When you think of states calling in the National Guard, you might imagine rescuing people from floods or providing emergency relief. But this summer, Washington state had to call in 54 National Guard troops to help it investigate cybercriminals who targeted the state’s COVID-19 relief funds.
Washington wasn’t the only state to suffer, either. This problem is widespread and ongoing, affecting almost every state in the nation. Last week, Congress approved an 11-week extension of $300 weekly unemployment benefits to all jobless people as well as creating a requirement that all states must have procedures in place to validate the identity of the people applying for those benefits.
Congress likely assumed they were fixing the problem, but that requirement means that states either have to immediately update their outdated systems or continue to attempt to verify the identity of all applicants in person using existing methods — which many officials are saying means deserving people will get nothing for weeks or even longer and many people will be exposed to the coronavirus.
Typically, unemployment-fraud investigations make up about 10% of the Department of Labor’s workload. Now it sits at 50%. In addition to this stolen money, states are having to spend millions to investigate the crimes. The U.S. Department of Labor gave the Maryland labor department $2.43 million in September to painstakingly investigate each claim.
The Secret Service says most of this is connected to a Nigerian organized crime ring called Scattered Canary that conducted a coordinated unemployment-fraud campaign. State unemployment officials say they didn’t have systems in place to quickly identify fraud and that the crime ring was collecting money for up to two months before being detected.
Even now, when they know the extent of the fraud, many have no way to stop it, so they spin their wheels as criminals continue to steal money unchecked. The government predicts that $26 billion in COVID-19 relief alone eventually could be stolen.
The only way to quickly stop this theft and get payments to those who deserve it is to upgrade the neglected technology used to certify unemployment claims. Both New York and Connecticut's unemployment systems are more than 40 years old. It's this outdated technology that has caused delays in payments to people who need it the most during the pandemic.
Requirements vary by state, but the way many unemployment claims work online is people are asked to provide personal information such as name, Social Security number, address, etc. The issue is that large amounts of this personal data are available for purchase on the dark web, making it relatively easy to file a fraudulent claim on behalf of someone else.
To stop this fraud, we need greater safeguards to ensure that the person filing a claim matches the identity of the person on record. Identity verification tools are already being deployed by some state unemployment agencies, such as in Oklahoma, which rolled out its program recently. States using online identity verification require that a person upload images of their ID (e.g. a driver’s license or passport) and then take a selfie to ensure that the image on the ID matches both the selfie and also matches their photo on file at the DMV. This technology can confirm not only that the information matches but also that the selfie is of a live person and not an image, a mask, or a deep fake. The whole process only takes a couple of minutes for the user but can drastically reduce fraudulent claims while accelerating the processing of legitimate claims.
While we can be glad that Congress has provided relief to a country hurting during a pandemic, if states attempt to meet the requirement for validating the identity of people filing for benefits without improving their technology, then this is an oversight that will cost us all millions and cause additional hardship to people who are most vulnerable right now.
Matthew Thompson is senior vice president of civil identity at IDEMIA, an international technology and security company headquartered in Courbevoie, France. He also is a member of its executive committee for identity and security business in North America. He wrote this originally for InsideSources.com.