How can the customer confirm that the numbers are truly random and drawn live so you can't coordinate with them? It's to both your benefit and the insurance company's to not have high dollar prizes pay out. The insurance company would be on the hook for the prize, and it would cause your premium to go up.
Companies wrongfully fight unemployment claims all the time to keep their insurance rates down. It would be awful tempting for the insurance agency to send you the drawn numbers even ever so slightly early and let you alert them so they can redraw if the jackpot was ever awarded.
We want to show the customer that the number draws are truly random. We may do live drawings at some point, which could help. Would love any ideas on how we can hammer home that the number drawings are random and totally kosher.
It actually would be beneficial for us for someone to win the jackpot, and not beneficial for the insurer. The marketing benefit of a $10 million payout that an insurance company pays for would be huge for us. That's why the number drawing process is double blind. They choose the winning numbers and they can't see the picks. We can't see the winning numbers but we can see the picks.
Also since this type of insurance is purely mathematical, the risk doesn't change for an insurer if someone wins, so the price wouldn't change either. Unlike, say pet insurance, where if Bulldogs get sick more often than you thought, the insurer simply mispriced the risk.
This type of insurance is impossible to misprice. It's almost like a casino for the insurers. There is risk but no uncertainty of what the risk is and the odds are in your favor when you write more premium.
The cryptography world has a ton of ideas about this, but it's possible that most of your customers wouldn't find it easy to understand why some of those ideas are correct and fair.
A simple one (not necessarily anywhere close to the best that cryptography people have come up with) is to combine several sources of randomness in a prearranged time order and format, and use the result as input into a prearranged cryptographic hash function. At least some of those sources should be publicly verifiable, and at least one of those should be https://beacon.nist.gov/home. I can think of critiques and limitations in this approach, but it's a good start!
Edit: someone elsewhere in this thread has given a link to a more sophisticated method.
I'm curious what kind of controls you have in place to ensure that the company choosing the numbers doesn't have an employee go rogue like what happened with the McDonald's Monopoly game. https://en.wikipedia.org/wiki/McDonald%27s_Monopoly#Fraud
Only two people at the insurance co. know the numbers, so the knowledge is limited. This helps because less chance of a bad actor being involved if the info is limited to a very small circle.
We would be able to spot anomalies over time in number of winners of high prizes vs. what the probabilities say, and we would investigate it if anything looked off or suspicious.
We also carefully vetted the insurance co. and the people there that we work with.
These don't eliminate this risk entirely of course, but they help mitigate it.
Companies wrongfully fight unemployment claims all the time to keep their insurance rates down. It would be awful tempting for the insurance agency to send you the drawn numbers even ever so slightly early and let you alert them so they can redraw if the jackpot was ever awarded.