Partnering with an Active Insurance Broker

In today’s episode of Risky Business Paul Martin and Colin Rooke are joined in studio by Ryan Warner, to discuss fraudulent benefits plan claims in the workplace.


Listen to the full episode here, or read the full transcript below

Paul Martin: Welcome to Risky Business, commercial insurance with Butler Byers. Paul Martin here, the business commentator on CKOM. And joining me in studio as always, Colin Rooke, Saskatchewan’s expert on all matters related to commercial insurance, but the risk reduction manager at Butler Byers commercial insurance as well. And Colin, the last, I guess few shows we’ve been talking about this whole notion of well, security, of fraud, whether it’s cyber or whatever. It’s been coming up a lot and there are just a whole lot of new tricks that the fraudsters are using. And maybe we could just kind of walk through some of the more current things that we’re seeing, the new stuff that people should be alerted to. And this is employers and employees. What should we be watching for? What are you guys hearing about? What’s the insurance industry watching? What are they on alert for?

Colin Rooke: Yeah, so the biggest new thing, and it’s not new, but it’s certainly happening a lot more often. So it’s been around for a while, but business owners, the general public, it wouldn’t be front and center. And now it certainly is, is credential stuffing, credential loading. There’s a bunch of different terms, but essentially it’s a trick to get you to give your username and password and then it relies on the fact that people are inherently lazy. In the world today we’ve got hundreds and hundreds of passwords it seems, login information. And so it says, “Okay, well I bet if they use this username and password on this site, there are other sites they’ve used the same username and password.” 

And you might say, “Ah hah, I’ve got two or three.” Well yeah, so they’ll create multiple sites and they’re hoping that you’ll go through the rotation. And then what they do is they take that username and password and run it across thousands of known popular sites and see if they get any hits, any login. And statistically you do this, anyone listening, statistically we’re all guilty of this. And so therefore now, they take something really low value, like a children’s app. You think, “I’m just going to quickly make a username so my kid can do this puzzle.” Well it’s not really a puzzle, it’s a scam. There is a puzzle at the end, your kid can actually use the app, but the whole purpose was to get your username and password.

And then again, they run it across all these known sites. And then low and behold, you’ve now have identity theft, you’ve got credit card theft, et cetera, et cetera. So, it’s growing rapidly. It’s happening all the time. 

Paul Martin: So it’s called credential stuffing or I think you had another one, credential-

Colin Rooke: Loading-

Paul Martin: Loading yeah.

Colin Rooke: … loading, stuffing. Yeah. But basically they-

Paul Martin: But it’s posing as they’re trying to get you to sort of give up your stuff. And I guess in a way that’s not too far off what happened to the city of Saskatoon? Someone posed to somebody and …

Colin Rooke: Yeah, so I mean it’s all in the-

Paul Martin: It’s a variant.

Colin Rooke: Yeah, it’s all in the realm of social engineering. So, the easiest way to trick someone is to trick the other person into believing that they’re dealing with that person. And so, rather than send … The old way is you send a weird email that’s not worded quite right with a zip file as an attachment. And I think most people are cautious about opening zip files where it’s not quite the way the email should be worded. And so you’d delete all those. But again, social engineering means your system gets breached and they monitor it. They might monitor it for months. They’re learning your patterns. If they’re going to trick you, they need to act like you. So the case of this city, I’ll say allegedly, but if you look at it, okay there’s the City of Saskatoon and the contractor they’re dealing with. If this was in fact social engineering, the contractor, the email there would be mimicked by the fraudster, the hacker, the cyber criminal to the point where the City of Saskatoon would not be able to recognize the difference.

And in fact, there was probably test conversations back and forth between the hacker, the cyber criminal that the city wasn’t aware of, because if they’re going to get to the point where they’re going to ask for a fund transfer, they’ve got to make sure it works. So it’s kind of low value conversation and they realize, yeah, you’re going back and forth as normal and then they say, “Okay, so we’re doing an adequate job of convincing the other person that we are the person we’re mimicking at this point.” And then they get into the, “Hey, about that progress payment. We’d like you to deposit it to this account on such and such day.” You’ve been back and forth and they’ve done a great job of deception.

Paul Martin: Just to reiterate, I think we talked about this in a previous program, but I just want to sort of comment on it in light of the City of Saskatoon. I mean, they stepped out very quickly and sort of fessed up and said, “Hey, you guys, everybody else be careful about this and be aware.” Because I think you said in the same relative, same period of time, there were literally dozens of communities across North America that were in the same boat.

The state of Louisiana declared a state of emergency due to ransomware. Rampant ransomware that they could not control.

Colin Rooke: Yeah. I just wanted to stress that the City of Saskatoon, it’s not out of the ordinary, they’re not an anomaly. We don’t have the worst cybersecurity city in Canada, nothing like that. So, in the state of Texas alone, that same week, there was 23 cities and towns that all had breaches. And then at the same, again same week, the state of Louisiana declared a state of emergency due to ransomware. Rampant ransomware that they could not control.

