Connecting state and local government leaders
Several states have recently reported increases in fraudulent claims. After spending hundreds of millions of dollars to upgrade systems, emerging threats are putting pressure on states to modernize even further.
In the early days of the COVID-19 pandemic, when unemployment more than tripled in the second quarter of 2020 to 13 percent, state unemployment insurance programs were quickly overwhelmed with new claims.
The backlogged systems caused payments to be delayed going out, but just as troublingly, aging infrastructure allowed for hundreds of millions of dollars nationwide in fraudulent claims, amid what one expert last year called a “perfect storm” of failing legacy technology and criminality.
But months after most public health emergency declarations have ended, that pandemic-era criminality appears to have reared its head again in several states as they report upticks in unemployment insurance fraud.
The Colorado Department of Labor and Unemployment said last month that of the 62,000 initial claims it processed since April, 22,000 had holds in place to investigate fraudulent activity. Most of those claims with holds were abandoned, but 5,766 are still being investigated. Philip Spesshardt, director of the division of unemployment insurance, told the news station Denver7 that the claims came after a “year-long lull” in fraudulent activity.
Meanwhile, the Connecticut Labor Department said in July that it was among several states to be targeted by criminals who flooded the unemployment insurance system with false identities in a bid to claim fraudulent benefits. The department suspected that 75% of applications were fraudulent, and Commissioner Danté Bartolomeo estimated the agency stopped 385,000 false claims and protected $3.9 billion in benefits.
And in Ohio, a spike in fraudulent claims forced many unemployment insurance recipients to spend hours waiting on the phone to reinstate their benefits. When the state flags suspicious activity on an account, it is automatically frozen. The recipient must then go through the process of unfreezing it.
The renewed increase in fraudulent claims comes as agencies and observers are more aware of these efforts to exploit existing vulnerabilities.
“Unfortunately, this isn't, in many cases, your average ordinary fraudster,” said Jordan Burris, head of public sector strategy at the identity verification company Socure. “We're seeing criminal enterprises. We're seeing nation states, who because they know of the weaknesses in existing infrastructure, are taking advantage of it on a daily basis.”
Pandemic-era fraud has incentivized governments to address vulnerabilities, especially replacing legacy infrastructure that is more susceptible to hackers and crashing under high traffic. In May, the U.S. Department of Labor made $653 million available to states under the American Rescue Plan Act to modernize their unemployment insurance infrastructure and to participate in pilots.
In total, the law contains $2 billion to help modernize systems, improve fraud prevention and ensure more efficient claims processing. Of those funds, $1.6 billion is available for initiatives like anti-fraud grants and updating identity authentication technology to meet federal standards, for so-called Tiger Teams to help states identify solutions, and for improving payment accuracy, decreasing improper payments and making systems more user friendly.
But all the modernization in the world may not prevent attacks underpinned by new and emerging technologies, especially artificial intelligence and generative AI systems like ChatGPT. In time, Burris warned that generative AI could be used to generate a person’s identity from scratch, while right now it could help augment fraud by creating believable documents for stolen identities.
Governments could defend themselves, for instance, by training AI-driven data models to determine who fraudsters are. States also must embrace better information sharing about threats, especially as hackers share tips, best practices and revel in each other’s successes.
“If you look at the counter side, on the dark web all threat actors are sharing a bunch of information,” Burris said. “Everyone's talking, everyone's sharing. Nation states are investing billions of dollars into being able to circumvent what we put in place in the U.S. Every time they win, and they end up getting a payment sent over to them, then they continue to reinvest and double down on it.”
The consequences of fraud for residents are enormous. The Identity Theft Resource Center estimated in a report last year that 87% of identity theft victims experience emotional harm, and 68% experience physical impacts. Burris said with the “level of sophistication” that hackers have, especially as they leverage new technologies, it is imperative for governments to get the issue under control.
NEXT STORY: Feds seek help on harmonizing cyber regulations