Fraud Detection & SIU — Host-to-Host Integration

Purpose of Host-to-Host

Score FNOL, estimates, and payments in real time to flag suspicious patterns before settlement.
Correlate entities (claimants, vehicles, providers, devices, bank accounts) using network analysis.
Open SIU cases automatically and orchestrate investigations across partners and regulators.

Core Data Objects

Entities: person, provider, repairer, vehicle/property, device, address, bank account
Events: FNOL, estimate, treatment, invoice, payment order, refund, recovery
Scores: probability, reasons (rule/model features), threshold bands, overrides
Networks: links (shared device/phone/address/bank/plate), communities, centrality
Watchlists: internal/external lists, sanctions/PEP (if applicable)
Cases: caseId, subject(s), alerts, tasks, exhibits, disposition (confirmed, unfounded)
Events: alertRaised, caseOpened, holdPlaced, evidenceAttached, caseClosed

Example API Endpoints

POST /score/fnol
Score FNOL payload; return risk band + reasons

POST /score/estimate
Score repair/medical estimate with provider history

POST /score/payment
Score payment order (bank acct/device match, mule patterns)

POST /alerts
Create alert with score and recommended action

POST /cases
Open SIU case; attach entities, alerts, exhibits

POST /cases/{id}/actions/hold
Place hold on payment/policy pending review

POST /network/expand
Return linked entities and community metrics

POST /watchlists/sync
Sync internal/external watchlists (hashed where possible)

POST /callbacks/status
Asynchronous updates back to Claims/PAS/Payments

Sample Scoring Request

POST /score/payment
{
  "claimId":"CLM-992331",
  "beneficiary":{"name":"Adi Wijaya","bank":"XYZ","account":"****1289"},
  "device":{"fingerprint":"dfp-8a12","ip":"103.88.14.9"},
  "amount": 18500000,
  "history":{"priorClaims": 4, "daysSincePolicy": 21},
  "links":["plate:B1234XYZ","phone:+62812****777"]
}
-- RESPONSE --
{
  "score": 0.86,
  "band": "HIGH",
  "reasons": ["Shared device with 3 other claims","Bank account linked to prior fraud case","Early-tenure payout"],
  "actions": ["PLACE_HOLD","OPEN_CASE"]
}

Reference Flows

Real-time Claim Scoring

FNOL/estimate/payment events posted to /score/*
Rules + ML model compute score and band
High band → /alerts + /cases + payment hold

Network Expansion

Claims sends entity keys (phone, device, plate)
Service returns connected entities & communities
Claims UI shows graph & prior dispositions

Case Management & Disposition

SIU collects evidence, interviews, provider audits
Disposition decides: Confirmed / Unfounded / Inconclusive
Actions: release hold, deny claim, partial pay, blacklist

External Data Enrichment

Call bureaus/consortium, plate registry, device intel
Hash/Tokenize PII where possible; store minimal data
Cache TTL & purge schedules per policy

Security & Controls

mTLS, OAuth2/JWT; IP allow-list; message signing (JWS).
Privacy & lawful basis; consent flags; PII minimization & masking.
Explainability (feature importances/SHAP) exposed for high-risk decisions.
Idempotency, replay protection, and rate limiting.

Monitoring & Audit

Model performance (AUC/KS), stability, drift; periodic calibration.
False-positive/negative tracking; reviewer overrides & outcomes.
Complete audit trail for alerts, case actions, and holds.

What You Get

OpenAPI + sample payloads, Postman collection, and mock server.
Reference rules & ML notebooks (feature engineering, training, validation).
Graph/network schema & example queries.
Case management templates (workflows, exhibits, dispositions).
Annual maintenance incl. change requests; on-prem or cloud.