Chaim Finizola is the ClaimShare Director and the head of business development for emerging markets over at IntellectEU. In this podcast we discuss ClaimShare’s confidential computing solution built on top of R3’s Conclave and Corda Enterprise platform for the detection and prevention of “double dipping” fraud in the insurance industry which runs in the several billions of dollars each year.
What is blockchain?
Blockchain is a technology that allows different actors to collaborate with each other without having to trust each other. Having a database in the form of a distributed ledger you can have not only the data decentralised, but also the way the data is handled in a decentralised manner.
Independent of the discussion of centralised versus decentralised, Chaim reminds us what is important is to focus on the business use case and then determine the best approach.
What is confidential computing
Confidential computing allows different actors to perform private computations on specific data sets and process data without other actors being aware of each other and without them being able to see what data is being processed.
The party that is hosting this black box whether it’s a regulator or a network operator they can’t see what is being processed within the black box.
An example of such a black box is the Intel SGX chip which has enclaves where the data can be processed in a fully confidential way without revealing any data to external parties.
Insurblocks recorded a podcast with Richard Brown, CTO at R3 entitled “Confidential computing – introduction to R3’s Conclave“.
“Double Dipping” Fraud
KPMG has estimated that detected and undetected fraud make up between 5% to 10% of insurers’ total claim payouts. “Double-dipping” fraud a key contributor to fraud, costs the insurance industry several billion dollars each year, which inevitably leads to higher household insurance costs
Double dipping happens when one actor for one loss event goes to multiple insurers to request a same payout. For example, a customer whose had a car accident will go to insurers A, B and C to get a payout from each one of them. This is quite a large problem for insurers which today has been extremely hard to detect. Insurers are usually unaware of this problem as they do not have a way to detect if their customer are insured with another insurer and if a payout has been made on a claim or not.
There has been attempts by insurers to share information via a centralised database but that came up with a number of complexities from a regulatory standpoint and from a GDPR one. In addition, centralised databases run the risk of getting hacked or of leaked sensitive information.
IntellectEU are the developers of the ClaimShare solution. The firm was founded over 15 years ago as an integration company in the payment sector. They have done over 400 integrations, mainly with SWIFT, in addition to other payment rails. Since 2014 they have been working with DLT and were the first to perform a SWIFT to Ripple integration.
In the blockchain space, IntellectEU has been working first with Ripple, then with Ethereum and in 2016 they were one of the founding members of Hyperledger. Since 2017 they have been working closely with R3
Up to now they have been working with 40 capital market, insurance and telco projects for using blockchain and emerging technologies such as AI, confidential computing and quantum computing.
Chaim introduced ClaimShare is the first platform that allows the detection and prevention of double dipping fraud in the insurance industry. ClaimShare uses blockchain technology to allow the sharing of public information to match data and match claims based on colour, location and date, for example. They then use, confidential computing part to match sensitive data of the claims that can be the named user, their address and birthdate. This allows insurers to detect double dipping fraud by matching data without revealing data between themselves.
R3’s Conclave platform enables the usage of Intel’s enclave for ClaimShare’s customers to be fully GDPR compliant as no exchange or storage of sensitive or private data of the end users happens on other insurance databases. Enclaves are the hardware chip where the private computation happens, whilst Conclave is R3’s platform that allows the easy usage of this confidential computing chip.
In addition to R3’s Conclave, ClaimShare also uses R3’s Enterprise Corda platform to know the identity of the insurers with whom public data claims is shared. However due to GDPR no client private or sensitive data is stored on the ledger. It is stored off chain which is where the confidential computing part comes into play.
ClaimShare use case
ClaimShare is a platform that is very efficient to match any type of claim and can also work cross claims. For example, a customer could travel to Spain with both a cell phone insurance and a travel insurance. If the phone is stolen then the customer could try to request a payout from both their travel insurance and their phone insurance. It is very hard for the insurers to know if double dipping occurred. These are examples of the type of $5 – $10 billion of double dipping that occurs on a yearly basis.
ClaimShare isn’t limited to one type of insurance as it does this cross-insurance policy type check as well. An example of how this could work is where you have one end user that goes to insurer A to submit their claim. The insurer will use their AI and machine learning (ML) on available public data to see if there is already a case of fraud. If the insurer detects no fraud it will proceed with the payout. What ClaimShare propose is for the insurer to perform one simple API check to the ClaimShare’s Corda public ledger, to see if similar claims have been submitted based on public information. No personal identifiable information is stored on that ledger. As this is the first payout made to that user there are no challenges made.
Now lets suppose the same person goes to a second insurer to request the same payout. The second insurers will also do its own due diligence using their AI and ML techniques and will most likely conclude that the payout can happen. However as the API will be triggered to ClaimShare’s public ledger it will detect a similar or a suspicious claim was done based on public information such as colour of the car, type of accident and date of accident.
If a match has been identified between two similar claims, this is when the confidential computing part is engaged. At this point the two insurers can access the private information regarding the user that they have such as full name, address and birthday. That private information is encrypted and is sent to the Conclave black box where it is decrypted and compared. No one can see what happens in the black box as it is done by machines. Once the comparison is complete an encrypted answer is sent back to the insurers. If the information was proven to be the same then a confirmed fraud message will be sent. If the information was not the same then a confirmation message is sent instructing for the payout to happen.
Confidential computing vs zero knowledge proof
Zero knowledge proof (ZKP) is effectively a technique which uses cryptographic algorithms so that various parties can verify the veracity of an item of information without sharing the data that compose it.
Chaim was asked how does confidential computing compare to ZKP. Chaim believes that from a scalability perspective enclaves are much more widely adopted and more scalable compared to ZKP techniques. Enclaves are hardware chips whilst ZKP is software. Hardware it usually easier to fix than software when problems arise, and the chips are easier to maintain.
Additionally Chain points out that the development experience required to use ZKP is much higher than with using R3’s Conclave where in a matter of two weeks you can set up a Conclave component and start matching private data.
This episode is brought to you by our friends and sponsors at R3.
Privacy-enhancing techniques like Confidential Computing allow different parties to gain reliable insight from data without revealing the actual data to anyone, eliminating concerns around data privacy, lack of control over how data will be used, and – most importantly – fear of it getting into the wrong hands.
Conclave is a new privacy-enhancing platform from R3 that enables the development of solutions that deliver insight from shared data across multiple parties—without the underlying data ever being seen.
Discover how Conclave is powering applications – like Intellect EU’s ClaimShare – that mitigate fraud and deliver trusted collaboration in the insurance industry and beyond by visiting www.conclave.net.