Recently, a notable data breach occurred at Star Health Insurance, where customer data was exposed. A hacker named “xenZen” offered this data for sale on Telegram, pricing it at $150,000 for the entire dataset or $10,000 for smaller segments, putting policyholders’ data at risk.
Key Measures for Fraud Prevention
Adoption of Anti-Fraud Policy: Insurance companies must adopt an anti-fraud policy approved by their boards.
Formation of Independent FMUs (Fraud Monitoring Units): These units will be responsible for monitoring and addressing potential fraud cases.
Enhanced Cybersecurity: Companies must reinforce their cybersecurity infrastructure to protect sensitive data.
Regular Awareness Programs: Insurance companies are required to run regular programs to raise awareness about fraud among customers and employees.
According to IRDAI, cyber fraud can lead to severe issues, including identity theft, financial losses, and reputational damage. Cybercriminals often target sensitive information such as KYC data, financial records, and medical records, which can be misused for illegal purposes.
Insurance companies will be required to establish FMUs dedicated to monitoring, investigating, and cooperating with law enforcement agencies on fraud cases. These FMUs will work in collaboration with a fraud monitoring committee and provide quarterly reports to a risk management committee.
In response, IRDAI has urged insurance companies to adopt a “Zero Tolerance” policy toward fraud and to strengthen internal controls and audit processes.
IRDAI has also suggested that insurance companies conduct regular awareness programs for employees, agents, and policyholders to promote vigilance and transparency in the insurance industry, thereby reducing the risk of fraud.
Through these new guidelines, IRDAI aims to help insurance companies enhance their security and awareness measures to better protect against online fraud.