Fighting Fraud in COVID-19 Relief ProgramsBiometrics, Artificial Intelligence Can Play Important Roles
The U.S. government should take a number of steps to help minimize the risk that benefits provided by the next rounds of economic stimulus programs designed to provide relief from the impact of the COVID-19 pandemic are not fraudulently obtained, security experts say.
- Leveraging biometrics for verifying identities;
- Applying artificial intelligence to pinpoint unusual benefits applications;
- Improving fraud-fighting cooperation between the public and private sectors.
“Government needs to invest in the right platforms that give them agility to respond to changing fraud tactics,” says Jatin Maniar, CEO at Singular Key, an identity verification company. “It is important to make sure that there is a unified platform approach to reduce the cost of integration, which also has the ability to add new technologies dynamically to respond to constantly shifting fraud tactics and attack vectors.”
In 2020, the CARES Act provided $2.2 trillion for COVID-19 relief programs and benefits, including small-business loans and unemployment compensation enhancement, to millions of Americans. But there were reports that fraudsters inappropriately obtained billions of dollars' worth of benefits.
Hannibal Ware, inspector general of the Small Business Administration, criticized the manner in which the organization dispersed loans last year, citing fraud. He prepared a report describing the fraud-related problems.
Late last year, former President Donald Trump signed into law a measure providing another $900 billion in coronavirus relief, and the benefits it provides are now being delivered.
Meanwhile, President Joe Biden has proposed yet another $1.9 trillion stimulus package that would provide even more benefits, including financial help for struggling businesses as well as the unemployed. Congress is considering that proposal now, and a group of Republicans has proposed a lower-cost alternative.
Based on the fraud seen last year in the first round of COVID-19 relief efforts, security experts are calling for greater precautions this year (see: Battling PPP Loan Fraud With Technology).
In September 2020, a bill was introduced in Congress calling for improving efforts to develop secure methods for federal, state and local agencies to validate identity attributes as part of a digital identity verification effort.
Meanwhile, security experts say technologies such as biometrics and artificial intelligence, as well as fraud-fighting cooperation between the public and private sectors, can play a big role in minimizing fraud.
The Role of Biometrics
Using biometric technology, such as fingerprint, iris or facial scans or voice biometrics, is critical in identifying fraud.
“Government-issued and managed digital identities should not only provide more security, but it should also enhance accessibility to services by allowing the use of biometrics technology on any channel, effectively removing the need for knowledge-based authentication,” says Simon Marchand, chief fraud prevention officer at Nuance Communications.
“Identifying a fraudster with biometrics factors will make it extremely difficult for that individual to defraud the government,” says Marchand. “If a fraudster’s voice is identified and added to a watch list, then every time that person calls the government, he will be identified. If they try to use synthetic voices or deep voices, then voice biometrics solutions will detect that, too.”
Technologies can help detect if a fraudster uses a “mule,” Marchand says. “There are technologies that create profiles based on choice of words, sentence structure, etc. This can be used to determine whether someone is going through a script while identifying themselves.”
Al Pascual, COO at Breach Clarity, points out that behavioral biometrics can also help spot potential fraud. “Suspicious interactions should lead to a higher level of biometrics check to compare the voice to the fraudster database, leveraging a single technology across multiple channels,” he says.
Trace Fooshee, senior analyst at Aite Group, says the government could do a much better job of controlling identity fraud by adding more controls. “The additional layers that have been found useful are those that are passive and that do not directly interfere in the authentication process,” he says. "Behavioral biometrics and device-based risk scoring solutions are instrumental in adding additional layers of signal detection but doing so in an unintrusive manner.”
Karen Boyer, vice president, financial crimes and fraud intelligence at People's United Bank in Connecticut, says collecting device data can also play a role. "We need to find out if the device is within the country or overseas. If a device is found to be located overseas, it should be sent for review of legitimacy. If it is domestic, information on whether the device location matches the application data needs to be verified," she says.
"Device ID verification can also help in determining whether the same device has been used for applying for multiple government benefit programs. It can also help in determining the time frame from start of the application to completion, which will help determine whether application has been filled up by a bot or not."
But adopting these technologies presents challenges for government agencies, says Amy Walraven, president and chief strategy officer at Turnkey Risk Solutions, a company specializing in tackling synthetic ID fraud.
“First, they need to ensure they are educated on the difference between each of these different fraud threats,” she says. “Then, they need to identify where is the best place within their current control infrastructure hierarchy to place them to ensure they realize the most benefit from these solutions.
“In addition, they will need to ensure they have the proper policies, procedures and training in place so that any issues that are identified are properly routed, investigated and resolved. Ensuring the technologies are properly implemented is just as important as having the correct solutions.”
Artificial intelligence also is a useful fraud-detection tool, security experts say.
For example, Pascual points out: “Artificial intelligence tools can investigate clusters of applications for benefits and check if multiple applications are marked with the same address.”
AI-enabled document verification solutions can also scrutinize elements of ID documents. “AI-enabled solutions have the ability to identify the exact format of the documents,” Pascual says. “AI checks the authenticity of the machine-readable zone code by evaluating if this field has been edited or tampered within the document. After ensuring the authenticity of the document, it decodes the MRZ and matches it against the information on the document.”
AI models are capable of accurately detecting any signs of forgery, even changes in a single pixel, experts say.
“Government-issued ID documents use special paper and ink to protect against fraud,” Pascual says. “AI has the capability to verify the special paper and ink on the documents. So use of AI is only set to increase in the fraud space in the coming years.”
Joni Brennan, president of the Digital ID and Authentication Council of Canada, says the federal government must strive to collaborate with private sector organizations, including financial institutions and telecom providers, to leverage their identity verification capabilities.
“There is an opportunity for the federal government to work closely with financial institutions and telecommunications providers to leverage the technology and security practices of these institutions to provide more assurance regarding the appropriate delivery of benefits to entitled individuals and organizations,” Brennan says.
“It can be beneficial to leverage existing enrollment of private sector regulated industries, such as financial institutions and telecommunications providers, who comply with regulatory requirements in terms of verifying their customers. Leveraging these existing communities of interest could provide near-term positive results for benefits delivery.”
Brennan points out that in Canada, “the federal government works closely with the major banks, credit unions and payment networks to leverage existing capabilities to provide more assurance that benefits would be delivered through direct deposits or through payment cards.” Brennan advises the U.S. follow the Canadian model, spurring government collaboration with the private sector to verify identity of individuals as well as ensure benefits reach the right people.
Maniar of Singular Key says the NIST framework for identity, 800-63-3, is a good beginning for fighting benefits fraud.
“While leveraging it is a great starting point, it needs to be supplemented with right set of additional identity proofing, authentication and fraud tools with a unified platform approach,” he adds.