Connecting state and local government leaders
The pandemic laid bare state and local governments’ vulnerability to fraud, and agencies must lean into data-sharing technology to keep up defenses, an expert advises.
Once bad actors began to capitalize on the pandemic’s chaos to steal benefits payments, state and local governments quickly realized their weak spots in preventing social services fraud.
From unemployment insurance to Supplemental Nutrition Assistance Program services, agencies’ outdated IT infrastructure struggled to handle the flood of legitimate benefits claims—let alone fraudulent ones.
Governments nationwide were caught off guard by the sophistication of fraud schemes and the easy access to identity databases on the darknet, “and they certainly weren’t prepared for it,” said Linda Miller, former deputy executive director of the federal Pandemic Response Accountability Committee.
“A lot of federal, state and local government agencies right now are still in the acceptance stage. They understand now that they have a lot more weaknesses and vulnerabilities to fraud than they knew before,” she said.
For instance, a January 2021 report from California State Auditor Elaine M. Howle found a lack of coordination among state agencies left a hole for fraudsters to climb through and snatch up social services intended for families in need.
The audit found that the state’s Employment Development Department (EDD) lacked a system to crosscheck identifiable information in UI claims with data on incarcerated individuals. That kind of data sharing could have prevented one Los Angeles man from stealing $5.5 million in COVID-related jobless benefits before his arrest in March 2021.
Edward Kim, 36, and his accomplices filed 459 unemployment insurance claims to the California EDD, the U.S. Attorney’s Office reported in November. The fraudsters collected benefits using personally identifiable information they purchased from the darknet, stealing the names, birth dates and Social Security numbers of California state prisoners.
Without a proper identity confirmation process, Howle said nearly $10.4 billion of fraudulent payments were sent to bad actors such as Kim.
Agencies must understand how fraudsters operate to efficiently detect and prevent fraudulent activity. “Threat intelligence … is really underutilized right now by all government,” Miller said. Through research or data analysis, agencies can learn more about the methods bad actors use to target benefits programs and commit fraud.
Tools that enable data sharing and consolidation provide another wall of defense for agencies to identify anomalies in benefits applications such as a birth date linked to a Social Security card issued at a different time, Miller said. Digital identity verification such as photo matching is also key in blocking fraudulent social services applications.
While artificial intelligence-enabled tools should not be new to government, she said, they should continue to be leveraged. Agencies can collaborate with vendors such as LexisNexis or TransUnion that can aggregate large amounts of data and build algorithms that confirm claimants’ legitimacy. For example, government can implement a system to trace IP addresses associated with applications, which could flag suspicious activity such as IP addresses from a foreign country, Miller said.
Before buying any solution, program managers should leverage reports on vendors from trusted sources such as Gartner or release requests for information to get an overview of vendor options and their capabilities, she said. However, any solution that an agency picks should have built-in data privacy and security capabilities, such as tools to mask identifying data to avoid the collection of sensitive information.
Now that the pandemic is largely regarded as over—and with the Department of Health and Human Services slated to end the public health emergency declaration on May 11—Miller warned that government should not expect fraud to diminish.
“Unfortunately, a number of agency leaders had this impression that this [fraud] was a once in a generation, once in a lifetime occurrence. ‘It’s not going to happen again, so do we really need to spend a lot of money modernizing our systems and shoring up our capabilities?’” she said. But fraud is not going away. “It’s absolutely still there.”
For example, with money from the Inflation Reduction Act and infrastructure bill heading toward the states for broadband expansion and energy tax credits, “these programs are ripe for fraudsters to take advantage,” Miller said. And as COVID-era relief programs wind down, fraudsters will be keeping an eye out for new vulnerabilities as leaders adjust their benefits systems.
“The pandemic indoctrinated a whole new generation of fraudsters, and now they’re just going and using the skills that they developed during the pandemic to defraud these other programs,” Miller said. “Wherever the money goes is where they’re going to follow.”