is gathered in the modern digital world. With the infinite volume of information, data and intelligence available via online open source data and social media, NetWatch provide not only cutting-edge OSINT software and proprietary tools but combines these with the most experienced managed data analytics capability in the industry. Working for law enforcement and global brands had already shown us that an understanding of western social media was not enough as some of the complex criminal

TSG Supplement | 7

The success of ‘traditional’ surveillance was made up of luck, location, a compelling event and the client’s budget. The companies that still think this applies should be facing extinction

supply chains we were investigating could only be linked using non-western social media such as Weibo. We were however shocked that law enforcement was scared of delving too deeply in this pandora’s box due to the complexity of data privacy arguments that surrounded its use as evidence. To that end they were simply using the data to inform investigative decisions and not as tangible evidence itself. Our approach had to be different. Evidential integrity had to sit at the heart of the business proposition we were creating and to that end we only created software and report formats that we could prove would be admissible in court thus maximising the benefit we could bring to insurers. I have to say that the insurance sector is not known for moving particularly quickly or embracing disruptive technology that rapidly. Fortunately for us many of our larger insurer clients had forward thinking supply chain and technical claims managers who were willing to listen and subsequently undertake numerous Proof of Concepts within different areas of their business. What helped was that clearly this new sort of profiling created a solution and solid audit trail to prove that the subsequent escalation on claims spend on surveillance was both justified and proportionate. It also soon became apparent to claims directors that the profile reports that we prepared often within days of an incident allowed them to set highly accurate reserves on major incidents which created further compliance value relative to Solvency tests. It is also worth noting that Netwatch also identifies entirely genuine claimants with significant injuries early on allowing insurers to apply additional medical resources to support a claimant. Clearly such claimants will not be subjected to surveillance and some may view this as tantamount to business suicide. I am however much more comfortable only undertaking proportionate surveillance on individuals who have been flagged as potentially exaggerating some element of their claim.

8 | TSG Supplement

With over 40 full time specialist analysts working on multiple types of insurance claims, Netwatch has gone from strength to strength. We are in an incredibly fastmoving sector so our challenge is to create software that allows our analysts to keep pace with the evolving world of social media. In a post Cambridge Analytica world, we have to match our innovation with compliance and to that end our analysts sit amongst our developers and internal legal team to ensure that every process we follow and every post we report on is suitable for admission. Not many days go by when we are not called to give evidence in court but we are confident in the way we conduct our work and although our evidence is frequently challenged, to date our evidence has never been omitted from proceedings.

Case Study: Dermody v Network Rail In May 2018, in the case of Dermody v Network Rail, the unique combination of front-end social media profiling and physical surveillance to be tested in the High Court. Mr Dermody had sustained an injury to his right thumb and had submitted a considerable personal injury claim. The Surveillance Group were duly instructed to undertake surveillance on Mr Dermody to ascertain what level of use he had in his injured thumb. Initial profiling revealed that he was in fact the lead guitarist in a Guns and

Our challenge was to somehow create both internal software and a managed service to provide initial intelligence that proved surveillance was justified

Tim Young is the founder and CEO of both The Surveillance Group Ltd (TSG) and Netwatch.

Roses tribute band and Netwatch were able to identify numerous concerts that Dermody was playing at. The ensuing footage that was acquired showed that Mr Dermody had no apparent loss of use and was even able to play his guitar behind his head. The footage in itself obviously gave the defendant solicitors, Berrymans Lace Mawer, and Network Rail valuable insight into his current level of ability at the time but clearly it did not provide any indication as to when post-accident he regained normal function in his thumb. Fortunately, Netwatch were able to identify social media posts shortly after the incident which proved that his return to normal function predated the periods of surveillance. With such a wealth of footage and social media intelligence to contrast with the claimant’s various statements the judge in question was compelled to bring a Contempt charge. These days I look back at Levenson with a degree of satisfaction and approval. Not only did it bring about a long overdue overall of self-regulation, but it catalysed a wave of innovation that has let both my businesses work in harmony as part of an intelligence led solution that removes much of the element of chance in what we do. Ultimately, we remain fit for purpose and continue to deliver quantifiable value to the insurance industry year on year whilst providing services that offer no risk of adverse brand erosion.

TSG are one of the UK’s largest providers of Specialist Manned Surveillance & Surveillance Training. Founded in 2001 the company provides manned surveillance and specialist training solutions to the insurance sector, MOD, Government Agencies, local authorities and many leading Footsie 100 companies. TSG’s footage was responsible for gaining DLG their Landmark ‘Contempt’ case in the High Court and it is no surprise that TSG have been responsible for over 80% of all subsequent ‘Contempt’ judgements. TSG’s constant innovation has recently led to a new form of Contempt judgement in the case of Dermody v Network Rail, this was the first Contempt case of its kind where a judge allowed social media evidence to be considered alongside surveillance footage. In the past, Tim Young has provided input to The Home Office Select Committee’s review of Investigator Licensing and the training of individuals operating within the industry. In 2013 Netwatch Global Ltd was launched. Netwatch provides unique services that allow critical real time intelligence to be gleaned from open source and Social Networks on a global and multi lingual basis. Netwatch is now utilised by a large number of insurers and government departments as a managed service. In 2015 Netwatch launched its first series of tools specifically for insurers to use in-house. Software creation is analyst led and is designed to solve specific problems that analysts encounter in the rapidly evolving world of social media. The solutions created are increasingly designed to provide timely information early on in the claims cycle in order to minimise costs and maximise fraud detection. A significant number of financial institutions and global brands also utilise the service in the investigation and subsequent prosecution under POCA of serious organised crime. To discuss your surveillance requirements please contact info@thesurveillancegroup.com

TSG Supplement | 9

Collaborating to fight fraud Modern Insurance spoke to Sarah Hill, Jason Potter and Ben FitzHugh, BLM, about the current trends facing the industry in terms of fraud and how important the aspect of collaboration will be as we move forward and into a changing fraud landscape.