So, the City of Saskatoon is not an anomaly and we talk about this all the time. On every breach there’s human error involved, and that’s what I guess needs to be understood that it’s not an IT issue. It’s a human issue. It’s a, we all want to be helpful. We all want to get our job done at work and we’re asked to do something by either our superior or someone where we regularly … We have regular transactions with, we’re going to do it. Especially if that’s our role. And so, maybe we’re not monitoring as effectively as we could, but it doesn’t mean again, we’re not being thorough, we’re not being careful, but it just shows how good the cyber criminals are getting.

Paul Martin: All right. So we’ve talked about those, we’ve kind of covered them in a couple of shows now. What other new things is popping up in that fraud realm? Because it seems these guys are pretty fresh. I mean, we’re a long ways from the Nigerian letter, aren’t we? I mean they’re always, they reinvent themselves faster than just about anybody.

Colin Rooke: Yeah. So I mean again, on this whole vein of talking about fraud, we thought we’d bring Ryan Warner back, our benefits expert and talk about, on the benefits space, what’s going on there. And so he’s going to join us and talk about, again, benefits fraud and it’s growing rapidly in Canada. And there’s lots of different ways that you as a business owner can be taken advantage of, again by fraudsters or fraudulent claims. So we’re going to bring Ryan Warner on and he’s going to get into more detail and we’re going to move away from cyber a little bit. And again, talk about, okay. I mean, it’s happening everywhere, including on your benefits plan.

Paul Martin: Yeah. And that’s an area you wouldn’t think would be particularly susceptible. But these fraudsters, these criminals are very, very creative. They’re adept at figuring things out and creating scams that look well. You just, we really have to be on the lookout for him all the time.

Colin Rooke: I mean, it’s big business. Cyber crime alone is 3 trillion a year. So, I mean there’s an incentive to get into that line of work.

Cyber crime alone is 3 trillion a year business.

Paul Martin: Yeah, I was just rapidly going through my head. How does that compare to the size of the Canadian economy or the Saskatoon economy? That’s monstrous. It’s just enormous.

Colin Rooke: Yeah, exactly. Yeah.

Paul Martin: All right, well we’ll take a little break and we’ll get Ryan in here and we’re going to talk about this whole new area to be concerned about, called benefits fraud. You’ve been listening to Colin Rooke. He’ll come back before the end of the program and we’re going to take a little break. We’ll be back right after this. 

Paul Martin: Welcome back to Risky Business, commercial insurance with Butler Byers. Paul Martin here, and as we promised before the break, we brought in Ryan Warner, who is a benefits expert and does a lot of work with Butler Byers on this front. And normally we’re here, Ryan talking about how you construct a benefits program, why you do it. Today we’re going to talk about something fundamentally different, which is how people are actually abusing them and they become con artists. So figured out how to defraud a benefits plan. Walk me through how they pulled this trick off. 

Ryan Warner: Yeah, it’s not as complicated as you might think. I think unfortunately at the employee level, some people think they can get away with it and also maybe don’t realize the impact it has on their employer. They generally think that these types of fraudulent activity are likely to go unnoticed and are likely directed at the insurance company alone. But the nature of the beast is if you submit a fraudulent claim, it’s one, fraud and two, it’s going to have an impact on that claims experience that shows up at that next renewal. And it’s not the insurance company that’s on the hook for that claim. It’s ultimately your employer.

Paul Martin: So there’s a couple of levels of malfeasance here, if I can use that word. You’ve got the one where the employee, who is actually a legitimate member of the benefits plan abusing the plan, but then they do it in kind of concert with the fraud artist who has set up the front that makes this possible. Can you give me an example so that we can understand sort of how this might actually be perpetrated?

Ryan Warner: Yes. Scary reality is there’s some folks out there that have found some pretty creative ways of making themselves look about as legit as you might think they could be. Something like a false storefront, a massage, an RMT, a legitimate number that isn’t actually a business. It’s just that, a storefront with no actual business inside of it and their pure purpose is to print receipts and sell those receipts to an employee to submit through their benefit plan.

Paul Martin: So you go in a door and the way you go from there? What do I encounter if I’m the employee who’s trying to build the system? 

Ryan Warner: Yeah. I think this is obviously it’s a pretty extreme example. This isn’t something you’re going to find everywhere, but it’s happened. It’s out there and that’s just it. If you’d walk in and by all intensive purposes it looks like you’re dealing with a proper, legitimate business and you are then offered to buy a receipt and you give a $20 bill for a fake receipt and then you submit that receipt to your insurance company for maybe it’s $90 or something like that. So you’re giving 20 in order to get 70 in return. These types of things have happened unfortunately.

Paul Martin: Is this something you’re seeing, is this right across Canada? Is it more prevalent in the big city than the small? I mean …

All the insurance companies have what they call their blacklist, which are providers, service providers that they have found to have been engaging in fraudulent activity and they actually won’t accept receipts from those particular providers anymore.

