Software Designed with Fraud Prevention in Mind
TandaPay’s architecture is designed to safeguard policyholders from fraud. It accomplishes this by permitting every policyholder to decide for themselves if they believe a claim is fraudulent and whether or not it should be paid.
Policyholder’s are therefore required to establish a level of trust between members of their TandaPay community, since it is the members who are required to approve payment for all valid claims. If someone does not believe that their community would approve payment for a valid future claim then they should not seek to obtain coverage from said community.
This trust in one’s community to approve a valid claim for payment should not be confused with the trust a policyholder has that the system will safeguard them from fraud. TandaPay opts to provide the highest protections to policyholders in exchange for relatively low guarantees to claimants. This tradeoff is aimed at providing the highest level of protections against fraudulent claims. There are several layers of guarantees that the system provides and the trust required at each layer is substantially different.
Three Layers of Trust
The first layer of trust is in the ability of the software to provide transparent and accurate accounting of all funds held by the group. This layer is guaranteed by the technical workings of blockchain technology as well as other databases which provide for the user interface. The cost required to attempt to violate this trust far exceeds the potential gain an attacker could hope to achieve. The potential cost to execute this attack exceeds the potential gain by several orders of magnitude.
The second layer of trust is in the ability of the software to protect policyholders from having to approve payment for a fraudulent claim. The only way that participants within the group could possibly misappropriate funds is by approving a fraudulent claim for payment. Thus these two potential threats (fraud and misappropriation) exist within the same layer of trust. The smart contract architecture guarantees that each policyholder has the ability to withhold payment for any claim they believe to be fraudulent. The cost required to violate this layer of trust would again far exceed the potential gain an attacker could hope to achieve. The potential cost to execute this attack in this case likely exceeds the potential gain by again several orders of magnitude. This is why we believe the first two layers require the least amount of trust.
The third and final layer of trust is in the ability of the community to approve an individual’s valid claim for payment. The smart contract architecture does not guarantee that all valid claims will be paid. The smart contract architecture does disincentivize the denial of valid claims. If a valid claim is denied then many members may decide to leave the community. If a critical mass of members suddenly leave then the groups ability to pay future premiums may halt. This would require the group to either terminate or reorganize. This is why we believe the severity of consequences of denying valid claims far exceed the potential gain associated with this type of action.
Given these three layers of trust we can clearly see there is a clear distinction between the members:
- Trusting the software to safely hold their premiums
- Trusting the community to approve their valid claim
This distinction is very important. Participants are provided a guarantee secured by the underlying technology that the software will safely hold their premiums. Building upon this initial guarantee, all participants need to secure a guarantee from their community that all valid claims will be paid.
To provide the initial guarantee TandaPay utilizes smart contracts running on blockchain technology. TandaPay is designed for policyholders use an app to pay their premiums into a smart contract. It permits a user to finalize payment of their premium, to a set of known claimants at the end of each month. By giving a user the ability to deny payment of their premium (defect), to the claimants it removes the incentive for a group leader to attempt approval of any fraudulent claims.
With the architecture there are accompanying legal solutions to protect against fraud. These remedies are based in contract law.
First, the TandaPay concept itself is a protection against the payment of fraudulent claims. Any attempt to approve a fraudulent claim for payment will result in a large number of defections and these defections will in turn cause the group to terminate.
With the advent of Blockchain technology, insurance contracts which coordinate groups to pay claims have different risk models than traditional insurance policies.
Legally, to establish insurance fraud, a party must prove the following elements by clear and convincing evidence:
(i) a false representation;
(ii) of a material fact;
(iii) made intentionally and knowingly;
(iv) with the intent to mislead;
(v) reliance by the party misled; and
(vi) resulting damage to the misled party. 
This misrepresentation has its roots in common and cannot be easily be adapted to the TandaPay environment. Insurance law is based on contract, and TandaPay does not meet the criteria of a valid contract under contract law. The software merely uses smart contracts to coordinate the members to jointly pay claims. The software never uses smart contracts to bind members to an agreement that the group would provide insurance to any individual claimant.
TandaPay should be primarily understood to be a type of speech, and not an agreement for an exchange of services. Whether it is based on federal banking laws, blockchain, or an IOU, a traditional insurer is agreeing to accept payment in exchange for providing coverage. TandaPay however is not a traditional insurer in that each individual member of the group decides if they will use their premiums to pay a whitelisted claim.
The elements of the tort of fraud are a misrepresentation of material fact made with the intent to deceive where there was reasonable and justifiable reliance by the plaintiff and resulting injury.
If the elements of insurance fraud or fraud in general are proved, the TandaPay group could recover from the offending member. Given the protections provided by the software (allowing anyone to defect with their premium), it is unlikely that any member would bring an action in state court alleging contract fraud and breach or misrepresentation. Also given the very low value of any individual claim it is unlikely that the costs of seeking a judicial verdict would outweigh the potential value of a forfeit premium.
In contract law, the elements for a breach of contract claim are the:
(1) breach and the
(2) resultant damages
(3) to the party who has the right to complain about the contract being broken.
As a result given TandaPay’s decentralized and deregulated structure, a member or the community as a whole would have a difficult task in bringing suit against another member who is alleged to have fraudulently submitted a claim for reimbursement.
In addition, Article 4-A of the Uniform Commercial Code sets out specific rules for the regulation of funds transfers. States have adopted the UCC, and thus, a claim would likely fail if brought under this statute.