MIM: What trends are we currently seeing within the fraud sphere? Sarah Hill: Jason and I have been dealing with fraudulent claims for over twenty years and pre the Insurance Fraud Bureau (IFB), so as you can imagine, we have seen quite a lot of change over the years. Historically, the biggest product line for fraud is motor because it provides so much opportunity for fraudsters. Fraudulent motor claims are still quite prolific and it does still trend as the top area for fraudulent activity in claims. I do think the motor arena will change though, especially as the civil liability bill is being introduced and from April 2020 we should have a fixed tariff system in place. What we have seen is the behaviour of fraudsters change, for example, there is now a lot more activity undertaken by professional enablers and more claims layering, which means that more than one organisation can be involved in one fraudulent claim at a time. We see exaggerated medical reports, layered special damages such as

10 | TSG Supplement

cognitive therapy and physio therapy; anything that fraudsters can look at and add as an extra cost to the case is now used. In my experience, over the last three years I have seen the same and known protagonists move into new areas and new products lines. More recently, we have seen a spike in cavity wall claims, financial lines and mis-sold pension schemes; fraudsters are moving into whatever area they can see will be profitable for them. Jason Potter: There are several aspects that we need to consider. The reforms are coming in and as a fraudster you are either organised or opportunistic, so in order to get around that, they are going to be claiming multiple injuries rather than just soft tissue injuries. We have seen from a motor perspective already, rather than just the traditional neck injury, which would fall under the soft tissue category, we are starting to see neck, back, knee and elbow etc., anything to maximise and take it out of the forthcoming tariff scheme. It is fair to say, the reforms

are a good thing, but it is almost like a pebble in a pond, all the ripples from the pebble emanate which is how fraud is developing. Fraudsters are branching out due to the reforms and their financial impact. Additionally, we need to take into account the layering activity in terms of medical treatment and the diversification into new products lines. We have seen an uplift in farming and data theft activity. There is a lot of money involved in data. We see people branching out all over the place in terms of product lines exposure. The industry is spending a huge amount on technology and fraud prevention tools such as the creation of a new intelligence sharing hub and individual companies deploying their own systems. BLM is one example of a law firm that has its own advanced analytics intelligence. All these efforts are aimed at providing clients foresight in order to educate and prevent their exposure to fraud. Ben Fitzhugh: From a claims farming and claims handling perspective, the traditional motor area is quite heavily saturated. As Jason quite rightly said, fraudsters are looking to the less well developed areas to try and maximise the amount of return they can make. The industry should be focusing on the emerging areas just as much as the existing ones. SH: The other thing that concerns me, is that we are going to have more claims management companies in this space going forward. We may see a resurgence of some old behaviour that our work was responsible for curbing but are we going to see even more poor behaviour? How does technology tackle and identify the new and emerging trends? That is where The Surveillance Group becomes really important because as we start to see different types of injuries, it is going to be important that the right investigations are conducted on cases.

Collaboration sits at the heart of what we do and we are proud of the steps both we and the industry have taken to combat fraud â&#x20AC;&#x201C; Ben FitzHugh

MIM: What other technology is being used to fight against fraud at this time? BF: The industry has a suite of well-developed tools that provide data matching and data analysis to help profile risks an organisation or individual may pose to the claims and insurance industry. One of the things that we are seeing is the migration of traditional fraud risks. Any database that exists must contain a broad breadth of data, because we are regularly finding that would-be fraudsters are migrating to the non-traditional areas and are looking outside of the traditional insurer-based claims market. Organisations that arenâ&#x20AC;&#x2122;t within the traditional insurance sector and do not get captured on any central insurance database need their data to be harnessed so that we can ensure would-be fraudsters arenâ&#x20AC;&#x2122;t exploiting that particular loophole. It is about verifying that the databases that do exist have as broad a remit as possible. MIM: How is BLM collaborating with NetWatch Global/The Surveillance Group when tackling fraudulent claims? BF: BLM clearly recognise NetWatch Global as industry leaders because the tools that they have are well-respected. We partner with them on our fraud investigations to ensure that we acquire the most accurate evidential picture. Our approach has always been to investigate suspected fraud on a collaborative basis, whether that is with NetWatch as a trusted partner

TSG Supplement | 11

or with the likes of the Insurance Fraud Bureau, another industry organisation that we think of as our fraud experts. MIM: How has the use of OSINT intelligence helped when dealing with cases? BF: OSINT doesnâ&#x20AC;&#x2122;t just cover social media, it goes much wider than that. As we are involved in the legal industry, a priority is to ensure that any intelligence is converted into actionable evidence. One of the benefits of OSINT is that it can provide an accurate date stamped time on a particular event, whether that be a picture on social media or on a public news record, which we can use to establish how it fits into timelines of post-accident rehabilitation.

12 | TSG Supplement

SH: All of that is really important for us because we donâ&#x20AC;&#x2122;t just defend cases where there seems to be suspicions of fraud, but we also proactively litigate as well. We have been involved in a number of private criminal prosecutions, so the evidence needs to be collated in as an accurate way as possible because we need to present that evidence in front of the court to and need to ensure that the evidence canâ&#x20AC;&#x2122;t be challenged on legitimacy grounds. MIM: How can the industry come together and educate the public on the issue of fraud and data sharing? JP: The industry has done a lot of work to educate the public, not just from a claims perspective but also in

Fraudsters are looking to the less well developed areas to try and maximise the amount of return they can make. The industry should be focusing on the emerging areas just as much as the existing ones – Ben FitzHugh

MIM: How will BLM be helping to combat fraud this year both as a business and collaboratively in the industry?

terms of preventive measures and application tools. Those initiatives continue and off the back of the Insurance Fraud Taskforce, one of their initiatives was to look at awareness campaigns that were being run by the industry as a whole and to look at how we can deter people from getting involved with insurance fraud in the first instance. There is a lot of good work going on and we are trying to build on that by imparting our knowledge on forthcoming and emerging threats. It is important that we send a message out as an industry in order to demonstrate that there are implications for people’s actions, and if you are caught being involved in insurance fraud then you are liable to custodial time at the end of it. SH: Everyone knows that you only have to switch on the TV and there is an advert asking if you have had a claim. I have had a few examples of claimants dropping out of the process because they didn’t understand what they were getting themselves into. Most of the time they are either being contacted by phone on a cold call and what concerns me is the regulation of those companies contacting them by phone. I don’t think our regulation has gone far enough. There is a much more targeted approach to identifying the consumer. Education is so important and the industry has done a lot to educate the public but there is still a fair way for us to go.

BF: The IFB has done a huge amount since its inception many years ago and continues to help combat fraud. The greatest step, certainly from BLM’s perspective, is the inclusion of affiliate members, making sure databases have got the breadth and are as impactful as possible. BLM is an affiliate member and we will be continuing to work with the IFB to manage fraud risks and identify emerging fraud risks in order to pass on any evidence of adverse behaviour that we are exposed to. Collaboration sits at the heart of what we do and we are proud of the steps both we and the industry have taken to combat fraud. SH: We have been very proactive in this area of the industry. Our BLM lawyers work with clients to combat fraud in a number of ways: we have a central hub for fraud and we go out to all of our practice groups and make sure that within our system we have automated processes for fraud identification and that we are taking all the necessary steps to deter fraudulent behaviour.

Sarah Hill

Education is so important and the industry has done a lot to educate the public but there is still a fair way for us to go – Sarah Hill

is the Head of Fraud,

Jason Potter

is the Head of Fraud operations and

Ben FitzHugh

is the Head of Intelligence at BLM.

