IRDAI tightens fraud rules post hacking incidents, IT Security News, ET CISO
The Insurance Regulatory and Development Authority of India (IRDAI) has proposed stricter guidelines in an effort to stem online fraud after recent high-profile cases at insurers like Star Health Insurance Company.
The Insurance Fraud Monitoring Framework Guidelines, 2024 requires insurers to adopt strict measures, including board-approved anti-fraud policies, independent Fraud Monitoring Units (FMUs), enhanced cybersecurity defences, and regular fraud awareness programmes.
“Cyber fraud can have far-reaching consequences, including identity impersonation, financial frauds, reputational damage etc,” IRDAI said in the draft guidelines. “Personal information such as KYC details, financial details, and medical records are highly coveted by cybercriminals, who exploit vulnerabilities in security defences to gain unauthorised access to these sensitive data available with insurers or distribution channels.”
The initiatives by IRDAI follow a breach linked to Star Health Insurance’s chief information security officer after a hacker going by the alias “xenZen” claimed that the company executive had sold the data, and later tried to renegotiate for more money in exchange for continued backdoor access. The hacker has now posted the data for sale at $150,000, or in smaller chunks for $10,000 each, threatening widespread exposure of policyholder data.
The regulator has asked insurers to implement a board-approved anti-fraud policy aimed at ensuring zero tolerance for fraud, outline steps for fraud detection, internal controls, and investigative processes.
IRDAI has also asked insurers to set up fraud monitoring units (FMUs) to oversee all fraud-related activities, including monitoring, investigation, and collaboration with law enforcement. The FMUs will work alongside the Fraud Monitoring Committee (FMC), which will report every quarter to the risk management committee on all fraud cases.
The regulator has asked insurers to raise their defences against digital fraud, with robust cybersecurity frameworks that protect sensitive data and detect fraud risks from digital channels. Insurers must ensure regular audits and use advanced technologies to identify suspicious activities.
IRDAI also asked insurers to conduct regular fraud awareness programmes for employees, agents, and policyholders. The goal is to foster a culture of vigilance and transparency within the insurance industry to mitigate potential fraud risks.