One of the primary issues in this analysis is the question of proving that a contract exists. The offending member may defend an action be arguing that there was no contract between the parties. Generally, to survive a motion to dismiss for failure to state a breach of contract claim, a plaintiff must demonstrate: (i) the existence of the contract, whether express or implied; (ii) breach of an obligation imposed by that contract; and (iii) the resultant damages.
“Whether a contract exists is a question of law.” This means that a judge, rather than a jury would determine if a contract in fact exists. While there may not be a signed contract — especially with smart contracts and blockchain technology — an oral contract may be ascertained from the parties’ words, deeds, acts, and silence.
To determine the obligations imposed by a contract, courts generally begin with the language of the agreement. For example, when the contract is clear and unambiguous, Delaware courts “will give effect to the plain-meaning of the contract’s terms and provisions.” Interestingly, Delaware case law states that a term isn’t ambiguous simply because it is not defined.
This has application in the TandaPay environment where the concepts have not been litigated, and judges may not thoroughly understand specifics.
If the court finds the contract is unambiguous, extrinsic evidence may not be used to interpret the intent of the parties, to vary the terms of the contract, or to create an ambiguity.
Court typically find that an ambiguity exists where the language of the contract as a whole reasonably could be susceptible to two different meanings. If the language is ambiguous, interpretation of the language requires resolving a question of fact regarding the intent of the parties to the contract. This question of fact would go to a jury to decide.
While the mutual intent of the parties is to be ascertained from the writing if possible, the parties’ course of conduct is “entitled to great, if not controlling, influence in ascertaining what they understood by its terms.”
Thus, a TandaPay agreement may be held to be a valid contract; and as a result, contract principles would have application. Note that contract and tort law are usually decided in state court, whereas banking and free speech issues are typically topics for federal court. This is significant because federal regulation of financial institutions and constitutional law are homogeneous throughout the country, but civil actions in contract and tort will be guided by the state law where the action is brought. In addition, where state and federal law conflict, federal law preempts state law.
While TandaPay is outside the conventional concepts of fund transfer and financial regulations, these legal concepts are available to TandaPay groups based on contract law.
 Breault v. Berkshire Life Ins. Co., 821 F. Supp. 410, 412 (E.D. Va. 1993).
 R. Christopher Goodwin & Assocs. v. Search, Inc., 019 U.S. Dist. LEXIS 187073, at *11 (E.D. La. Oct. 29, 2019).
 Roberts v. Dupont Pine Prods., 2019 Ga. App. LEXIS 612, at *7 (Ct. App. Oct. 29, 2019).
 Fortis Advisors LLC v. Allergan W.C. Holding, №2019–0159-MTZ, 2019 Del. Ch. LEXIS 1337, at *13 (Del. Ch. Oct. 30, 2019).
 Scott v. Schuster, 2019-Ohio-4448 (Ohio App. 2019), quoting Benefits Evolution, L.L.C. v. Atlantic Tool & Die Co., №25405, 2011-Ohio-4062, 25 (Ohio 9th Dist. Summit 2011); Watters v. City of Billings, 2019 MT 255, ¶ 11 (Mont. 2019).
 Zelina v. Hillyer, №05CA008661, 2005-Ohio-5803 (Ohio 9th Dist. Lorain 2005).
 Sunline Comm. Carriers, Inc. v. CITGO Pet. Corp., 206 A.3d 836, 846 (Del. 2019).
 Osborn ex rel. Osborn v. Kemp, 991 A.2d 1153, 1159–60 (Del. 2010).
 ClubCorp, Inc. v. Pinehurst, LLC, 2011 WL 5554944, at *12 (Del. Ch. Nov. 15, 2011) (alteration in original), quoting Sassano v. CIBC World Mkts. Corp., 948 A.2d 453, 468 n.86 (Del. Ch. 2008).
 “Delaware courts look to dictionaries for assistance in determining the plain meaning of terms which are not defined in a contract. Horton v. Organogenesis Inc., 2019 WL 3284737, at *4 (Del. Ch. July 22, 2019), quoting Lorillard Tobacco Co. v. Am. Legacy Found., 903 A.2d 728, 738 (Del. 2006).
 Eagle Indus., Inc. v. DeVilbiss Health Care, Inc., 702 A.2d 1228, 1232 (Del. 1997). See e.g., Citadel Hldg. Corp. v. Roven, 603 A.2d 818, 822 (Del. 1992) (“Only when there are ambiguities may a court look to collateral circumstances.”).
 Kuhr v. City of Billings, 2007 MT 201, ¶ 13, 338 Mont. 402, 168 P.3d 615 (Mont. 2007).
 Ophus v. Fritz, 2000 MT 251, ¶ 29, 301 Mont. 447, 11 P.3d 1192 Mont. 2000).
 See, e.g., Alby v. Bnsf Ry. Co., No. A17–1242, 2019 Minn. LEXIS 656, at *5 (Oct. 30, 2019) (when a FELA case is brought in state court, federal law governs the parties’ substantive rights, but state court practices and procedures apply.).
 There are “three different types of preemption — ‘conflict,’ ‘express,’ and ‘field,’ — but all of them work in the same way: Congress enacts a law that imposes restrictions or confers rights on private actors; a state law confers rights or imposes restrictions that conflict with the federal law; and therefore the federal law takes precedence and the state law is preempted.” Murphy v. Nat’l Collegiate Athletic Ass’n, 138 S. Ct. 1461, 1480 (2018) (citation omitted).