TSG Supplement | 13

OSINT intelligence in a claims investigation – an Irish perspective Speaking to Modern Insurance, Declan O’Flaherty, Partner at Tormeys Solicitors, outlines the value that NetWatch has provided to his claims investigations, plus those key differences between England and Ireland in the fraud sphere.

Q A

What is your experience of open-source intelligence (OSINT) and how does it benefit the industry?

In terms of defending insurance claims, in particular personal injury claims, it is useful to add OSINT to the picture of evidence that can be presented in court. Claims are usually investigated, for example, by way of medical examinations, but medical examinations only really supply a snapshot of a claimant’s presentation on the day that the medical was conducted. The value of the work NetWatch provides is exceptional – they can provide you with information over a more consistent and lengthy period from people with social media profiles, and that can be very useful in court when trying to assemble a picture of how exactly an accident or an injury has impacted on an individual.

How does OSINT work when you are dealing with a claims investigation?

14 | TSG Supplement

We are fairly familiar with social media ourselves doing the job that we do, so we would normally have an initial idea from the profile of the claimant whether or not to instruct NetWatch to assist us with the case. If we then ask NetWatch for a report they will go off and do their investigation and provide us with a report exploring all of the claimant’s social media profiles that are publicly available.

How and why are you working with NetWatch Global to protect the policyholders of the insurance companies that you represent?

I am a solicitor and I have been involved in defending personal injury claims in Ireland for twenty years. Due to the culture here in Ireland it can be a very busy business, hence why we use all lawful means at our disposal to investigate claims, including NetWatch Global.

The system in Ireland is constantly being examined, adjusted and readdressed to try to move fraud out because it is in nobodyâ&#x20AC;&#x2122;s interest that there are fraudulent claims

TSG Supplement | 15

We happened upon them because they made themselves known as there was a clearly an opening here in Ireland. Personal injury claims are such a large feature of the landscape here in Ireland, that NetWatch are just a neat fit towards that side of the business. We have been working with them for several years and we find them very efficient, thorough, accessible and easy to deal with.

Assessment of injury claims is generally based on medical evidence but the difficulty with medical evidence is that it only provides a snapshot of a period in time, i.e. when someone is being examined for the purpose of that medical report. It doesnâ&#x20AC;&#x2122;t give you any more consistency than that â&#x20AC;&#x201C; so social media investigations can provide a more consistent impression of an individualâ&#x20AC;&#x2122;s activities over a longer period of time and that is useful when presenting evidence to a court in terms of trying to establish how badly or otherwise someone has been impacted by an accident. It is also useful in investigating fraudulent claims, in the sense of trying to establish whether or not an incident actually occurred at all or if the injury might have occurred elsewhere, or if there are connections between parties involved in the claim.

Q A

How often do you come across fraudulent claims in your line of work and how do you filter these out?

Unfortunately fraud is part of any claims industry and it is a significant feature of the industry here in Ireland. The social media companies such as

16 | TSG Supplement

NetWatch are just one tool involved and can assist in defending and investigating those claims. So if we have a sense or a hunch that something is amiss and that a social media report would assist us in trying to investigate that further then it definitely adds value.

Open Source Intelligence is just one tool in the armoury of people investigating fraudulent claims. We use many tools, including medical reports, accident investigation engineers and accident reconstruction experts, among others that we are allowed lawfully to employ. All of that is part of the arsenal that is available to defend fraudulent claims.

Q A

What efforts are being employed by the insurance industry in Ireland to better tackle fraud?

We have a range of measures available, but there is talk of setting up a fraud unit similar to that which exists in the UK at the moment, the Insurance Fraud Bureau, which will be funded by the insurance industry here. That would certainly be a useful measure in my opinion but of course as with any effort to tackle fraud and sharing information there are potentially data protection considerations which have to be addressed appropriately. However, that is the value that NetWatch offers, everything they do is completely lawful and properly signed off by the data protection bodies in both Ireland and England, because they are using intelligence sources that are available to anybody, anywhere.

Q A

How is insurance fraud changing in this digital age and how can technology help us to combat it?

Insurance fraud is changing in some ways but not in others. People are now a little bit more careful and the people who are involved in fraud will be more aware that using social media might not be the best idea, so some of them will be quite careful about what they post and so on.

Technology is a very useful tool in investigating fraud and sometimes it will verify that a claim is not fraudulent and that is also a very important message that needs to be acknowledged.

Q A

Is there a big different between England and Ireland in terms of fraudulent claims?

Fraud is prevalent everywhere, but the attraction of Ireland is there because the damages for whiplash claims are regarded in Ireland as being well in excess of comparable levels to England and indeed elsewhere. It is suggested that as a result, fraud is more common here.

There are differences between what NetWatch would have to do in an Irish court as compared to an English court. For example, in England, a lot of your evidence is given by way of witness statements, whereas in Ireland, the content of a NetWatch report would not be disclosed to the claimant’s team. Therefore, NetWatch would have to travel over to Ireland in order to prove the information they have gathered if it is going to be

used in court. They would not be attending court in England nearly as often as they would be expected to attend court in Ireland.

The system in Ireland is constantly being examined, adjusted and readdressed to try to move fraud out because it is in nobody’s interest that there are fraudulent claims.

Q A

How do you expect the fraud landscape to change in 2019?

Brexit might slow down things here because people might need visas to come to Ireland! But, apart from that, I don’t anticipate any major changes. Fraud will always be there, where there is a monetary incentive for people to get involved in fraud, i.e. a personal injury claim, there will always be fraud. It changes but it doesn’t change to the degree that it is utterly unrecognisable from what it was when I started out twenty years ago. The tools available change and the framework in which the investigation is conducted will change but fraud will always be there.

Declan O’Flaherty is a Partner at Tormeys Solicitors. He qualified as a solicitor in 1999, having completed a Masters degree in Law at Queen’s University Belfast. Declan practices mostly in the area of Defence Litigation. He acts for several large insurers (both local and international) and self-insured entities.

TSG Supplement | 17

The evolution of insurance

fraud – An interview with

Donna Scully

Donna Scully, Director at Carpenters Group, discusses the industry’s fight against fraud and how we are developing together to combat new and emerging threats.

How has insurance fraud developed over the last few years, and how are fraudsters responding to the current measures in place?

Huge advances have undoubtedly been made in combatting insurance fraud in recent years, supported by political commitment, industry investment and technological advances. These advances have only been made possible through a successful partnership between industry, government, regulators and others. It is only through continued collaboration that more can be done to counter the continuing scourge of fraud – and there still remains a great deal more to do. Fraud is constantly evolving and remains a huge problem. Fraudsters continually look for weak points in the system, developing loopholes and workarounds to exploit gaps in the regulatory structure.

18 | TSG Supplement

Q A

What are the regulatory and legislative challenges and opportunities in tackling fraud?

