Some recently unemployed Americans who have attempted to file for jobless benefits are encountering a nasty shock: They’ve been robbed by canaries.
Not the birds, of course, but a Nigerian hacker ring called “Scattered Canary” that has successfully lifted millions of dollars through scam unemployment filings in at least six states.
Washington state has been particularly hard hit, GIACT Co-founder and CEO Melissa Townsley-Solis told Karen Webster. The state's top employment official said scammers made off with "orders of magnitude" above a previously reported $1.6 million, but that authorities "successfully prevented hundreds of millions of additional dollars from going out to these criminals."
But Townsley-Solis said that’s just one scammer ring. Michigan as of last week had halted 340,000 questionable unemployment claims, while Pennsylvania suspects it has paid out on roughly 60,000 false filings, and Maryland has found 47,000 unemployment fake-outs.
And that doesn’t even count the $1.4 billion in stimulus checks that Uncle Sam accidentally sent to the deceased. The government claims it’s clawing those funds back, but Townsley-Solis wishes them good luck given that opportunistic fraudsters most likely already cashed the checks. She added that what few people realize is that the pandemic didn’t break the public payments system so much as expose how incredibly broken it already was.
“COVID [is] forcing … states and cities and municipalities to address a problem that’s really been going on for years and years — that is, their systems are outdated,” Townsley-Solis said. “They are going to have to update how they mitigate and control fraud and risk and update their systems. Unfortunately, it's not just the chaos that is causing these problems, it’s inherent inadequacies in the technology itself. Before, there was not as much attention paid as there needed to be.”
But government officials are paying attention now — particularly to how they verify a receiver’s identity before actually disbursing funds to someone, she said.
Step 1: Start Again
Townsley-Solis told Webster that a good starting place for state governments would be to redesign their systems for authenticating whom they’re paying out money to.
Unfortunately, some states have no formally codified verification process at all, Townsley-Solis said. She added that even those that do tend to rely on credit header data or application data, which doesn’t work because “every fraudster in the world also has access to that information.”
Modern fraudsters are well-funded, skilled and smart — and they aren’t going anywhere as long as there's an opportunity to exploit under-protected systems. So, agencies need to start taking a holistic look at verifying applicants across a series of data points such as traditional and non-traditional identity data that encompass both bank account and phone data.
Non-traditional sources such as email addresses and IP address information need to match into the traditional sources providing a complete identity picture, according to Townsley-Solis. And perhaps most critically, they need to make sure that the name on an account they’re sending money to matches the name of the person who applied for funding.
“With a few changes and efforts to fill in these obvious gaps, they could solve this problem and have a very comprehensive fraud and risk solution,” she said.
There’s No Time To Waste
The hurt that fraudsters who target public systems cause isn’t theoretical; they’re stealing money people who’ve fallen on hard times really need. Someone who loses a job during this crisis might apply for unemployment and find out that a fraudster is already collecting funds in their name and running down the person’s eligibility.
“COVID-19 has really shone the light on [the problems] because it's such a huge number in terms of losses,” Townsley-Solis said. “People are saying: ‘We've got to solve the problem.’ I mean, we're the greatest country in the world, but yet we're not solving our fraud issues that are easy to solve if you put the right solutions in place. And it is costing millions of hardworking people who really need the money.”
She said GIACT is committed to helping public entities very quickly launch new verification paths that use diverse data signals to determine applicants are who they say they are. The firm also wants to help governments verify that accounts, where funds are going, are owned by the right person.
To public agencies’ credit, Townsley-Solis said governments are showing a willingness to solve these problems instead of spending a year or more on paperwork and stutter steps before implementing solutions. She said that’s because agencies are losing money to fraud so fast that they know they don't have a year to waste.
And hopefully, public entities will have learned even after the current crisis passes that fighting fraudsters isn’t a one-off, set-it-and-forget-it process, Townsley-Solis said. They’ll have to make the mindset leap that banks, insurance companies, merchants and technologists made long ago — that fighting fraud is an ongoing effort to stay one step ahead of professional thieves who are themselves always innovating.
“[Fraudsters] know how to move throughout the United States and the banking system, and this is not a problem that is going away,” Townsley-Solis said. “If we believe that when COVID [is resolved] that this problem is going away, think again. It's been here for years. … Cities, states, municipalities and the federal government have not updated their system to really change with what fraud is doing. They've not kept up. Now they have to.”