How to Detect Fraud in Mobile Health Assessments
How anti-spoofing, liveness detection, and consistency checks keep self-administered mobile underwriting health assessments trustworthy enough for risk decisions.
When a carrier removes the nurse from the underwriting process, it also removes a quiet fraud control that the industry relied on for decades. A paramedical examiner did more than draw blood. They confirmed that the person being measured was the person on the application, that the readings came from a live body, and that nobody had swapped a healthier proxy into the chair. Mobile underwriting health assessment fraud is the risk that surfaces when that human checkpoint disappears and an applicant scans themselves from a phone with no one watching. The question for product and risk leaders is not whether self-administered scans can be gamed. It is whether the integrity controls built into the capture pipeline can detect the gaming reliably enough to support a binding risk decision.
Life insurance fraud accounts for an estimated $75 billion in annual losses, and applicant misrepresentation ranks among the fastest-growing categories, according to the MIB/RGA 2024 US Life Insurance Fraud Survey.
The stakes are not abstract. Insurance fraud across all lines costs the US industry roughly $308.6 billion per year, and life insurers absorb a disproportionate share through misrepresentation that only surfaces during the contestability period. The shift to remote screening does not create this exposure, but it does change where the controls have to live. Instead of a trained examiner, the defense is now a layered software stack that has to answer three separate questions on every scan.
What mobile underwriting health assessment fraud actually looks like
Most discussion of remote screening integrity collapses into a single fear: someone faking a result. In practice, mobile underwriting health assessment fraud breaks into distinct attack types, and each one requires a different countermeasure. Treating them as one problem is the most common mistake carriers make when they evaluate a vendor.
The three core questions a self-administered scan must answer are:
- Is this a real, living human in front of the camera, or a photo, video, mask, or synthetic rendering? This is liveness detection and presentation attack detection.
- Is this human the actual applicant named on the policy, or a healthier stand-in? This is applicant identity verification.
- Are the captured signals internally consistent and physiologically plausible, or have they been manipulated, replayed, or stitched together? This is consistency and signal integrity.
A scan can pass one check and fail another. A genuine live person who is not the applicant defeats identity verification while passing liveness. A real applicant who films themselves under ideal conditions to mask a symptom is a misrepresentation problem that no liveness model will catch. Defending the pipeline means scoring all three independently.
| Attack type | What the fraudster does | Primary control | Residual risk if absent |
|---|---|---|---|
| Presentation attack | Holds up a photo, screen replay, or 3D mask | Liveness detection / PAD | Healthy proxy footage passes as applicant |
| Proxy substitution | A fitter person scans in the applicant's place | Applicant identity verification | Mortality risk understated, premiums underpriced |
| Signal injection | Feeds synthetic video into the camera feed | Device and capture integrity checks | Fabricated vitals enter the underwriting engine |
| Replay / reuse | Resubmits a prior healthy scan | Session binding and timestamping | Stale or borrowed data drives the decision |
| Coached misrepresentation | Real applicant manipulates conditions or context | Consistency and plausibility scoring | Material nondisclosure during contestability |
The table makes the design principle clear. No single technology covers the full attack surface. Integrity comes from overlapping controls where the gaps in one are covered by another.
Industry applications of integrity controls
Liveness detection and anti-spoofing
Liveness detection is the front line. Modern presentation attack detection analyzes micro-movements, skin texture, reflectance, depth cues, and involuntary signals the human body produces but a printed photo or screen replay does not. For face-based capture, remote photoplethysmography is particularly useful because the same optical signal used to estimate physiology also serves as a liveness proof. A flat image has no pulsatile blood flow signature, so a passive rPPG check doubles as an anti-spoofing layer.
The sophistication of attacks is rising in parallel. Researchers reporting at IJCB 2024 documented how presentation attacks generalize poorly across regions and attack types, meaning a model trained on one population can miss novel spoofs. Industry testing has found that naive facial recognition systems can be defeated by presentation attacks at rates around 70 percent without dedicated PAD, which is why liveness has to be a deliberate, separately tuned layer rather than an assumed property of face capture. The face liveness detection market is projected to pass $250 million by 2027, a signal of how seriously identity-dependent industries now treat the problem.
Applicant identity verification
Liveness proves a live human. Identity verification proves it is the right human. In an underwriting flow, this typically binds the scan session to a verified government document and a biometric match between the document portrait and the live capture. The control matters most against proxy substitution, where a healthier relative or paid stand-in completes the scan. Because proxy fraud directly distorts mortality assumptions, it is the attack with the largest per-case cost, and it is invisible to any physiological model. Only the link between captured face and verified identity closes it.
