These pressures create a new reality for HHS agencies: Identity verification is no longer a supporting function. It’s core infrastructure that affects who can access services, how confidently agencies can verify continued eligibility, and how effectively they can prevent improper payments and fraud.
Modern identity infrastructure gives agencies a consistent, risk-based way to verify new applicants and returning beneficiaries. Instead of relying on static checks or siloed tools, agencies can use adaptive controls to detect fraud earlier, reduce manual review and improve confidence in eligibility-related decisions.
Key Challenges for HHS Agencies
Congress passed H.R. 1 in 2025, significantly changing the operating environment for multiple HHS-related authorities. SNAP agencies, for instance, must reduce application payment error rates below 6% by 2028 or face financial consequences. Some Medicaid recipients must go through redetermination or recertification twice a year instead of annually.
Strengthening error prevention can reduce both the fiscal impact of improper payments and the reputational damage caused by error-prone systems. However, stricter federal eligibility requirements and heightened payment scrutiny also raise the stakes for HHS agencies. More frequent recertification increases verification volume and creates additional opportunities for fraud. Meanwhile, AI-driven attacks are making it easier for fraudsters to exploit weaknesses in recertification workflows.
The following challenges underscore why identity must be treated as foundational infrastructure for payment accuracy, fiscal stability and public accountability:
At-risk users. SNAP and Medicaid program applicants must show they qualify for benefits. This starts with digital identity verification. But individuals applying for these benefits often lack a typical financial footprint, so credit bureau-based solutions fall short in verifying this population.
“Traditional identity verification solutions rely heavily on credit header data,” says Will Kern, a principal solutions consultant at Socure. “As a result, they miss out on a large demographic typically served by these benefits programs.”
Applicants may lack a permanent home address. They may rely on prepaid phones or apply for benefits on a public computer at the local library, which can trigger fraud alerts in legacy verification processes.
“High-risk signals like library computers and prepaid phone numbers may be evidence of fraud, but they’re also evidence of your normal user base,” says Neal Gallucci, head of public sector solution consulting at Socure.
Ensuring equitable access means addressing these issues in a way that balances access and program integrity. Policies designed to foster inclusiveness may misfire, however, by removing obstacles for fraudsters who can easily circumvent obsolete tools and processes.
Fraudsters armed with this data and AI/ML tools can attack at scale, driving program costs higher at a time when cost controls are critical. When budgets are tight, fraud diverts money from people who need it.
Gallucci says agencies traditionally budget for a small volume of fraud, making a tradeoff to ensure access. However, AI-driven fraud can blow up an agency’s budget.
“It’s worth it to be right 97% of the time because making sure a child doesn’t go hungry is more important,” he says. “But that 3% fraud rate can become a 15% fraud rate you didn’t budget for, and now you’re low on funds because you improperly distributed them.”
Growing verification volume. Verifying beneficiaries more frequently creates more potential entry points for fraud and increases the pressure for manual reviews. Agencies that lack modern, adaptive identity controls face a difficult choice between tightening controls and overwhelming staff capacity or loosening controls and accepting higher improper payment rates.
Fragmented identity across programs. Medicaid, SNAP and similar programs often operate on disconnected or siloed identity systems. “They may have a device-reputation solution that doesn’t talk with their third-party fraud solution,” Kern says. Fraudsters exploit these kinds of gaps.
As eligibility requirements become more rigorous and cross-program data matching increases, fragmented identity systems introduce duplicate records, data mismatches and inconsistent validation outcomes. Without a unified identity layer, agencies face more manual rework, less confidence in eligibility decisions and greater risk to program integrity, even when applicants are acting in good faith.
Moreover, improper payments don’t always result from flawed eligibility logic or outright fraud. Many mistakes stem from ambiguous identity signals at onboarding or renewal. If identity confidence is inconsistent, downstream controls like income matching, cross-program validation and duplicate detection become unstable.
Modernizing Identity Infrastructure
Key advantages of a modern identity infrastructure include:
Dynamic risk scoring. AI-enhanced platforms integrate identity intelligence in real time from onboarding through recertification. The software evaluates dozens — or even hundreds — of user, device and transaction behaviors and gives each one a score that synthesizes risk. “The passive, risk-based solution runs in the background,” Kern says. “The applicant doesn’t know it’s happening.”
