Case Study

insurer prevents losses from fake quotes

The Customer: Top P&C Insurer

A Top 10 Insurance Company (“Insurer”) with over $10 Billion in revenue, focused on automotive and life insurance as well as financial services such as banking and mutual funds.

The Challenge: Detecting Dummy Quotes

The Insurer noticed higher than anticipated traffic on its quote generation application and was concerned that the unexpected volume was caused by a surge of automated traffic creating fake insurance quotes.

Besides slowing down the insurer’s website, fake quotes created a financial burden. Insurance agents follow up with a lead once a quote is generated using the application. When quotes were created via automated requests, the agents would attempt to follow-up with these “ghost leads” in vain. The Insurer calculated that each bogus quote cost $300 per follow-up due to a loss of agent productivity.

The Insurer believed there were two parties responsible for these ghost quotes.

Aggregators

Within the insurance industry, there are many tools available by insurance providers and third parties that allow prospective insurance purchasers to compare quotes across various providers from a single location. These aggregating tools rely on automation to visit each insurance company’s quote generation application and then send back the real-time quote provided. The Insurer believed that the volume of automated traffic on their quote generation app was exceeding their expected thresholds and thus affecting the accuracy and quality of their data.

Competitors

The Insurer suspected that some quotes were coming from competitors looking to determine their actuarial formulas. With enough quotes generated, a competitor could, in theory, reverse-engineer the algorithm generating each resulting quote based on the variable inputs. This intellectual property theft would put the Insurer at risk of losing their competitive advantage in the market as their rivals would be able to easily underprice the Insurer and steal away potential customers.

Beyond the dummy quotes, the Insurer had concerns that they were a potential target for account takeover attacks on their banking login endpoint.

The Decision

The Insurer first attempted to identify and remedy the problem by relying on existing cloud-based Web Application Firewall services. When these tools failed to stop the attack, the Insurer decided to evaluate Shape’s Enterprise Defense to see if it could expose and stop the attacks against the quote generation tool.

Observation Mode Insights

Within the first 24 hours of deployment, Shape observed that nearly half (48%) of all requests made to the quote generation application were automated. Detailed analysis showed the presence of three possible malicious automation campaigns. The Shape Intelligence report also showed trends within the campaigns including workflows within the sitemap.

The Insurer, quickly able to see the level of detail and insight provided for the quote generation application, decided to move forward with also protecting their banking login endpoint by placing it behind the Shape service.

After collecting two weeks of data collection in observation mode, the Shape Intelligence Report identified:

  1. Identification of malicious vs. benign human and automated traffic
  2. Traffic volume and POSTs for each endpoint
  3. Seven distinct unauthorized aggregator or scraper attacks with information including which unique accounts the aggregator attempted to login to and associated success rate.

The snapshot details a single scraper’s activity on the quote generator endpoint spanning the two week period. Over 65K automated requests from 188 IP addresses were made in this campaign ranging across the application’s site map. The Insurer, now able to flag and block these requests, was able to ensure agents would no longer waste efforts following up with quotes generated by automation. The Insurer was able to prevent spending over $1 million in dummy quote follow-up by identifying that these 4,000 completed quote requests were generated by an automated tool.

The login endpoint was also continuously examined over the two week period by several aggregators. These campaigns totaled a probe of over 10,000 unique accounts with login success ranging from 85-98%. Upon discovery of the nearly 26,000 requests made by aggregators, the Insurer’s security team was surprised, stating, “Wait, we don’t allow aggregators, do we?” With Shape inline, the Insurer could now see and understand the full extent of the problem it faced.

The Decision

Mitigation Mode Results

Impressed by the level of granularity Shape was able to deliver on the automated attacks, the Insurer was confident the Shape service would not negatively impact legitimate users. Therefore, the Insurer was comfortable moving into Mitigation mode on their quote generation application and banking login form. With Shape Enterprise Defense in line, the Insurer was able to protect its intellectual property, reduce costs incurred from bogus leads, and remove unwanted aggregators from interacting with their applications.

Summary

Shape’s campaign analysis and sophisticated technology pleased the Insurer so greatly that they have expanded the scope of the initial deployment of the product from two applications to multiple properties across the Insurer’s online presence. The results were so compelling, in fact, that the Insurer encouraged Shape to meet with peer insurance companies in hopes of eliminating automation threats from the industry as a whole.

Download (PDF)

The Value to the Insurer

  • Protected intellectual property.
  • Reduced number of bogus quotes, protecting revenue.
  • Reclaimed infrastructure resources from load caused by bots.

Stay Informed

Get all the latest news about Shape Security directly sent to your inbox.

Register Now