On a practical level, David Hertzell’s Insurance Fraud Taskforce (IFT) was an important juncture in our fight against fraud. On the whole, it provided a pretty good analysis of the situation and came up with a number of practical solutions to problems. However, whilst some slow progress has been made on some fronts, action on others has been slow or nonexistent. He recommended that a legacy vehicle be set up to make sure his recommendations were implemented and the work he had done kept up to date but no such vehicle was ever formed and this was an opportunity missed in my opinion.

As a one-off exercise it is however now showing its age. The claims landscape has moved on and so

Access to data and then managing how it is handled will clearly be at the core of fraud prevention in the future

too has fraud. One of the biggest regulatory and legislative challenges is to ensure that the regulatory and legislative landscape is regularly updated in a timely and robust way. Fraud is not an area that you can look at as a snapshot, and then say, we’ve fixed it and move on to other things. It requires constant vigilance and action. That is why it is so disappointing that the Government has failed to provide the leadership and resource to establish a body to permanently continue the work of the IFT. The industry has done the best it can through the Insurance Times Fraud Charter meetings, but there is a limit to how much industry and regulators can achieve without government. The explosion in holiday sickness claims of a couple of years ago was only able to be controlled relatively quickly because in large part the IFT was operational at the time. I think problems with Medco could have been dealt with more swiftly too.

The Civil Liability Act and the motor accident whiplash reforms are now in the crucial period of implementation. This presents a whole set of challenges for the motor insurance sector. It is imperative that the new claims landscape functions as it is supposed to when it is fully operational in April 2020. If it is not ready, and there are many crucial decisions still to be decided about its structure and operation, then a delay until it is ready must not be ruled out.

There is a massive amount of integration required to ensure that the new process is streamlined. The current claims portal, the Motor Insurance/DVLA databases, MedCo, askCUE and the Insurance Fraud Register all need to be fully integrated. Every insurer will need to fully integrate to ensure that there is uniformity in the details of the claims uploaded to the new LIP Portal. This undoubtedly provides a huge opportunity to provide a robust technological platform to tackle fraud, but it mustn’t be rushed or done as a half-measure. Although much smaller and simpler, MedCo showed the risks of a premature launch without all the issues and consequences being thoroughly thought through and resolved.

Fraud should be the driving force behind regulatory and legislative change in the sector. Unfortunately, it has become a secondary goal behind the pursuit of cost savings, at the expense of fairness for premium paying customers and independent legal representation.

Q A

How might the fight against fraud adapt once the reforms are “done”?

The insurance industry may continue to be blinded by the potential cost savings resulting from the whiplash reforms, but for those on the frontline of fighting fraud, the response is distinctly more muted. There is widespread recognition that the LIP Portal will be a gateway for ID fraud and ghost claims, facilitated by the very procedures that the Government hopes will make the process quick and easy for Litigants in Person.

TSG Supplement | 19

It is only through continued collaboration that more can be done to counter the continuing scourge of fraud â&#x20AC;&#x201C; and there still remains a great deal more to do

A lot of faith is being placed on the Financial Conduct Authority to sort out the likely mess of allowing claims farmers directly into the claims process for the first time. I am far from convinced that its new regulatory system for CMCs will solve the problems we are creating. The largest CMCs may be brought to heel, but I have serious concerns about the rest. With an increased level of fraudulent marketing already seen from rogue CMCs advertising as ABI Claims and such, the future landscape already looks challenging.

The FCA has lofty ambitions that they can successfully police the CMC users of the new Portal, working with the IFB and the Solicitors Regulation Authority. They believe that they can corral those seeking to avoid the costs and more onerous regulatory requirements into compliance, but others see no real solution to those rogue CMCs who will have their hand upon virtually all claims from LIPs. Like the fox and the chicken coop, it will be very difficult to control them once we have let them inside.

Once the reforms are implemented, we canâ&#x20AC;&#x2122;t stop fighting fraud, so how can the industry up its game?

Fighting fraud will always be an ongoing battle. We need greater and genuine collaboration in fighting fraud as it constantly evolves. Embracing new technology is essential, although it must not be at the expense of human interaction and expertise. Technology has improved what we do and those that invested wisely in it can deliver the best service, but experienced claims people are vital too and actually getting the balance between technology and human touch, where needed, is very important. On a practical level, this means further fraud and ID checks and verifying legitimate claims. Better sharing of intelligence, information and data. Presenting a unified front to change cultural perceptions that fraud is a victimless crime. Provisions to tackle abuse in medical reporting and rehabilitation and addressing extortionate credit hire claims and increasing issues in relation to credit repair and total loss claims.

20 | TSG Supplement

For too long now, we have allowed valuable personal data to be quietly bought and sold by marketing and survey companies, garages, car hire firms, price comparison sites and even insurers. This dubious practice must be addressed if consumer confidence is to be retained.

Is there successful collaboration from other sectors that the industry could take into account when fighting fraud?

Motor, and some other types of insurance fraud, are probably unique, because it can have disputed liability issues and is resolved by an adversarial legal system. Of course, both sides need to talk more and work more effectively to fight fraud. The traditional barriers between sides must be broken down. Collaboration requires time, patience and a commitment to find solutions. It also needs trust. Clearly, collaboration on any meaningful level is made considerably more difficult when one side is threatening the other, as the reforms have done. Lawyers are the first line in the battle against fraud, sifting the obviously suspect, frivolous or those claims with little chance of success. With lawyers being effectively forced out of the market by the reforms, this job will largely fall to the technology behind the LIP Portal. Whether this approach will work remains to be seen, but I have serious doubts.

We also need Part 2 of the reforms urgently. Leaving the loopholes of credit hire/repair outside of the new Portal will be a serious mistake and lead to considerable abuse of the system.

Q A

The sector is also going to look very different in a few years, with a lot more CMCs and less lawyers. The cross-ownership and joint ventures we are already seeing between medical agencies, law firms, brokers and credit hire companies means a market that will look and function very differently to the one we have now.

Q A

What is the publicâ&#x20AC;&#x2122;s attitude towards insurance fraud? How can awareness be improved?

Unfortunately, the data that we have on public attitudes remains grim reading for the industry. It appears that a significant proportion of premium holders are still prepared to lie or conceal details when they apply for home insurance, exaggerate a property or travel insurance claim or are dishonest about an injury sustained in an accident. Recent data from the US suggests that it is difficult to readily identify people who are more likely to commit insurance fraud based on age or other

demographics. It is a misconception, for instance, to assume that older people are more honest and ethical and therefore less inclined to engage in fraudulent activity. Any type of person is capable of committing fraud. The sector as a whole needs to invest a great deal more money on a public information campaign, as recommended by the IFT, on why insurance fraud is not a victimless crime.

Q A

How is technology changing the way we fight fraud but also how fraud is committed?

