"Or if the home address is a P.O. box, flag it; or put 30 or 40 scenarios into a scoring module and set a threshold by account, jurisdiction, line of business, and let the application automate the scoring of the claim," he added.

"At the end of the phone call, I will have a score," he noted. "It happens automatically up front. If you set a fraud threshold at a score of 50 and you get 60, it will be routed to the SIU."

If a claim submitted via the Web is a fast-track claim and flags are raised, that may automatically jog a company to make the phone call to the applicant, Mr. Powers noted.

"If a claim is lighting up criteria that would lead to SIU attention, you may want to ask additional questions to further qualify referral to the SIU and to provide a potential warning to the applicant that if this is a suspicious claim, it may be cut off," he added.

Predictive modeling adds capabilities to the benefits of rules-based engines, he noted.

"Modeling technology looks at more data sources and outside trends, as well as relationships and patterns among different data marts," he said. "It's like a giant funnel [through] which you pour variables into a system to take a closer look at the data, then statistically analyze it with algorithms that are not usually part of rules engine."

The "rub," he added, is that "you need to be constantly tuning the data set, which needs to be updated by experts," noting that typically there is a quarterly evaluation of SIUs that looks at "recovery dollars per referral" as well as rate of success.

Modeling based on historical claims is often effective, but it is not good at predicting future trends and can't adapt to real-time changes in fraudster tactics, according to Scott Fitzgerald, director of global business development for Austin, Texas-based Infoglide Software, which markets identity detection technology.

"Claims scoring has the same problem," he noted. "The rules are based on SIU experience and what they have seen. Claims analysts and SIUs have to be on top of what is happening in fraud, and they have to inform IT [information technology] in order to update those technologies."

While these technologies have nonetheless "worked fairly well," Mr. Fitzgerald pointed out that "as we have moved into the more rapid world of the Internet, there is less and less time to create models and react to what is happening." Insurers, he said, are "looking for ways to make better decisions, faster."

The key, said Mr. Fitzgerald, is that "insurers need to get more information on who they are dealing with. We know less about customers than we once did." That situation, combined with the convergence of companies and the buildup of data across silos and applications in large insurance companies, has served to make information gathering a more difficult task, he noted.

"You have to warehouse all that data in one place for analysis, and that is a huge undertaking," he stated. "There is a lot of information insurers have in their databases that they don't even know they have."

As a result, he added, a company may take in customer information in one line of business without knowing about pre-existing information on the same customer in another repository.

"Insurers need to look across all their data silos and find out all they know about this person," said Mr. Fitzgerald, adding that this is particularly important to screen for what he called "manipulations" of data with fraudulent intent.

"For example, today I am William Bradford and I live at 123 Main Street. Tomorrow, I am Bill Bradley at 123A Main Road. It's easy for a person who is trying to game the system to get three or four policies and file multiple claims for the same incident," he noted.

If caught, such criminals could simply say that the company heard them wrong when taking down the information, he said, adding that "we must be able to identify manipulations--we have seen quite a bit of that."

In addition, changing one's name or address slightly may cause a red flag on a claim to "stop popping up," thus allowing a potentially fraudulent claim to proceed. "Companies are not able to look back and see that the person has applied four times. Technology has to be able to detect those things," he stated.

Mr. Fitzgerald said such problems have given rise to the development of "identity resolution"--technology that helps companies identify "who's who and who knows whom."

Identity resolution, he added, "is being able to detect those manipulations and bring together all instances of this person across data silos in the enterprise. You at least have to be able to flag the information and present it to a human who can make a judgment."

Insurers, he said, "don't really understand that this stuff is going on. They're still caught up in the identity theft problem. You have to establish someone's identity, but how much leeway are you giving to variations of that identity? The variations could be legitimate, but the software should be able to understand that."

According to Mr. Fitzgerald, "there is technology out there that can do identity resolution. It's just a matter of education and application by insurance companies."

Another important point, he said, is that it is unreasonable to require insurers to extract and transform a lot of data, because they may lose forensic evidence in the process.

"You need to be able to leave everything in place but provide a service within your IT environment that can look across databases and identify possible manipulations," he explained.

Computer Sciences Corp. recently rolled out an antifraud product that combines three "engines"--predictive modeling, ID searching and business rules--according to Lewis Rogers, director of product development, based in Blythewood, S.C.

As claims come through CSC's "Fraud Evaluator," they are converted into ACORD XML and run against a predictive modeling application that includes data on previous claims found to be fraudulent, he explained.

The identity searching engine then compares the information against multiple data sources, including Post Office boxes and watch lists from other sources such as police organizations.

Next, the business rules engine, which is customized by the user, comes into play. "We work with customers to get the rules set up within the system," he said. "We build the rules and attach scores to that. We're not relying on just one technology to identify fraud, because people that commit fraud may know what to avoid or how to hide their identity or know what your rules are."

Each engine enters a score, which is measured against a threshold that the company sets. If that threshold is exceeded, there would be an automatic referral of that claim to SIUs. Supervisors in the SIU can triage input using the scores and can drill down on information, explained Mr. Rogers.

"Any time something on the claim changes, it will be rescored. I have seen a claim rescored 78 times, then on the 79th time, it flagged a problem," he recalled. "If you're talking about a [criminal] ring being involved, someone could branch off and do something they're not supposed to, or use a vendor they're not supposed to. Or maybe a vendor gets added to the watch list later. That will pop up."

When it comes to measuring the effectiveness of antifraud technology, Mr. Powers pointed out, people and processes are often important.

"Simply adopting these technologies and being public about their deployment will deter some [fraudsters]," he said. "Other carriers will not [publicize their use of the technology], because they are afraid of being accused of being too aggressive in identifying fraudulent scenarios.

"All of them will say they are ensuring a uniform and consistent objective fraud screening process," he continued, "but there are always exception cases that rely on the experience of the adjuster."

Mr. Powers added that many companies "are using no fraud technology whatsoever," instead relying on the intuition and instincts of their claims handlers.

Mr. Rogers said he foresees a day when voice-stress analyzers may play a role in fraud systems, "if you can find a way to score it to determine that they are not the person, or that they are lying."

Overall, he noted, "companies just need to be more diligent in entering valid data and keeping it clean. Don't skip data entry--it could be a key. You can't score missing data. Better access to databases out there is also a key."

According to Mr. Powers, "one huge opportunity is in event-driven systems," in which the claim handler is alerted in real time to any new data set or piece of information that could help drive a decision on the claim.

"That's where the technology is trying to get to--real-time event notification," he said.