Fraud is estimated at 10 to 15 percent of total P&C claims spend. At the lower bound, that is $100 million on a $1 billion claims book. Most of it goes undetected. Of the fraction that is detected, most is detected after payment — identified through post-payment audit, SIU investigation, or law enforcement referral. Recovering money that has already been paid costs more, takes longer, and returns less than stopping the payment in the first place. Pre-payment detection recovers the full claim value. Post-payment recovery, after investigation cost and legal expense, typically returns a fraction.

The economic case for shifting from a recovery posture to a prevention posture is straightforward. A 1 percent improvement in pre-payment detection on a $1 billion claims book is worth up to $10 million in avoided losses before any recovery cost is deducted. The same 1 percent improvement applied post-payment, after absorbing investigation and recovery overhead, is worth considerably less. The investment in pre-payment detection infrastructure is not a cost. It is the more efficient version of the fraud programme the carrier is already running.

Where detection breaks down

Rules-based fraud controls catch the patterns they were written to catch. Billing for services not rendered, known staged accident profiles in flagged locations, specific upcoding patterns — these are identifiable through rules because they have been observed and encoded. The organised fraud operation that has been operating against the carrier’s rule set for two years has read it. The patterns that generated referrals have been modified. The new operation looks different enough from the rule definition to pass through.

This is not a theoretical risk. It is the documented behaviour of sophisticated fraud operations across every market. The time lag between a fraud typology emerging and being encoded in a rules library is the window during which that typology generates undetected losses. In that window, the only detection mechanism that identifies the pattern is one that looks for statistical deviation from expected behaviour rather than a match against a known description.

Organised fraud rings create a second detection problem that rules cannot address at all. Individual claims from ring members can each appear legitimate in isolation. The connection — shared claimants, the same medical provider, the same repair facility, the same attorney, claims arising from the same geographic area in the same period — is only visible across claims, not within them. Network analysis that maps entity relationships across the claims population identifies the ring structure that individual claim review misses entirely.

The SIU capacity problem

Even with better detection, referrals only convert to recoveries if the SIU can investigate them effectively. A referral queue worked in arrival order directs investigative capacity to the most recent referrals, not the highest-value ones. A case with an expected recovery of $150,000 that arrived three weeks ago waits behind twenty cases with expected recoveries of $3,000 each that arrived this week. The total recovery from the same investigative effort is an order of magnitude lower than it would be with value-based prioritisation.

Prioritisation models that score each referral by estimated fraud probability and expected recovery value direct SIU effort to the highest-yield cases regardless of arrival order. The improvement in recovery per investigator does not require additional headcount. It requires a different sequencing of the caseload that the carrier already has.

The technology dimension

Claims fraud detection models require access to the full claims transaction history — claimant profiles, medical provider networks, repair facility patterns, attorney relationships, and prior fraud referral outcomes. For carriers running their claims infrastructure on IBM Z, deploying fraud scoring via IBM Machine Learning for z/OS keeps the inference within the claims adjudication process, with access to the full entity relationship data on the same platform. The fraud score and the network connection indicators are available to the adjudicator at the point of payment decision rather than surfaced through a separate post-payment review process.

What success looks like

The primary metrics are pre-payment to post-payment fraud detection ratio, SIU referral confirmation rate, recovery yield per investigator, and fraud loss rate as a percentage of claims spend. The most important transition metric is the shift in the pre-payment to post-payment ratio over time. A programme that is systematically moving detection earlier in the claims lifecycle is improving the fraud economics regardless of whether the aggregate fraud rate has changed. That shift is the evidence of structural improvement.