By now everyone is sick of hearing about COVID. And honestly just putting the letters C-O-V-I-D into this post will most likely tank any SEO. The virus has ravaged families, businesses, governments, and countries alike.
In March, President Trump signed the CARES Act into law which was meant to bring relief to US citizens. But it might have had some unintended consequences. We seek to quantify the impacts it has had on consumers, businesses, financial institutions, and fraud across the US. In seeking to provide for citizens in need, we may have injected millions (potentially billions) into the criminal underworld.
On the surface this decision makes sense. As elected officials you want to ensure the safety and security of your citizens. But at what cost? Without the proper controls in place the massive stimulus made available is ripe for fraud…Which is exactly what happened.
So What Next?
There has been nonstop coverage of COVID related fraud, ranging from new scams, to PPP for businesses and unemployment benefits. The conversation needs to shift from only trying to quantify the impacts, to identifying next steps.
With the potential for a second stimulus package looming we are bound to see another influx of fraud. But will we be better prepared? Below I lay out three major keys on how I believe we can limit the risk of another fiasco of fraud.
1. Verify – Verification of the Claimant’s Identity
I have received numerous messages from relatives, friends, and other contacts about letters they have received from the unemployment office regarding their successful unemployment. Funny thing is: They never applied! They want to know what they should do about securing their information now that it seems someone out there has it.
Innovating is one thing that the government does very poorly. With the exception of the military, the government could do a much better job at leveraging the private sector. Over the years financial institutions and fintechs have partnered to lessen the risk of identity theft and better protect the consumer. The government can learn a thing or two.
This situation has allowed fraudsters to yet again profit off of identity theft. They have been able to repurpose previously worthless data for another scheme. I see fraudsters attacking in two separate ways.
- Common Identity Theft – stealing someone’s true identity and using that information to sign up for benefits
- Synthetic Identities – The plethora of identities that are on the market and available for use are perfect for this kind of fraud. These identities may not exist, but the volume of claims makes this a perfect crime. As the number of claims continues to increase, the quality of review decreases. Then the rubber stamp comes out.
Below are a few solutions that are currently available to tackle this problem.
- FiVerity – Synthetic identity and collaboration solution
- LexisNexis – Identity verification suite
- SentiLink – Synthetic identity scoring
- Socure – Identity verification tool
2. Validate – Validation of the Claim
Once the identity has been verified to be legitimate, the government needs to then validate that the claim itself is legitimate. Most states already have systems in place that could be used to validate someone’s employment. Employers often times are paying state taxes on behalf of their employees and thus their information should already be on-file. This begs the question: is the information accurate and how often is it updated?
Each state should be able to tap into this data and leverage it to verify that the claimant did in fact work for the company that they are claiming. By creating a system that has real-time reporting (even daily batches) the state could have better validation. Able to confirm there has been separation and that they meet the requirements to be eligible for unemployment benefits.
Unfortunately I don’t know of any private sector solutions that can be leveraged for this step. With that said, the government should be able to utilize the relationships that they have with the employers in their state to validate employment status.
3. Authenticate – Authentication of the Recipient
The majority of unemployment related cases that I have seen are receiving deposits in names that have no apparent relation to the account holder, and are often from out of state.
Once the funds are released, and we see the deposit, it looks like the states are approving anyone that applies and then are subsequently sending those funds anywhere the claimant requests. There is no validating the ownership of the recipient account or relationship with the owner.
I’ve personally seen deposits being received in 5-10 different names, and when the recipient is questioned they don’t know any of the beneficiaries. They have no established relationship with them and often times confess to being solicited to receive the deposits for a small premium.
Steps 1 and 2 are strictly government related, and financial institutions can’t really have an impact or assist in the process. If the first two steps are done however, it greatly reduces the need for the third.
One way to better help solve this problem would be to layer in a data aggregator to verify ownership of the recipient account. Solutions such as:
Now as I said, this isn’t a problem that will be fixed overnight. But while the focus is still on assessing the impacts, there is little talk on how we can reduce the likelihood of something like this happening again.
COVID related government benefits fraud is a much more nuanced issue with far reaching implications. I believe by focusing on these three areas there can be an immediate reduction in how successful criminals are stealing taxpayer supported relief. The final numbers haven’t been calculated yet, but it looks like the criminal underworld got a BIG payday. And they might just get one more in the very near future.
Never stop chasing checkmate.