Consistency and plausibility scoring
The third layer treats the scan data itself as evidence. Captured vitals should be internally consistent, physiologically plausible, and consistent with the device metadata, timestamp, and session context. Sudden discontinuities, signals that match a previously submitted session, or readings that fall outside biologically credible ranges all raise the integrity score. This layer also catches signal injection, where a fraudster bypasses the camera and feeds prepared video into the application. Hardware attestation and capture-path validation make injected feeds detectable even when the synthetic content looks convincing to a human reviewer.
Current research and evidence
The empirical picture supports a layered approach. The MIB/RGA 2024 US Life Insurance Fraud Survey identified applicant misrepresentation, financial elder abuse, and improper data use as the fraud categories trending upward, with medical misrepresentation rated the most costly to combat. Munich Re's life insurer survey reached a similar conclusion, naming misrepresentation as a persistent and growing concern as more decisions move to accelerated paths.
Accelerated underwriting data shows why integrity controls cannot be optional. Tobacco misrepresentation in accelerated underwriting programs averaged over 40 percent of all tobacco users in 2023, and roughly 22 percent of accelerated underwriting cases were flagged for discrepancies that suggest potential misrepresentation. These figures predate the wider rollout of self-administered scans, which means the baseline rate of applicants willing to shade the truth is already high before anonymity is added to the equation.
The attacker side is also evolving. LexisNexis Risk Solutions and other 2024 industry analyses reported a 19 percent year-over-year increase in insurance fraud, with synthetic media and deepfake-driven attacks contributing to the rise. Consumer research on remote identity verification found that more than half of consumers are now concerned about deepfakes when verifying themselves online. For underwriting, the lesson is that a control validated against last year's spoofing techniques cannot be assumed safe against this year's. Integrity is a moving target that requires ongoing model retraining and adversarial testing rather than a one-time certification.
The future of mobile underwriting integrity
Three shifts are reshaping how carriers will defend self-administered scans over the next several years. First, integrity scoring will become continuous rather than binary. Instead of a pass or fail flag, scans will carry a confidence score that routes high-risk submissions to manual review or a verified retake while clean ones proceed to instant decision. Second, device-level attestation will move upstream, with capture integrity verified at the hardware and operating-system layer before any physiological signal is even extracted. Third, regulators and reinsurers will increasingly expect auditable integrity trails, meaning carriers will need to demonstrate not just that a control exists but that it produced a defensible record for each bound policy.
The carriers that succeed will treat fraud detection as a product requirement rather than a compliance afterthought. The economics favor it. A single undetected proxy substitution on a large face-amount policy can erase the savings from hundreds of legitimately accelerated cases, which is why integrity, not speed alone, is the metric that ultimately protects the book.
Frequently asked questions
Can a self-administered phone scan really be trusted for underwriting decisions?
It can, when the capture pipeline runs independent liveness, identity, and consistency checks on every session. The trustworthiness comes from layered controls that each address a different attack type, not from the scan technology alone. A scan with no integrity scoring should not drive a binding decision.
What is the difference between liveness detection and identity verification?
Liveness detection confirms that a real, living person is in front of the camera rather than a photo, replay, or mask. Identity verification confirms that the living person is the actual applicant, usually by matching the live capture to a verified government document. Both are necessary because proxy fraud can pass liveness while failing identity.
Which type of mobile assessment fraud costs carriers the most?
Proxy substitution, where a healthier person scans in the applicant's place, tends to carry the highest per-case cost because it directly understates mortality risk and underprices the policy. Coached misrepresentation by the genuine applicant is more common but is partly addressed by consistency and plausibility scoring.
How do fraud controls keep up with deepfakes and synthetic video?
They require continuous retraining and adversarial testing rather than a fixed certification. With insurance fraud up roughly 19 percent year over year and synthetic media attacks growing, integrity systems pair physiological liveness signals with hardware-level capture attestation so that injected or synthetic feeds are detectable even when they look convincing.
Circadify is building integrity into remote health screening at the capture layer, combining liveness, identity, and consistency checks so that self-administered scans can support real underwriting decisions. Underwriting and risk leaders concerned about leakage from self-administered assessments can request a Circadify integrity briefing and review the technical controls in detail at circadify.com/industries/payers-insurance.