Technology will certainly make the claims process more efficient in the future. Where appropriate, customer self-registration of claims supported by Chatbot/live chat at any time of the day. Voice analysis for fraud prevention as well as automated fraud checking. Speech recognition for identification and DPA checks. FNOL systems with the ability to download telematics data/ dashcam footage. Metadata used to identify incident information such as GPS coordinates. Image recognition for liability decision, vehicle roadworthiness and extent of damage. Online video call medical assessment, rehabilitation and GP reporting timely information producing real time reporting.

Technological solutions must though be balanced with the claimantâ&#x20AC;&#x2122;s needs at what could be a difficult time. A significant proportion of claimants remain digitally excluded, particularly older and vulnerable people, and the process must accommodate them. Claimants need to be happy that they are receiving a tailored service, helping them get back to normality and cause the least amount of further disruption, particularly when they have been injured.

How can the use of open source and social media data and intelligence help claim handlers and fraud investigators?

Access to data and then managing how it is handled will clearly be at the core of fraud prevention in the future. Insurers and others are collecting enormous amounts of data, but there are legitimate questions about whether the data they collect is verified sufficiently. Fake data is increasingly becoming a problem for the sector. We are going to hear a lot more about benchmarking, detection at point of sale and the use of data lakes to capture all data rather than defined and categorised data fields. Over time, it is inevitable that data sharing will increase through various systems, portals and organisations, overcoming resistance from pockets arguing commercial confidentiality. Together, this data revolution will have a massive and positive impact upon fraud prevention and detection. With vast amounts of consumer data available on social media, open source intelligence is clearly going to play a huge

role in the future but navigating the vast volume of data in a manageable and meaningful way is going to be skill.

Consumers are increasingly understanding that their data is a valuable commodity and are likely to guard it more closely in the future. The insurance and wider claims sector must recognise that consumer trust is paramount, that consumers must trust the sector to store and use their data responsibly, otherwise levels of consent are likely to fall.

Q A

What tools do Carpenters Group have in place to combat external fraud?

On the technology side, Carpenters Group are investing in the full suite of next stage advancements. From FNOL systems with the ability to download telematics data/dashcam footage to metadata used to identify incident information such as GPS coordinates. Weâ&#x20AC;&#x2122;re going to be using voice analysis for fraud prevention as well as automated fraud checking, as well as speech recognition for identification and DPA checks.

We are working with our insurance and claimant clients on strategies to combat fraud at every stage in the claims process. The defendant part of Carpenters now has affiliate membership of the Insurance Fraud Bureau. Affiliate membership will enable us to collaborate ever closer, share data and intelligence and more actively contribute to the industry fight to stay ahead of the fraudsters. We hope to announce further industry partnerships in the near future.

Q A

How do you expect fraud to evolve in the future, and how can we prepare?

Fraud will increasingly become digitalised in the future, although there will always be those who seek to exploit the system more directly by feigning injury for example. In order to stay ahead, the sector must continue to invest heavily in technology. For many years the claims sector has fully utilised the opportunities afforded by data management software as information is cross-referenced and processes are digitally automated. As the technology develops, so will the sector innovate to find further efficiencies and provide better services.

Donna Scully is a Director at Carpenters Group.

TSG Supplement | 21

WHY DO EMPLOYEES

STEAL?

Terry Streather, Director and Head of Training at Oakwood Training, examines the growing problem of employee theft and suggests what we can do to help prevent it. Ah, the stationery cupboard. Like Rymans but without the till! Brilliant. But could there be a bigger problem here than the occasional highlighter or post it pad miraculously finding their way into our children’s pencil cases? The case of Karen Belton, a senior manager who stole around £200.000 worth of ink cartridges from her employer and resold them on eBay may suggest so. An extreme example I know, but a quick google search reveals it is by no means isolated and presents a significant risk to any business.

A growing problem In 2017, The British Retail Consortium reported a 36% rise in employee theft. Police recorded 10,466 ‘theft by employee’ offences in the UK in 2018, and the National Fraud Agency says it costs the UK economy more than £73 billion each year. PwC’s Global Economics Survey 2016 showed that 55% of UK organisations were affected by employee theft, compared to 38% in the USA and 28% in China. The numbers are interesting but in truth, we don’t really understand how big of an issue this is. There is relatively little information about employees who steal, partly because of the lack of research, but also because companies tend to deal with these matters in-house (often to avoid damage to brand or reputation.) I believe what evidence there is supports a link between poor employee wellbeing and internal fraud. The way that we think and feel has a huge impact on the way we behave and the decisions we make.

22 | TSG Supplement

We know that the risk of theft increases when people feel they work for a faceless corporate entity, which doesn’t care about them. What can you do to change that? Consider this: the Health and Safety Executive (HSE) tell us that 57% of all working days lost in 2017/18 was down to stress, anxiety, and depression. Among the main reasons for this absence was pressure due to workload, a lack of managerial support and having to deal with aggressive or challenging people. In the UK 13 employees are assaulted in retail every day.

Why do employees steal? So, work can affect a person’s mental health. But can a person’s mental health make them more likely to steal? It would be naive and over simplistic to suggest there is a single answer here. There was no single reason why Karen Belton stole. What is clear from the evidence is that work culture can play a significant role. Motivations can include work climate, employee dissatisfaction, a sense of inequity, underpayment, or lack of fairness. Some see it as a ‘victimless’ crime - the company won’t miss it and I deserve it after all the hours I put in; compensation for my lack of work-life balance. Offenders may differentiate their actions from other types of crime and justify theft from the workplace.

I believe what evidence there is supports a link between poor employee wellbeing and internal fraud. The way that we think and feel has a huge impact on the way we behave and the decisions we make Now, before I go on I’m not for one minute suggesting that people with mental ill health problems are thieves.

It raises an interesting question. Where are your loss prevention efforts focused?

There is in fact only one condition where theft is a symptom. Kleptomania is a disorder where people are unable to resist the urge to steal. It is rare, with only 0.6% of the population experiencing it and is thought to account for only 5% of shop thefts.

The traditional approach hinges around anti-theft measures such as CCTV, zero tolerance signs plastered all over the place and managers challenging anything suspicious. Don’t steal from us or else, rather than addressing the factors that may lead to the behaviour in the first place.

What about other conditions then? In Karen Belton’s case, the judge noted her history of anxiety, but the evidence tells us there may be more of a link between theft and mood disorders like depression. In fact, one study found that up to a third of shoplifters were experiencing symptoms of depression at the time of their offence. These conditions can affect a person’s ability to resist impulses.

So who are these thieving employees? Tell me what they look like! I wish it were that easy. Numerous studies have attempted to categorise those who steal into some interesting groups, including “baboons”: who steal little and often because everyone else does; “jackdaws” for whom stealing is a “perk of the job” or “hawks” those who are unhappy and bend the rules to suit themselves.

