When it comes to fraud, it takes a network to defeat a network

Over the past two years, we’ve witnessed pervasive attacks on roughly $5 trillion of state and federal public benefit programs that aimed to help the nation through the pandemic. Nigerian crime rings with access to compromised personal information filed fraudulent unemployment claims across the country. Known fraudsters used synthetic fraud techniques to double down on illegal activity and steal unprecedented sums from the Paycheck Protection Program.

In March, we learned in congressional testimony that upwards of $163 billion has been lost to unemployment fraud. In June, federal watchdogs informed the Select Subcommittee on the Coronavirus Crisis that small business loans with obvious signs of fraud were approved without proper verification. Inspector General Michael Horowitz, chair of the Pandemic Relief Accountability Committee, told lawmakers that one telephone number was used in more than 1,400 Paycheck Protection Program applications and one social security number was used in more than 29 states to get unemployment income.

All the while, many families in America faced extended delays and hardship as overworked government employees worked to meet the need.

We will face another crisis—whether it’s economic, public health, climate change or otherwise. And there’s no doubt that fraudsters are taking lessons learned from the COVID-19 pandemic response to refine their arsenal of tools and tactics. As an industry, we can learn from our collective experience by answering two fundamental questions: why did this happen and what can we do to prevent it?

Today’s fraud schemes have gotten more complex and more efficient than ever before. For the most part, this isn’t hackers in a dark basement operating alone. Rather, it’s a network of criminals, here and abroad, identifying vulnerabilities, operationalizing sophisticated tactics, comprising digital identities, evading law enforcement, and sharing best practices with networks of criminal enterprises.

For example, the Nigerian criminal ring filed multiple fraudulent submissions under a singular stolen identity managed by one central email account and recruited unknowing individuals to launder the money, effectively eluding law enforcement efforts. They did this time and time again, attacking agency after agency. And yet, our government response has been stovepiped. Federal and state efforts are fragmented and decentralized, making it harder to detect similar fraudulent techniques across state and federal programs.

General Stanley McChrystal, who commanded the Joint Special Operations Command in the mid-2000s, once said, “It takes a network to defeat a network.” With regard to fraud, it’s no different.

State and federal policymakers, enforcement agencies, industry experts, and other stakeholders can and must take several steps today to stay ahead of those looking to fraudulently benefit from government programs. 

First, government leaders must recognize fraud prevention as a team sport and establish a centralized Center of Excellence to fight back. We must be in closer contact than our adversaries. This includes sharing identity fraud signals as well as input from private industry sector partners who can help identify the emerging threat landscape at speed and scale.  

Second, state and federal enforcement agencies need to share best practices when it comes to bad actors who look to use similar tactics to target various government programs. This means we should share appropriate data with transparency and oversight to root out fraud so that people in need of benefits can receive them.

Finally, we need dynamic technology systems capable of staying on top of evolving fraud schemes. Criminals are constantly looking for holes in online identity verification systems, and we’ve seen that legacy processes don’t hold up. New approaches, such as graph-based identity verification, use advanced analytics to let legitimate people get the benefits they deserve while preventing fraudulent claims. We must finally treat identity verification like critical infrastructure and invest the necessary time and resources toward ensuring we have the best systems possible in place.

This work isn’t easy. But we must do better if we want resources to get into the hands of people who need them most, save hard-earned taxpayer dollars, and stop the cycle of identity fraud that permits criminals to benefit at the expense of everyone else. Only then will the American people will regain confidence in our government programs.

Jordan Burris, senior director of product market strategy, public sector, Socure