Biometrics and authoritative ID source key to securing benefits, Idemia execs say
Over the past year, major portions of stimulus money went into providing extended unemployment benefits to aid individuals and families in need. Yet, these efforts faced pitfalls from inefficient digital identity infrastructure. Federal and state agencies had to scramble in record-time to accomplish an operational shift into fully digital services, all while maintaining gapless coverage of millions of beneficiaries. Yet, this administrative balancing act could not be accomplished without major trade-offs.
Biometric Update sat down with Idemia‘s Senior Vice President, Civil Identity for North America Matthew Thompson and Senior Director of Technology and Chief Technologist North America Timothy Brown to examine the implications of widespread unemployment benefits fraud amid the ongoing pandemic.
As soon as these agencies began to shift from their traditional means of in-person operations to a fully remote model, their identity verification methods – few of them involving biometrics — became inefficient and opened the gates to fraudsters who immediately took advantage of these security gaps to exploit the system. The result was a massive loss of taxpayer money. According to the Department of Labor Office of the Inspector General (OIG), losses of at least $63 billion resulted from improperly distributed unemployment funds mostly due to unemployment fraud.
“They suddenly had to move their engagement model to a digital version, an online model, in which they needed to establish trust through untrusted networks and connection points, and at the same time, you had a massive infusion of cash that was going into these programs. And in that kind of process of rapid deployment of these funds over the last year, legacy-type identity solutions that were being used to try and establish trust were weak and inefficient. They were inaccurate, unreliable, and easily exposed and manipulated by fraudsters,” Thompson explained.
Building a new answer with biometrics
The real challenge for these agencies was to find a way to remotely verify individuals with the same level of trust an in-person visit would yield. To Thompson, building a solution on top of the agencies’ existing verification processes was ill-fated, as much of the data used for verification had been compromised by the many recent massive breaches.
“A lot of the processes that the government agencies had in place or put in place are based on data that has been widely compromised today through the last decade of massive breaches that have exposed virtually every American’s personally identifiable information,” says Thompson. “And so, information that historically has been viewed as secret information is no longer a secret and we cannot rely on traditional methods of remote identity proofing that are solely based on data such as your social security number, your date of birth, your address, or your credit history. We have to find new and better ways to verify people’s identity to make sure that we are establishing and maintaining trust in making sure that benefits are getting to the right people.”
Idemia thus began to partner with various state agencies to create the necessary infrastructure to close the security gap left by inefficient verification. While there had to be a paradigm shift to rethink remote verification, the building blocks already existed within vast databases maintained by none other than the state DMVs, the only authoritative issuer of identity on the state level. “There is no identity database better than the one that’s created based on the in-person proofing event that is done when you go to a DMV to prove your identity and get a driver’s license.”
This partnership has allowed Idemia to become a market leader in issuing trusted official credentials. To date, the company issues between 70 and 75 percent of physical driver’s licenses to DMVs in the United States. In addition to this Idemia leveraged its expertise in biometrics technology to join these physical driver’s licenses with biometric images maintained by the various DMVs.
“And the way we do that is by giving citizens or residents the ability to digitally request that the DMV effectively match their identity information which includes a biometric that we capture and send to match against the record that the DMV has in their system of record and provide a response of ‘yes’ or ‘no’ that there is an authoritative match,” said Thompson.
Tim Brown also believes that this has helped to raise the de-facto status of state DMVs to the authoritative identity issuer in the United States. “We now have the ability to get away from the traditional way of identity proofing whether it is through document authentication or similar means and reduce it more to a well-known function like face matching to a system of records of high-quality enrollment images,” Brown explains. “This allows us to sidestep the problematic capture of images from a device and trying to figure out if a document is authentic…The biometric side is well-tested. The NIST testing that the government does around establishing baselines and performance helps figure out that the person on the other side of the computer is who they are.”
Idemia’s ongoing partnerships are already yielding positive results, especially in Oklahoma and Arizona. Oklahoma was the first state to adopt an official digital ID, called the Oklahoma Digital Mobile ID.
“That’s where we started to enable digital citizens in the state with a state-signed digital credential,” Brown says. “It was the first state to launch that, aligned with the international standard for mobile driver’s license (mDL). As soon as we started getting this into the hands and onto the devices of people in Oklahoma that wanted it, the state had ways to deliver benefits directly and in a remote fashion with the same level of confidence and trust of an in-person transaction.”
Thompson added that this also allowed Oklahoma to identify unemployment fraud on time. “During the pandemic, their unemployment agency was starting to see the ramp-up in fraud and they wanted stronger solutions quickly to be integrated. And they already had Idemia’s ID fabric, which is the enabling technology that connects to the state system of record, leveraging that to verify identity upfront on an unemployment application. We have done hundreds of thousands of those transactions now with no known fraud and it strongly gates the application process upfront and prevents people from manipulating data to file a false claim.”
With the underlying issues little closer to resolution than when the pandemic began, the market for remote biometric identity verification in the public sector is likely to remain strong for the foreseeable future.