What can we do about it? Is it easier to target shoplifters instead? Internal fraud is often more complex, time-consuming, and harder to detect. Karen Belton was only found out 2 years after leaving her job and as a result of a routine audit. Research from across the pond reveals that shoplifting accounts for 35.7% of ‘shrinkage’ within the retail sector. 33.2% is down to internal fraud. Some retailers allocate up to 95% of their loss prevention resources to shoplifting, ignoring (or perhaps unaware of) the almost equal threat of internal fraud.

A more proactive strategy might include the following recommendations based on Brookman et al’s (2010) ‘Handbook on Crime’ and our own review of existing literature: 1. Create a positive workplace culture and good work conditions. We know that the risk of theft increases when people feel they work for a faceless corporate entity, which doesn’t care about them. What can you do to change that? 2. Support employees experiencing difficulties both in and outside of work. Even though pressures may be external, the employer may still have to deal with the consequences. Business in the Community report that only 16 % of employees would disclose a mental health condition to a manager. 3. Treat employees well, pay them fairly and don’t allow discontent to fester. Research has established a link between unhappy employees and theft. 4. Set clear guidelines: an act that can seem criminal to one person may be considered by another as a legitimate entitlement. Remove any excuses that internal fraud is somehow justified. I am delighted to be exploring the potential link between internal fraud and mental health, and what we can do about it at the Retail Risk London Conference on the 11th April 2019. I am also working with ORIS Media to deliver bespoke training on the issue.

Terry Streather is a Director and Head of Training at Oakwood Training. He’s a mental health and personal safety expert, with extensive experience as both a frontline practitioner and trainer. He is helping some of the UK’s largest retailers look after the mental wellbeing and personal safety of their employees.

both from members of the public and staff.

Terry is in demand as a consultant and is a dynamic and engaging speaker at national conferences and events.

He believes that our health and the way we feel has a huge impact on the way we behave, the decisions we make and our productivity. He is passionate about helping companies create safer and healthier workplaces, by placing wellbeing at the very core of what they do. Not only because it’s the right thing to do, but because it makes good business sense. Happy, safe employees make better employees.

As a former frontline officer and supervisor in the Police he has first-hand experience of managing personal crisis,

When he’s not teaching or speaking Terry spends much of his time running around after his eight and six year old children (quite literally on a Sunday morning when he tries to keep up with them at junior park run!).

TSG Supplement | 23

It’s 2019: Failure to screen online presence before hiring is negligent Let’s talk employee screening. David Purcell, the Chief Operating Officer at NetWatch Global, breaks down our queries about whether or not we should be screening potential and existing employees In 2019, the question should not be whether or not we screen our new recruits and existing employee’s online and social media presence, it should be how do we do it? The world’s biggest library of data on people is the internet. Imagine that the internet was a physical building less than 30 seconds from your desk, and someone told you that there is information in that building on the person you’re going to hire, and it’s free to look at. In fact, the person

24 | TSG Supplement

you’re interested in has put the information in there themselves and made it available for everyone to look at! The chances are you would head over there and see what that information was, in fact it would probably be negligent not to. So, why shouldn’t this be the case with the internet? Screening new hires and current employees became even more of a relevant issue to the insurance sector at the tail end of 2018 when

At NetWatch our belief is that social media and the online footprint of an individual is crucial in assessing them as a risk in the digital age the Insurance Distribution Directive (IDD) released new guidelines on employee screening. The aim of these guidelines is to ensure that the people selling insurance are of ‘good repute’. Interestingly though they do not end their advice at the point staff are recruited, the directive also spells out the need for ongoing monitoring of existing staff – it also hints that existing and traditional measure should only be treated as a bare minimum approach.

We regularly see companies that are undertaking this sensitive and important work in a very haphazard manner and causing potential problems. These problems can be avoided through working with a professional partner like NetWatch

These guidelines take a commonsense approach. When we are looking at the problem of insider threat and the damage that could be caused by rogue employees from inside a business, the highest risk employees aren’t typically those that have just walked through the door. Insider threat comes from those staff that are going through a difficult time at home, having financial problems, or those with a grievance against the business and feeling they’ve been mistreated somehow. So, it’s essential that businesses build up as many indicators as possible as to whether their staff are of ‘good repute’ or if there is a potential risk building. Of course, there are many measures which can be introduced to then mitigate that risk, from working with the person to resolve any grievance or taking measures to help them away from the office.

causing potential problems. These problems can be avoided through working with a professional partner like NetWatch to really make your processes airtight.

At NetWatch our belief is that social media and the online footprint of an individual is crucial in assessing them as a risk in the digital age. In fact, we would go as far as to say that there is no better indication of who a person really is and what’s happening around them, than their online footprint. If businesses want to ensure that they are conducting a thorough assessment of a person’s ‘repute’, it’s crucial that an element of the online world is included. I would go as far as to say it is negligent to make a hire without checking that person’s public online presence.

At NetWatch we have specialised in locating and attributing social media accounts to the right people since the company began and have built software to make this process easier and more effective. It may be that the layman can locate a profile for someone with an unusual name, but they aren’t likely to spend hours sifting through all the profiles for Joe Bloggs (sorry Joe). This can introduce unintended bias into the process in that the accounts of those with unusual names are being screened and subject to assessment and those with more common names aren’t.

So then the question becomes how this should be done? Many companies that we work with are keen to embrace vetting online presence but have no idea where to begin. In fact, worse than not knowing where to begin, we regularly see companies that are undertaking this sensitive and important work in a very haphazard manner and

Bias is also being introduced through a lack of defined process. Ultimately, you need to know what you’re looking for, and what it means when you find it. If the staff undertaking this research are just poking about and seeing if they can see anything then the chances are the recruitment and vetting process is not going to be fair. There is also a chance that they will

One of the issues we are witnessing is the introduction of bias into the recruitment process, something which, traditionally, the entire recruitment process is designed to eliminate. There are a lot of very basic ways that this is seeping in, but a couple of the big ones are as follows: Firstly, you cannot do this on an ad hoc basis – you either check everyone’s online presence or noone’s. Whilst this is easy to a certain extent, it gets more complicated when you consider whether you’re looking at the correct accounts, or whether they are even found.

introduce subconscious biases based around their own likes and dislikes. There are a huge number of benefits to be realised from screening and vetting online presence, from assessing what you’ve been told at interview, to checking for red flags that would clash with the values of the business. However, any work of this nature needs to be undertaken professionally – and there is no better approach than working alongside a company that does this day in day out and has finessed their practises over several years. At NetWatch we help you leverage the online world for the information you need to improve your business, remain compliant and mitigate risk – and we do an outstanding job of it. Get in touch today to discuss the improvements that can be made to your hiring processes with NetWatch.

