Identity Provider (IdP) Solutions are Critical to Identifying and Mitigating Government Benefits Fraud
Slalom’s Stephen Walsh, a former public agency CIO and a member of the Association of Certified Fraud Examiners, dives into ways government agencies can identify and mitigate benefits fraud.
The continued reports of another wave of unemployment insurance (UI) fraud claims in nearly half of the states across the nation are major indicators that, even post-pandemic, many state governments have yet to tackle and mitigate their ongoing fraud risk processing claims and benefits. The most recent fraud schemes include fraudulent applications with fake identities, account takeovers, and inside “mules” that are compromising existing benefit accounts.
According to the U.S. Government Accountability Office (GAO) in a report from February 2023, “the expediting of COVID-19 relief funding exacerbated an underlying improper payment problem in the federal government, including UI, which predated the pandemic. For example, the U.S. Department of Labor (DOL) reported an increase in estimated improper payments from $8.0 billion (9.2 percent estimated improper payment rate) for fiscal year 2020 to $78.1 billion.
According to the U.S. DOL Inspector General as of January 2, 2021, there was an estimate of at least $39.2 billion in improper UI payments at risk of not being detected and recovered. The large sum included $17 billion in “potential fraud paid in four high-risk areas, such as to multi-state claimants and those with social security numbers of deceased persons.”
As both a former chief information officer (CIO) and a certified fraud examiner (CFE), I tend to view fraud risk mitigation and prevention through a much broader lens than a chief risk officer or a CIO might, based on their singular purview.
The increased use of synthetic identity and the advancements of technologies such as artificial intelligence/machine learning (AI/ML) to further perpetrate fraud schemes to circumvent identity access management (IAM)/identity management system (IMS) controls have significantly increased the identity and financial fraud risk organizations and, in turn, their customers are facing today.
The unfortunate but rapid growth of identity fraud means that government agencies have a tremendous challenge and balancing act ahead. Fraud risk and financial losses continue to grow, as fraudsters find new ways to exploit vulnerabilities in agency systems and process controls. In parallel, there are several federally funded state labor and workforce development technology modernization efforts underway, all with similar goals of providing a streamlined and frictionless application and disbursement processes for state unemployment insurance and paid family & medical leave (PFML) benefits. The pace of modernization coupled with an ever-changing, complex fraud landscape could be another “perfect storm” in new fraud losses unless state governments begin to both fund AND focus on more robust fraud Identity Provider (IdP) solutions as part of these modernization efforts. The ongoing challenge will be for states to effectively identify fraudulent applications and claims at the source, while also ensuring an efficient benefit claims process that provides much-needed funds in the hands of legitimate applicants without delays.
Selecting the right IdP should be the top priority!
States and their respective agencies that are using advanced IdP solutions have more than a leg up in mitigating their improper payment fraud risk and are also more likely to protect taxpayer resources from identity theft. The financial and banking industry has been utilizing advanced IdP and analytic platforms for years and given the growth of State benefit programs and increased access via web-based applications and CRM platforms, it’s only logical that States need to invest and adopt IdP solutions with proven fraud detection capabilities with real-time ID verification.
There is an immediate priority to incorporate and deploy more robust IdP solutions as a component of the larger IAM/IMS infrastructure to enhance and secure these modernization efforts. These enhanced IdP solutions should be viewed as an “upfront” enhanced preventative security solution to mitigate the high external risk associated with fraudulent identities and transactions, while also preventing fraudsters from gaining access to state agency claims and benefit systems. While IdP stores and manages digital identities, it is also the “gatekeeper” for the entire IAM infrastructure.
At the same time, states must simultaneously, effectively, and efficiently verify identity upfront and reduce fraud risk while processing claims or benefits with as little friction to the claimant as possible. This is no easy feat — and the fraud risk and landscape are changing daily, especially with the proliferation and sale of synthetic ID on the dark web. Improper payments to fraudulent claims will continue to be problematic until advanced IdP solutions are deployed as a safeguard. For example, many states have begun utilizing IdP solutions to safeguard external access to centralized resident portals, retirement systems, tax systems, economic benefit programs, health and human service benefit systems, motor vehicle (REAL ID), and workforce development systems.
