The industry has a fraud problem, says ATB Ventures’ head of growth and partnerships, Azim Esmail. Bolstering this argument with facts from both the Royal Canadian Mounted Police (RCMP) and global data and business intelligence firm Statista, he says the use and adoption of digital identities is one way that the insurance industry can get ahead of the problem.
“Digital identity technology is a key way insurance operators can better manage and protect sensitive data that is commonly at the heart of cyber attacks,” he said in a statement made to the Insurance Portal.
In conversation with Esmail we further learn that British Columbia and Alberta are leaders in work on creating digital identification (digital ID). There is a Digital ID & Authentication Council of Canada which advocates for interoperability, does work on establishing frameworks and on raising awareness. And where there is a proliferation of tech firms vying for a stake in other areas of development, in the digital ID space the work is being done by a smaller handful of players who are reportedly working collaboratively to push for standards and to advance awareness.
“We need to see more involvement, so that everybody’s use cases are brought to light and we build out those standards as well as possible,” Esmail told the Insurance Portal in an interview. “The ball is rolling, it just needs more involvement and more engagement.”
The problem
According to the Canadian Anti-Fraud Centre, jointly managed by the RCMP, the Competition Bureau and the Ontario Provincial Police, the centre received cybercrime reports totalling $530-million in victim losses in 2022, a 40 per cent increase over the $380-million in losses reported in 2021. More, the centre estimates that only five to 10 per cent of victims actually report fraud.
For companies, the costs are even more staggering, with Statista reporting that the average cost of a data breach in Canada currently sits at USD $5.13-million. They add that the share of Canadian firms hit by ransomware in 2022 increased 59 per cent.
In life insurance, Esmail points out that simpler frauds can include lying on an application, fraudulently changing a beneficiary or forging signatures. “All of those are things that can be mitigated if there were digital credentials out there for both ID proofing – proving that you have a policy and proving that you are who you say.”
ATB Ventures’ interest, meanwhile, is in bringing as many people as possible into the digital economy. “We’ve been in the digital ID space for over five years,” Esmail says. “We have been building solutions in this space for a while and I think we’re very uniquely positioned as our department itself is a group of entrepreneurs and innovators with a variety of different backgrounds.”
More, he says being part of a Crown corporation – ATB Ventures is a global innovation lab that is part of ATB Financial, a financial institution and Crown corporation wholly owned by the province of Alberta – gives the group the opportunity to disrupt both the government and large enterprise space as well.
The current environment (and future trajectories)
As for standards, these are currently being matured, Esmail says. “There’s a Pan-Canadian Trust Framework, which is a fantastic representation of where the standards need to be, and it’s regularly evolving. That’s being advocated for and supported by an incredible organization by the name of DIACC – the Digital Identity Authentication Council of Canada. They’ve done an amazing job of bringing together both governments and private enterprises to collaborate on what those standards should be,” he says. “I think the standards are there, it needs more involvement across the board from governments and private enterprises.”
Two governments which have made progress on issuing digital IDs, he says, are the provinces of British Columbia and Alberta.
“The worst scenario is if we see municipal, provincial and federal governments all going in different directions, or worse, if we see different provinces going in different directions. There are some frameworks out there and there are early movers. British Columbia is a great example of a province that’s blazing the way forward,” he says. “And in a very advanced way. What I’d love to see uniformity across the federal, provincial and municipal governments so that there’s interoperability between them. I think the worst scenario that I don’t want to see, is a digital ID bill being built out in a number of ways that are not interoperable with each other.”
Adopting the use of digital ID, he adds, is very accessible, even for small organizations. (Roughly $3 per newly registered user would appear to be the starting point – an investment that Esmail says is returned five to 10 times in reduced fraud costs.) He adds that five years from now it will become a “no-brainer” to integrate the use of digital IDs in processes. Within 10 years, he says he can envision a scenario where it will be mandatory to use them.
What to do right now
Esmail’s favourite measures for leaders interested in curbing fraud costs are those which are measurable. “My favourite are the ones that are quantifiable because this is going to require buy-in across the organization. Without that, it’s going to be very challenging.”
Three details to measure include the number of fraudulent enrollments, written off fraud expenses and customer care expenses related to fraudulent behaviour.
“There are three things that I would encourage every organization to look at. One is how you verify somebody during enrollment. The big evolution there that most organizations really should be looking at right now is some form of ID proofing.” He adds that a provincially issued digital ID to verify who clients are is in fact a gold standard. “That’s where everybody should be going.”
Next, he says companies should be looking at authentication. While many organizations have moved to two-factor and multi-factor authentication, he adds that the next frontier is password-less login. “That’s going to severely decrease the amount of takeovers because for someone to get into your account, they will have to have your device and your biometrics, which becomes extremely hard.”
Finally, he says call centre authentication efforts also require attention. “We’d love to see an improvement there. We think those are really the three pillars to, at a primary level, start fortifying yourself against fraud.”