Ryan Warner: Yeah, honestly it’s obvious that it’s going to be more prevalent in the big centers, certainly in Ontario, that’s been something that the insurance companies are regularly investigating. All the insurance companies have what they call their blacklist, which are providers, service providers that they have found to have been engaging in fraudulent activity and they actually won’t accept receipts from those particular providers anymore. So it’s something that I would say all insurance companies are engaging with some just to a much deeper degree than others.

Paul Martin: So I assume that police get involved in this and the legal system. I mean, how are they able to actually deal with this? Because theoretically I walk in and there’s a receptionist there. I give the receptionist 20 bucks. I get a piece of paper back, receptionists really hasn’t done all that much wrong other than maybe mismatched the numbers or something. The fraud occurs when I as the employee submit it, right?

Ryan Warner: That’s right. I mean, there’s definitely-

Paul Martin: So the store front’s hard to get rid of?

Ryan Warner: I would say it is. It’s hard, because the insurance companies have to find out, acknowledges and then blacklist them. For an employee you are absolutely, you’re engaging in a fraudulent act by taking that receipt in and profiting from it. That’s not what the idea is of insurance. It’s there for a service and not to help you make more money.

That’s not what the idea is of insurance. It’s there for a service and not to help you make more money.

Paul Martin: But I assume as you pointed out, that a lot of employees think that they’re maybe getting away with something from the insurance company, but ultimately this all comes home to roost with their own company, with their own employer.

Colin Rooke: Yeah, that’s just it. I think employees inherently mean well and maybe think they’re getting away with a very small action and it’s not something that’s a huge ordeal, but fraud is still fraud and whether it’s $50 or $5 million, you’re still committing an inappropriate act.

So, if a service provider ever offers to give you a higher amount on a receipt than what you’re paying for and there’s some kind of benefit to you as an individual to benefit financially, that’s likely not appropriate. And as a result, could be fraud if you submit that receipt.

Paul Martin: And how does this hurt the employer if we can do that? So the employee, we’ve got that relationship, it’s illegal. And so you’re putting yourself at risk of a criminal record or whatever. What’s it mean to the employer in all of this? Well, when you look at a plan and at the end of the year, there’s no real magic to how premium is determined.

Ryan Warner: It’s simply a factor of how much are employees claiming throughout a period, usually a calendar year or a plan year. And that premium directly reflects that number. So if claims go up, the premium goes up at that renewal time. It’s pretty rare that they don’t directly tie to each other. So that’s the nature of the beast. If a lot of fraudulent claims get submitted to a plan, that increases claims, which will have an impact on that premium.

Paul Martin: So an employer has a stake in this too. You can’t blindly go along to sort of not paying attention to it. But I mean, obviously this is becoming a bigger issue. Somebody cottoned onto it, somebody caught on. So the only idea how that happen, I mean who was being vigilant to catch this in the process?

Ryan Warner: Well, as I said, some of the insurance companies in Canada in particular have taken a very active role in this issue. And they will be regularly auditing receipts. So they’ll randomly ask you to submit a picture of a receipt and they might randomly call that service provider and do a little bit of homework. In some cases where they suspect there’s fraudulent activities going on they will pose as a potential client to these service providers and physically go in. 

They have investigative teams that are out there to protect their reputation as much as protecting the plan. So it’s happening out there. And I would say, like I said, “Some insurance companies are playing a bigger role than others.” So I think as an employer it’s important to understand which insurance company you’re with.

Paul Martin: One of the audiences that we talked to on this program here is business owners and those who manage businesses and to say, “These are things you need to understand in order to reduce the risk that you face within your business. So what advice do you give to employers and business owners? And when you’re having this conversation, they come to you and they say, “Man, I just got kind of caught in this thing. And I had no idea what’s going on.” I mean, what advice do you give them? What should I as an employer be looking out for and what questions should I be asking when I’m talking to my insurance broker?

Colin Rooke: Well that’s the first piece is aligning with the appropriate broker or consultant that is playing an active role in reviewing your data. They should be looking at least quarterly to get a sense of what’s going on inside that plan. And that gives them an opportunity to catch red flags. If there’s heightened claims at any particular period in the year it might come to the surface and at least spark some attention.

So working with a broker that’s going to provide that service is really important. And then again, aligning yourself with an insurance company that is playing the active role, not just providing a service and being paper pushers. We want them to be able to dig in, because they’re the ones really on the front line. They’re going to see it first and they’ll be the ones that are able to blacklist providers. 

Paul Martin: Well as always, I learned things on this program. I got to tell you, thank you very much for this. And to say, I probably would have had more of a crash course in issues of cybersecurity fraud and all that business in the last few months. It’s simply because it’s becoming more and more prevalent. It’s something employers need to be keeping their eye out for. So Ryan, thank you for joining us and Colin again, as always, thank you for stopping in and we’ve run through our time. I’m always amazed at how quickly it goes. So again, gentlemen, thank you very much and thanks to you for listening to us. You’ve been listening to Risky Business, commercial insurance with Butler Byers. We’ll see you again next time.