This type of solution lets agencies get the right benefits to the right individuals at the right time. Socure’s software, for instance, uses real-time, riskbased scoring that approves up to 98% of applicants and requires extra verification only when it identifies measurable risk.
Holistic, user-centric experience. Risk-based verification can layer with identity and access management (IAM) tools, ensuring comprehensive program integrity that continuously verifies identity in the background. Agencies can deliver a seamless digital journey, preventing fraud while making it easy for people to engage with their services.
Statistical modeling and continuous feedback let agencies adjust friction based on evidence of risk. Low-risk applicants can be approved with ease, while higher-risk applicants can be required to provide additional information and/or documentation. This flexibility allows agencies to minimize burden while targeting potential fraud with precision and clarity.
Higher agency productivity. By preventing fraud at the front door, agencies gain time downstream. Risk-based identity verification weeds out fraudulent identities so you can have confidence that you are conducting eligibility checks on real, verified individuals. “You’re increasing program integrity while reducing worker caseload,” Kern says. “You’re not wasting time doing employment and income verifications on stolen or synthetic identities.”
Automated risk scoring also reduces false positives that drive administrative rework and undermine payment accuracy as eligibility standards tighten. Common actions like account recovery, credential management and profile updates can be automated through configurable workflows, boosting operational efficiency while maintaining strong compliance and risk reduction.
Applying real-time risk scores at each interaction minimizes unnecessary escalations.
Secure self-service capabilities. Modern platforms use low/no-code interfaces that let business users adapt the software to specific needs without assistance from central IT authorities. “Something that may have taken weeks or months can now be done by business analysts in real time so you can see benefits immediately,” Kern says.
Forensic tools. Identity analysis detects synthetic identities, anomaly clusters and coordinated fraud patterns. Establishing this baseline helps agencies quantify fraud exposure, identify identity-related vulnerabilities and respond faster.
Defensible audits. Under heightened federal scrutiny, agencies must demonstrate outcomes and explain how decisions were made. Advanced identity platforms provide traceable validation steps, documented risk scoring and reproducible decision logic tied to eligibility determinations. This defensible audit trail strengthens oversight while reinforcing measurable payment accuracy.
Managing Eligibility Complexity
More rigorous eligibility rules raise the cost of inaccurate benefits determinations. While technology can ease cost pressures, controls must be used with care. Blanket documentation requirements and uniform verification controls can be counterproductive if they raise friction for users, increase application abandonment and expand administrative rework.
Uniform controls also incentivize fraudsters to create automated attacks on predictable checkpoints. Targeted, risk-based controls shift this dynamic by adding user friction only where risk justifies it.
These tips will help agencies get the best performance from a modern identity infrastructure:
Establish a baseline with a forensic portfolio scrub. Conduct a comprehensive forensic analysis of your user base to understand your true fraud footprint. Identify troubling trends, anomalous patterns, synthetic identities and potential organized fraud groups. This data-driven baseline provides visibility into your current risk exposure and creates a compelling foundation for modernization.
Implement real-time risk assessment and segmentation. Use insights from the forensic scrub to design a real-time risk-mitigation strategy. Apply identity and behavioral signals at each interaction to evaluate risk and direct applicants to the right level of verification.
Manage risk dynamically. Route higher-risk applicants through enhanced verification workflows; lower-risk applicants can usually be approved passively. Guard against overaggressive controls that increase false positives, leading to delayed benefits, appeals and erosion of public trust. Dynamic risk management concentrates friction where risk signals justify it, reducing unnecessary denials and stabilizing payment accuracy under evolving eligibility standards.
Continuously monitor, measure and adapt. Use performance analytics and feedback loops to track fraud capture rates, false positives and user experience metrics. Ongoing monitoring lets agencies dynamically adjust automated decisioning, refine risk thresholds and respond quickly to emerging fraud patterns.
Protecting Vulnerable Populations
Modern identity infrastructure makes it easier to get people the help they need while giving HHS agencies the foundation to prevent increasingly sophisticated fraud and the flexibility to adapt to shifting verification requirements.
Fraud prevention must be continuous. Attacks are becoming faster, more automated and more adaptive.
“Fraud will adjust as you apply friction,” Gallucci says. “Modern identity verification platforms use real-time risk scoring and behavioral signals to help agencies identify new fraud tactics early and adjust controls accordingly.”