Ultimately you need to know what you’re looking for, and what it means when you find it

David Purcell Chief Operating Officer at NetWatch Global. You can contact David with any questions at dpurcell@netwatchglobal.com

TSG Supplement | 25

An interview with

James Beckett, Senior Manager at NetWatch Global

NetWatch Global are the UK’s leading open source and social media investigations company and support the insurance industry with both managed services and tools for OSINT investigation and surveillance. We asked James Beckett to outline some of the trends, challenges and opportunities that open source and social media represent to organisations and some of the tools he recommends for analysis.

Q A

What are the trends in the current fraud landscape?

social media, one of the biggest challenges that we have faced is the changes that social media companies make to their platforms. A prime example of this is Facebook. In 2013 they launched their Graph Search service, which allowed users to access more information regarding a Facebook account than they could just by visiting the user’s page/wall, but in 2015 the interface to use Graph Search was removed without warning. More recently it was possible to search Facebook for any accounts linked to an email address or mobile number but after the fallout of the Cambridge Analytica scandal this was removed from the Facebook homepage in 2018.

Fraud always seems to have its mainstays, such as identity fraud, false/exaggerated insurance claims, account takeover etc., but what changes more quickly is the way that this fraud is conducted.

In the past, if a fraudster wanted to use someone’s credit card, they would have to have physical sight of the card in order to record and use the details. This is no longer the case as fraudsters don’t even need to be in the same country when they purchase this information from numerous dark web marketplaces. Elsewhere, numerous large companies have had their customers’ data stolen or compromised and then uploaded onto the web; often including highly sensitive information such as passwords, physical addresses, phone numbers and much more. This again provides easy assistance for those who want to commit fraud to do so from the comfort of their own computers.

What challenges and opportunities does this represent?

Speaking from a position where the majority of NetWatch’s work focuses on open source and

Changes like this make the work of an open source investigator more challenging but they also present opportunities to come up with innovative solutions. In both cases above tools developed by NetWatch allowed us to continue using the Graph Search feature and also allow us to search for accounts linked via mobile number or email address. Other challenges include the evolution of the way individuals use social media, with younger users tending to favour temporary posts like Snapchat and Instagram stories

Challenges include the evolution of the way individuals use social media, with younger users tending to favour temporary posts like Snapchat and Instagram stories where the information is only posted online for a number of hours

26 | TSG Supplement

where the information is only posted online for a number of hours. This was a trend NetWatch was aware of early on and we devoted time and resources into coming up with new solutions like NetWatch’s Temporary Intelligence Capture (see page 30) to make sure this didn’t affect our ability to investigate.

Q A

So what fraud and investigation tools would you recommend?

Well firstly, 99% of all the investigations we do at NetWatch will include looking at social media or open source information. That means we need to be able to locate profiles for individuals, search for images, locations and other useful information. That means our OSINT tool kit needs to be easy to use, accurate and above all, to locate pertinent information to the investigation.

At NetWatch we start with our in-house tools then we combine these with subscribed data services and established OSINT techniques to get to the information we are looking for. One of our key in-house tools is Profile Finder+, which was developed in order to locate social media accounts of individuals.‘Profile Finder Plus’ allows us to still conduct searches on email addresses and mobile phone numbers in order to see if they are linked to any social media accounts. Not only does this save resources in that we don’t have to spend time searching for the social media accounts, it also

makes it a lot more likely that the account we are looking at belongs to or is linked to the subject of the investigation.

Privacy Checker – One of the most frustrating things to happen during an investigation is that you locate the accounts but are unable to see any of the information on there because the profile has been set to ‘Private’. When this happens with a Twitter or Instagram account it doesn’t have to be the end of it, if time is on your side, NetWatch has developed ‘Privacy Checker’. You can probably guess what this tool does from its name, which is to check on the privacy settings of a certain account. Once the username has been added it will constantly check to see what the privacy settings of the account are, when it changes to ‘Public’ it will then notify you that this is the case. Government Records – No matter what type of investigation is being conducted there is always a good chance that a search

of some government records will be one of the steps taken. From using the Land Registry to establish who the owner of a property is, to searching Companies House to see the various companies that an individual may be linked to, there are too many occasions to count where a crucial piece of information has come directly from one of these resources.

Reverse image searching – This is a tool that many people are familiar with and have used before and there’s a good reason for that, it’s helpful! What people may not be aware of is that Google image search is not your only option, Yandex offers the same search function and a lot of the time even gives more accurate results. The Wayback Machine – This tool, found at archive.org, is great when trying to view old versions of websites or websites which have been taken down. You won’t be able to get full, working versions but what it does offer is the opportunity to

see some of the information and text that was on the website at a specific date and time. Originally started in 1996, the Wayback machine has been crawling the web and archiving any websites it comes across and is said to contain over 445 billion webpages.

James Beckett Senior Manager at NetWatch Global. To find out more about NetWatch OSINT Tools visit: www.netwatchglobal.com or email enquiries@netwatchglobal.com

TSG Supplement | 27

The changing landscape of insurance fraud and counterfraud measures Tristan Prince, digital fraud prevention veteran and Group CCO at The Surveillance Group, explains how insurance fraud has changed over the last few years and what insurers are doing in order to conquer rising claims. If there is one thing experience has taught me, it is that fraudsters are like woodpeckers; they will circle around your business looking for a fault or weak spot and when this appears, they will use every trick in the book to extract every last penny. When a fraud manager begins to push back and plug these holes, typically, fraudsters will look to other products or services for another soft spot and, if none exist, will simply fly away to another tree. This to me illustrates a really important point and a macro trend seen in the insurance sector over the past five years. The rise in frequency and value of fraudulent personal injury claims in motor made making money on this business a real struggle for most insurers. As fraud and claim values rose, insurers began ploughing investment into driving fraud out of their motor books at the front end, at point of quote and policy inception, and in the back end at claim. The extra investments made in quote enrichment, fraud prevention tools and other services like device and ID validation have certainly begun to pay off at the front end; driving a significant amount of fraud out of motor.

