AI & Insurtech

AI Claims Fraud Network Detection in India: Graph Methods, Entity Resolution, and IRDAI Framework Updates

How Indian general insurers are deploying graph neural networks to detect fraud rings across motor and health claims, the entity resolution challenges in the Indian context, and the IRDAI Fraud Monitoring Framework updates through 2024 and 2025 that shape production deployments.

Sarvada Editorial TeamInsurance Intelligence
10 min read

Listen to this article

Audio version • 10 min read

fraud-detectiongraph-neural-networksentity-resolutionmotor-claims-fraudhealth-claims-fraudirdai-fraud-framework

Last reviewed: June 2026

Why Claims Fraud Detection Has Moved From Rules to Graphs

Indian non-life insurers reported net incurred claims of roughly INR 1.88 lakh crore in FY2024-25 across motor, health, fire, and other commercial lines, according to IRDAI data, up about 9 percent on the prior year. Widely cited industry estimates place fraud leakage in the high single digits to low teens as a share of claims, which on a base of this size implies annual fraud losses running into tens of thousands of crore. The fraud mix has shifted through 2023 to 2025 from individual opportunistic fraud toward organised rings that span garages, hospitals, repair shops, agents, surveyors, and orchestrators who coordinate claims across multiple insurers.

The traditional fraud detection approach in Indian insurance has been rules-based scoring at the individual claim level. The approach catches obvious fraud (claims filed days after policy inception, claims with implausible damage patterns, documentation inconsistencies) but misses organised fraud where individual claims appear normal in isolation. A claim from a real policyholder for a real accident at a known garage looks unremarkable until the graph view shows that the same garage processed seventy claims this quarter, fifteen of which involved the same surveyor, twelve of which involved the same independent assessor, and eight of which involved policyholders sharing a common address.

Graph-based fraud detection has emerged as the dominant approach to organised fraud through 2024 and 2025. The technical approach builds a graph where nodes represent entities (policyholders, vehicles, garages, hospitals, doctors, agents, surveyors, addresses, phone numbers, bank accounts) and edges represent relationships. Graph neural networks learn embeddings for each entity that capture both the entity's own features and its position in the broader network. Vendors and applied-research studies for graph-based fraud detection report material uplift in detection rate over rules-based baselines (independent reviews of healthcare-claims models, for example, have found graph methods outperforming traditional models by meaningful margins), with the gains concentrated on the organised-ring patterns that individual-claim rules systematically miss. Reported payback on production programmes generally falls within a year to two years once model development, infrastructure, and operational integration are accounted for, though realised figures vary widely by insurer and by the strength of the pre-existing rules baseline.

Graph Construction: Nodes, Edges, and Temporal Structure

Graph neural network performance depends on the graph construction. A well-designed graph captures the relationships that distinguish fraudulent from legitimate networks while filtering noise that obscures the signal.

The node set for an Indian claims fraud graph typically includes policyholders, vehicles, drivers, garages, hospitals, doctors, surveyors, loss assessors, agents, brokers, addresses, phone numbers, bank accounts, and IFSC-bank-branch combinations. Each node carries feature data drawn from the insurer's master data and claim payment data. The edge set captures relationships visible in transaction data: policy ownership, claim filing, treatment provision, professional involvement, and shared identifiers. Production graphs for major Indian insurers typically contain tens of millions of nodes and hundreds of millions of edges when built across multi-year claims history.

Temporal structure is critical because fraud rings exhibit time patterns that static graphs miss. A garage that processed forty claims per month consistently across two years is operationally normal. A garage that processed forty claims in the last quarter against a baseline of eight is anomalous. Production deployments typically use temporal graph neural networks rather than static graph methods because of the higher detection accuracy on organised fraud patterns. The graph schema should be designed for incremental update rather than full rebuild, with new claims processed daily and embeddings refreshed for affected nodes without full recomputation.

A design decision specific to Indian insurance is whether to build single-insurer graphs or industry-wide graphs. Single-insurer graphs avoid data sharing complications but miss fraud rings operating across multiple insurers. Industry-wide graphs require data sharing infrastructure through the Insurance Information Bureau pooled data programmes and produce more detection lift but introduce data governance complexity. The Indian production pattern in 2025 and 2026 has been single-insurer graphs supplemented by IIB pooled signals on flagged entities.

Entity Resolution: The Indian Identity Challenge

Graph neural network detection accuracy depends on accurate entity resolution. The same individual must be represented by a single node across all claims, policies, and relationships rather than by multiple disconnected nodes. Entity resolution in the Indian context is harder than in markets with strong unique identifier systems.

Three challenges shape the production deployment. Name and address variation: Indian names have multiple transliterations, ordering conventions, regional rendering of middle elements, and typographical variation in claims data entry. Addresses are similarly variable across locality, pin code, building name, and language script. A single individual at a single address may appear as ten different identity strings across ten claims over five years. Aadhaar restriction: Supreme Court rulings in 2018 and subsequent IRDAI clarifications through 2023 restricted insurer use of Aadhaar for claim processing where the underlying policy was not Aadhaar-linked at issuance. The practical effect is that Aadhaar is unavailable as a reliable resolution key for the legacy book and for current claims where Aadhaar collection at issuance is not standard. PAN coverage: PAN is more widely available than Aadhaar in current insurance data but is not universally collected, with motor insurance and individual health insurance showing lower coverage than corporate property.

