The $36 Billion Problem
Unemployment Fraud: the Good, the Bad, and the Technology
The negative effects of COVID-19—mass unemployment high among them—have been far-reaching, and negative news coverage abounds. But perhaps that negativity is overdone.
Researchers analyzed the tone of COVID-19 related English-language news articles written since January 1, 2020. The results, issued November 2020, found, “91% of stories by U.S. major media outlets are negative in tone… even in areas with positive scientific developments including school re-openings and vaccine trials.”
In this blog, we’ll aim for an even mix of negative and positive, starting here:
The Bad: Cyberattacks and fraud have increased significantly.
The Good: The tech already exists to effectively solve these challenges, and quickly.
Fraud on a Massive Scale
Cyber attackers can be innovative, adapting quickly to take advantage of new opportunities. In fact, as early as April 23, 2020, WHO reported a fivefold increase in cyberattacks. Also in April 2020, a joint alert was issued by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC), alerting citizens to “a growing use of COVID-19-related themes by malicious cyber actors.”
Unemployment benefit fraud, in particular, has been a popular attack vector of late. CNBC reports that “the U.S. lost more than $36 billion in unemployment benefits to improper payments, largely from fraud, since the CARES Act was passed…”
In the twelve months since March 2020, the U.S. Department of Labor estimates that more than $63 billion has been paid out improperly through fraud or errors.
The BBC reported some more positive news in November 2020; as much as £1bn in benefit fraud has been prevented from being paid to organized-crime groups. However, before the scam was spotted, officials unwittingly confirmed payments for thousands of stolen identities.
Stolen Credentials Are Everywhere
On March 15, 2021, the Associated Press reported on the most prevalent form of unemployment fraud. “Using data stolen from prior data breaches, the criminal makes a claim using someone else’s identity to access an increased pool of benefits.”
Of course theft of identity credentials and the ensuing use of those credentials to steal funds is nothing new. The Verizon 2020 Data Breach Investigations Report (DBIR), published in May 2020, states the “use of [stolen] credentials has been on a meteoric rise,” and 37% of all breaches utilized stolen credentials.
But here’s the good news. Proven technology can and will mitigate these threats. But no single point solution is up to the task. Securing business-critical information necessitates a comprehensive approach to your entire infrastructure, such as a Zero Trust security framework. Databases storing users’ credentials still need solutions like encryption and role-based access control, and digital identity assurance—with biometrics—is another crucial component for reducing fraud.
With biometrics and state-of-the-art liveness detection, impersonating a citizen is exceedingly difficult to do, even with all the stolen credentials the Dark Web has to offer.
The Power of Multi-factor
Traditional knowledge-based identity systems (i.e., passwords and PINs) have a single, static level of security that’s easy to compromise. But with a multi-factor system, you can achieve the highest levels of confidence in the identity of your users—prior to issuing unemployment payments—by combining several of the following:
- Confirming the user is in possession of a registered device (something the user has)
- Face, voice, or fingerprint biometrics (something the user is)
- PIN or passphrase (something the user knows)
- Geolocation (somewhere the user’s located)
Reduce Fraud with Biometric Identity Assurance
Biometric-based identity assurance is a proven solution in the government space that can dramatically reduce fraud while simultaneously improving the citizen experience.
Unfortunately, most biometric identity architectures are fragmented, with one system for onboarding, another for authentication, and another still for integration with non-digital channels like contact centers or physical locations.
Daon’s IdentityX® is different: It’s a seamless, all-in-one identity platform for both initial onboarding and ongoing citizen authentication in every channel, for life.
Enroll Once, Authenticate Anywhere
To start, IdentityX binds each digital account to a real citizen identity by comparing a government-issued ID to a live selfie—using state-of-the-art facial biometrics and liveness detection—with support for 7,000+ government-issued documents from 200+ countries.
Once a citizen has been digitally onboarded, your government office can instantly verify their identity in mobile apps, on websites, or even when speaking on the phone. Moreover, you and your constituents can rest assured that when engaging virtually with your systems, through any medium, their private information will remain properly secured at all times.
Ready to see IdentityX in action? We’d like to show you how IdentityX mitigates unemployment fraud with a quick demo.