28 | TSG Supplement

At the point of claim, many of the innovators in the industry spotted the potential benefits of open source and social media data in validation and some of the brave are even pushing this forward right the way to FNOL. NetWatch Global have been leading the way with open source and social media claims investigation and for many, major insurers are effectively acting as an outsourced investigation unit. For lower value claims and insurers own inhouse investigation teams, NetWatch offer a suite of OSINT tools that enable claims handlers and fraud investigators to compliantly locate profiles and information more cost effectively and accurately. The tools also eliminate potential data protection infringements that may be associated with viewing the incorrect social media accounts. True to form, the fraudsters are now popping up in other GI lines of business where, though the potential value of fraudulent claims is considerably less, the controls and processes are not there to catch them. In the last few years we’ve seen more fraud creeping into commercial lines and other areas as fraudsters cast their nets wide and far

to replace the rich returns PI in motor once represented. The new wave of organised fraud is extending into other product portfolios like travel, pet, employer’s liability and even areas like income protection and home. So, is the industry being successful at combatting claims fraud? If some recent statistics are to be believed, the answer could be yes. The Government’s Compensation Recovery Unit performance data shows that over the 2017/18 period motor injury claims were the lowest level since 2009. In addition, the ABI’s figures highlight that in 2017 a total of 562,000 insurance frauds were detected by insurers. Of these there

In the last few years we’ve seen more fraud creeping into commercial lines and other areas as fraudsters cast their nets wide and far to replace the rich returns PI in motor once represented Whilst historically, a fraudulent personal injury claim in motor could net up to a seven-figure settlement, the reality is that these claims are few and far between and the likelihood of a fraudulent claimant successfully hoodwinking an insurer all the way to a settlement is so small that it makes it a relatively risky pond to fish in. Increase in claims Over the last twelve months we have seen a huge increase in the volume of pet, home and property claim instructions as fraudsters move into other areas away from motor and personal injury claims. These types of claims are often trickier for insurers to investigate and uncover fraud due to the lower claim values.

were 113,000 fraudulent claims, and 449,000 dishonest insurance applications. The dishonest insurance claims were valued at £1.3 billion, which was down 8% on 2016. On paper this would tend to indicate that the industry has broken the back of the claims fraud issue and are making demonstrable steps towards driving fraud out. Look a little closer under the surface and you will see that whilst fraud is down in the core GI products like motor, it is the more niche, less protected areas that fraudsters have moved to in order to fulfil their needs and often where fraud goes completely undetected; in fact the ABI recently stated undetected insurance fraud could also be as high as £1.3 billion.

This is where open source investigation really comes into its own as an effective tool to investigate low value claims. Dependent on company open source investigations typically cost around £150, and at NetWatch we investigate pet, property and home claims for under £100. NetWatch frequently investigate a lot of high value jewellery and watch claims; open source and temporary media is extremely useful in investigating these due to the number of selfies a typical social media user uploads to the internet. A typical claim for a Rolex watch might be in the region of six-eight thousand pounds, and it’s often very difficult to prove if fraud has taken place. When investigating these claims at NetWatch, we don’t just look for evidence of an incident or posts relating to the loss, we go right back to the policy inception to try and prove how frequently the item appeared in pictures both prior to

inception and afterwards. In one case of a lost Rolex we confirmed that the watch was visible in 95% of posts made by the claimant prior to the policy being taken out. After the policy had been incepted the watch appeared in 0% of images, the date of loss was a further six months down the line – and the watch never appeared in images. Investigation findings like these are very powerful when put to the claimant and can be used as a justification for requesting further evidence or going back with more questions. Quite often, if the claimant is fraudulent, they will withdraw the claim – it’s up to the insurer’s own policies on how they deal with withdrawal or potential admissions of fraud. However you decide to proceed, NetWatch can support your defence of a claim; providing valuable intelligence and even court ready evidence for any approach.

Tristan Prince Group Chief Commercial Officer at The Surveillance Group and NetWatch Global. To discuss your surveillance, OSINT or fraud prevention requirements, email tprince@thesurveillancegroup.com

TSG Supplement | 29

The rise of temporary intelligence There are claimants with large reserves set against their claims posting in excess of 25 times a day on social media and insurers are missing it. With any one of the posts having the potential to knock thousands off the reserve, it’s essential that insurers take notice of what we are referring to as temporary intelligence, says David Purcell, Chief Operating Officer at NetWatch Global. Temporary Intelligence first emerged back in 2012 through the launch of Snapchat. During the two years after launch Snapchat gradually became a household name, with heavy financing through three funding rounds worth around $143.5 million1. Figures on the userbase during this period are difficult to obtain, but Snapchat estimated that by November 2013 users were sharing more images through Snapchat than Facebook, at around 400 million a day. That’s a lot of pictures! The premise of Snapchat was (and is) that you could send images to friends that would only be viewable for around 6 seconds after being accessed – and then they were gone. Hence, they were only temporary in nature. This led Snapchat to be synonymous with sexting, and the inevitable sharing of risqué images – and is potentially what kept it out of complete proliferation of users to the extent of Facebook. At this point Snapchat was not of particular interest or use to open source investigation professionals because it was primarily a messaging service. Trying to access these snaps would be akin to breaking into someone’s text messages – not very open source. In 2013, Snapchat added ‘stories’ to the product and this changed things,

30 | TSG Supplement

especially towards the tail end of 2016 when the feature was more or less mirrored by Instagram, and then by Facebook in 2017. Stories effectively acts as a means for users to operate their own broadcast station, uploading short videos or images throughout the day (and night) to let people know what they’re doing – adorning them with commentary, location tags, or amusing stickers, and driven largely by celebrity culture. Crucially the posts are temporary and disappear after 24 hours – across all platforms. Again, figures on userbase are difficult to pin down, but Instagram has certainly catapulted this social media feature into the mainstream; boasting nearly 100 million more daily active users than Snapchat in August 2017 and growing rapidly. This growth represents a potential problem for open source investigators and companies relying on social media intelligence reports – with the implication being that if more and more users move to posting on temporary platforms, there will be less information available on standard profiles. At NetWatch, rather than being worried about the rise of temporary posts, we’re excited about the prospect of leveraging these features and generating temporary intelligence reports – and that’s exactly what we’ve been doing for our existing clients through the most recent addition to our online tool suite: Temporary Intelligence Capture™. Our initial research gives us every reason to be excited as well, with the

intelligence gained from temporary posts being some of the most insightful we’ve ever encountered and users posting up to 20 times more frequently to stories than they do to their main profiles. Stories is also the area online that a claimant that’s been told to stay quiet on social media, or even delete their accounts, is mostly likely to be active; so it’s no surprise that this is where NetWatch are finding the biggest evidence of fraudulent claims. To date we’ve seen posts featuring excessive drug use, back flips off boats, extreme sports and daily gym use – all from claimant users that exhibited no sign of such activity within their normal social media profiles. Temporary Intelligence also has implications in how you use surveillance, in some cases it provides a safer less intrusive alternative. However, it also identifies a wealth of last-minute surveillance opportunities where users discuss places they are going to be or events they’re due to attend. Working closely with The Surveillance Group means that we are well placed to leverage these opportunities when they arise. Temporary Intelligence Capture™ is available for claims handlers to use via their web browser or as a managed service through NetWatch – contact us today for a demo. If you have any questions, you can contact David Purcell at dpurcell@netwatchglobal.com or enquiries@netwatchglobal.com 1

They’ve since raised at least another $2.9 billion!

It’s essential that insurers take notice of what we are referring to as temporary intelligence