The practical entity resolution pattern combines multiple weak signals into a probabilistic match score: normalised name, normalised address, phone, email, bank account, PAN where available, vehicle registration where applicable, and policy and claim history co-occurrence. Resolution accuracy in production deployments is typically 88 to 95 percent measured against human-labelled benchmarks. For vehicle resolution, the Vahan database maintained by the Ministry of Road Transport and Highways provides registration data that supports cross-insurer vehicle resolution.

Suspicious Patterns: What the Production Models Target

Indian claims fraud rings exhibit identifiable patterns in graph structure that production models target. Each pattern represents a category of organised fraud that rules-based approaches systematically miss.

  • Repeating garage with revolving policyholders. A garage processes a high volume of claims across a rolling set of policyholders who do not otherwise share connections. The pattern indicates inflated repair invoicing on legitimate accidents or staged accidents with the garage as orchestrator.
  • Hospital-doctor-patient cliques. A small set of hospitals, doctors, and patients exhibit dense interconnections across a high volume of health claims, with the patient set rotating across claims but the hospital and doctor set stable. The pattern indicates inflated treatment claims or staged hospitalisations.
  • Surveyor concentration on suspicious claims. A single surveyor or small group recur on claims that share other suspicious features. The pattern indicates surveyor complicity in claim inflation or fabrication.
  • Agent-orchestrated fraud rings. A single agent recurs across claims from policyholders who share no apparent connection. The pattern may indicate agent-facilitated policy issuance to nominal policyholders for fraud schemes.
  • Address and phone clustering. Multiple policyholders share addresses or phone numbers that do not correspond to legitimate group households or commercial entities, indicating identity multiplication or organised identity theft.
  • Vehicle rotation patterns. A small set of vehicles appear across multiple claims under different policyholders at rates exceeding legitimate transfer activity, indicating vehicle-based fraud schemes or staged accidents.
  • Spatial accident clustering. Accidents reported in specific geographic micro-clusters at rates exceeding traffic-volume-adjusted baselines indicate staged-accident locations.

The production models typically score each claim against the full set of patterns with a composite suspicion score that surfaces claims for human investigation. The investigation workflow determines whether the pattern indicates fraud, operational normality misinterpreted by the model, or a borderline case requiring additional investigation.

IRDAI Fraud Monitoring Framework: 2013 Foundation and 2024 to 2025 Updates

The Indian regulatory framework governing insurance fraud is anchored by the IRDAI Fraud Monitoring Framework 2013 as amended through subsequent circulars and the 2024 to 2025 updates. The 2013 foundation required every insurer to maintain a fraud monitoring function with documented procedures, periodic fraud risk assessment, investigation procedures, and reporting to the insurer board.

The IRDAI updates through 2024 and into 2025 extended the framework to address analytical fraud detection, data sharing, and cross-industry coordination. The updates specifically recognised analytical fraud detection as a regulatory expectation rather than an optional capability, and extended the data sharing framework through the Insurance Information Bureau pooled fraud data programmes.

Four specific implications shape graph detection deployments. Investigation documentation requires insurers to maintain documented investigation outcomes for claims flagged by analytical methods, including the analytical signal, investigation steps, outcome, and disposition. Model governance requires periodic validation, accuracy measurement, bias assessment, and senior management oversight under the insurer's model risk management framework. Data sharing posture requires participation in IIB pooled fraud data programmes with entity-level contribution and consumption of pooled signals. Policyholder rights under the Digital Personal Data Protection Act 2023 require that adverse outcomes (claim denial, policy cancellation, blacklisting) be supported by documented investigation rather than analytical scoring alone, with access, correction, and grievance rights preserved.

The combined effect of the 2024 to 2025 updates has been to formalise the analytical fraud detection function as a regulated capability with explicit expectations on documentation, governance, data sharing, and policyholder protection.

Production Deployment Patterns and Real-World Detection Lift

Production deployments of graph fraud detection in Indian insurance have established consistent patterns across model architecture, infrastructure, and operational integration.

The model architecture pattern combines a graph neural network for structural learning with rules-based scoring for explicit fraud indicators and gradient boosting for individual claim features. The composite output is a unified suspicion score routed to the investigation workflow. The infrastructure pattern uses dedicated graph database technology (Neo4j, JanusGraph, TigerGraph, or insurer-internal graph stores) for storage and traversal, with separate model serving infrastructure for the neural network components. Annual infrastructure costs range from INR 1.5 to 8 crore for the largest insurers operating multi-product fraud detection.

The operational integration pattern positions the fraud detection workflow alongside the existing claims processing workflow rather than blocking it. Claims continue to be processed through standard channels with fraud detection running in parallel and flagging claims for investigation before payment. The flagged claims enter a structured investigation queue with prioritisation by suspicion score and claim value. Payment is held on flagged claims pending investigation outcome.