According to the Council on Identity Theft Protection, “the Federal Trade Commission received 5.7 million total fraud and identity theft reports, 1.4 million of which were identity theft cases.” What is more jarring is that with 395,948 reported cases, government documents/benefits fraud is the largest identity theft type reported in 2023. The Association of Fraud Examiners (ACFE) 2022 Anti-Fraud Technology Benchmarking Report found that “the use of artificial intelligence and machine learning in anti-fraud programs is expected to more than double over the next two years, with 60% of organizations eyeing an increase in budgets for anti-fraud technology over that period.”
From state technology leaders who handle the selection and implementation of solutions to internal audit and fraud compliance units tasked with mitigating and oversight entities such as inspectors general all have critical responsibilities around these concerning statistics.
Here are nine tips to guide states to successfully select an IdP solution to mitigate their fraud risk:
1. Assess your needs: Identify your organization’s specific requirements and objectives related to user authentication, access management, and identity governance.
2. Scalability and flexibility: Look for an IdP solution that can accommodate your organization’s growth and adapt to changing business needs. It should support various authentication methods and integrate with your existing systems. Likewise, single solutions that have a full end-to-end automated approach for ID verification may also have an advantage over solutions that rely on multiple external 3rd party data sources that may not always have the most up-to-date information, and that also rely upon the system performance of these sources.
4. Fraud detection capabilities: Check if the IdP solution offers advanced fraud detection mechanisms, such as anomaly detection, behavior analytics, and real-time monitoring. Solutions that have advanced AI/ML, analytics, document verification and access to a diverse body of data should be given preference. IdP solutions should check for identity trustworthiness by ensuring that the Identity is the actual person/claimant and not a fraudster before the IdP absorbs the identity into its systems and processes. Detection at account creation is critical in deterring fraudulent claims and improper payments.
5. Compliance and regulations: Verify that the IdP solution aligns with industry standards and complies with relevant regulations (e.g., GDPR, HIPAA) to protect user data and privacy.
6. User (I.e., claimant/applicant) experience: Evaluate the user-friendliness of the IdP solution, considering factors like ease of use, intuitive interfaces, and self-service options for users. The experience should be frictionless while auto-verifying over 95% of applicants/claimants with the intelligence capability of eliminating false positives. It can be detrimental to the resident experience to send a claimant to a government office or documentation verification site due to a false positive; it’s time-consuming and delays much-needed benefits. Therefore, cost reduction and claimant experience are also a byproduct of an effective IdP solution, reducing unnecessary manual or physical interactions with claimants.
7. Integration capabilities: Ensure the IdP solution can seamlessly integrate with your existing applications, databases, and identity systems to ensure a smooth user experience. Most IdP solutions can integrate within your overarching IAM infrastructure and be rapidly deployed.
8. Equity: Ensure your IdP solution can reach the population underserved by typical legacy solutions. State residents most in need typically have the most burdensome experience accessing online services due to limited credit history and many without government IDs. Reducing bias-driven friction is as important as reducing friction in general.
9. Vendor reputation and support: Research the vendor’s track record, customer reviews, and support services to ensure they have a reliable and responsive support team. States considering IdP solutions should consult with their government counterparts who have been early adopters for lessons learned, while also understanding how the IdP market has significantly advanced. States that haven’t adopted IdP should begin to think about staying ahead of the curve, rather than following the pack. Advanced technology such as AI/ML coupled with real-time fraud analytic capabilities should be a primary goal.
By considering these factors, you can select an IdP solution that meets your organization’s unique needs and help mitigate fraud risks effectively.
Slalom can advise and support public agencies in the decision and selection process for an IdP solution that can address ongoing risk and fraud prevention and mitigation challenges, and that will integrate with ongoing modernization efforts and legacy identity management infrastructure. We support the strategic planning and IdP selection process by aligning State agency risk, finance, audit, and technology stakeholders. Slalom recommends that agencies also include respective oversight entities (comptroller, inspectors general, and state-level CIO/CTO) during the selection process.
In my next article, we will focus on how Data Analytics and AI/ML can further provide state agencies with the strategic and preventative tools they need in the fight against fraud.