The detection lift from graph methods is best understood as material but variable rather than a single headline number. Graph approaches add the most where fraud is organised into networks, so health portfolios (with their hospital-doctor-patient ring structures) tend to show larger relative gains than motor, and any portfolio with a weak rules baseline shows a larger uplift than one with mature rules already in place. Insurers should treat externally quoted lift figures as directional and benchmark against their own pre-deployment leakage rather than adopting a vendor number as a planning assumption. Payback on the overall programme, including model development, infrastructure, and operational integration, generally lands within one to two years, with the faster end of that range reserved for insurers carrying high leakage before deployment.

Operational challenges have included investigator workflow capacity, model retraining cadence, and false positive management. Investigator workflow capacity is the most common bottleneck: a model that surfaces too many cases either produces backlog that delays claim payment or forces investigation triage that loses detection lift. Production deployments address this by calibrating suspicion score thresholds against investigator capacity and by automating low-suspicion case clearance.

For brokers serving large corporate clients, insurer fraud detection capability affects combined ratios and pricing. Brokers should engage insurers on fraud detection capability as part of insurer evaluation, particularly for clients in segments with high fraud exposure (motor fleet, health programmes in tier-2 cities, contractor liability with high subcontractor counts).

Platforms such as Sarvada are emerging in the Indian commercial broking market to integrate insurer fraud detection signals with broker claims advocacy and renewal analysis. Request Access to evaluate platform options.

Frequently Asked Questions

Why are rules-based fraud detection methods insufficient against organised fraud rings?
Rules-based methods score individual claims against threshold criteria and catch obvious individual fraud but miss organised fraud where individual claims appear normal in isolation. A garage processing seventy claims this quarter with shared surveyors, shared assessors, and clustered policyholder addresses produces a graph signal that no individual-claim rule captures. Graph neural networks identify these structural patterns by learning embeddings that combine each entity's own features with its network position, surfacing organised fraud that rules-based approaches systematically miss.
How does Aadhaar restriction affect insurer entity resolution in fraud detection?
Supreme Court rulings in 2018 and subsequent IRDAI clarifications through 2023 restricted insurer use of Aadhaar for claim processing where the underlying policy was not Aadhaar-linked at issuance. Insurers lost the strongest single unique identifier for entity resolution on the legacy book. The practical resolution pattern combines multiple weak signals (normalised name, normalised address, phone, email, bank account, PAN where available, vehicle registration, policy and claim history co-occurrence) into probabilistic record linkage producing 88 to 95 percent resolution accuracy in production deployments. PAN coverage is more reliable than Aadhaar but is not universally collected.
What suspicious patterns do production graph fraud detection models target in Indian claims?
Production models target seven recurring patterns. Repeating garage with revolving policyholders indicates inflated repair or staged accidents. Hospital-doctor-patient cliques indicate inflated treatment or staged hospitalisations. Surveyor concentration on suspicious claims indicates surveyor complicity. Agent-orchestrated rings indicate agent-facilitated policy issuance to nominal policyholders. Address and phone clustering indicates identity multiplication or theft. Vehicle rotation patterns indicate vehicle-based schemes or staged accidents. Spatial accident clustering indicates staged-accident locations. Composite scoring across these patterns surfaces claims for human investigation rather than triggering automatic adverse outcomes.
What does the IRDAI Fraud Monitoring Framework expect from analytical fraud detection deployments?
The 2013 foundation as updated through 2024 and 2025 expects four specific things. Investigation documentation requires structured records of the analytical signal, investigation steps, outcome, and disposition for each flagged claim. Model governance requires periodic validation, accuracy measurement, bias assessment, and senior management oversight under the insurer's model risk management framework. Data sharing posture requires participation in Insurance Information Bureau pooled fraud signal programmes with entity-level contribution and consumption. Policyholder rights under the DPDP Act 2023 require that adverse outcomes be supported by documented investigation rather than analytical scoring alone.
What is the typical detection lift and payback period for graph fraud detection in Indian insurance?
Detection lift from graph methods is material but varies by portfolio rather than landing on a single number. Health portfolios, with their hospital-doctor-patient ring structures, typically show larger relative gains than motor, and any book with a weak rules baseline shows more uplift than one with mature rules already in place. The lift is concentrated on organised rings that individual-claim rules systematically miss, which is exactly where externally quoted figures are most directional. Insurers should benchmark against their own pre-deployment leakage rather than adopt a vendor number as a planning assumption. Payback on the overall programme, including model development, infrastructure, and operational integration, generally lands within one to two years, with the faster end reserved for insurers carrying high leakage before deployment and the slower end for those with already-strong rules-based detection that still reach positive economics within roughly two years.

Related Glossary Terms

Related Insurance Types

Related Industries

Related Articles

Sarvada

Ready to see Sarvada in action?

Explore the platform workflow or start a product conversation with our underwriting automation team.

Explore the platform