FB pixel

Reducing government fraud: a discussion with SecureKey’s Andre Boysen

Reducing government fraud: a discussion with SecureKey’s Andre Boysen
 

In August, 2021, a Tarzana, California couple went on the run. They escaped while on house arrest by removing their tracking bracelets, and left the country without even telling their kids. The couple had been convicted of fraudulently obtaining over $20 million dollars in pandemic assistance funding through a COVID-19 fraud ring which submitted Paycheck Protection Program (PPP) loans using shell companies, forged tax returns and faked payroll documents. Last month, in February 2022, they were caught in Montenegro.

Then there is this story, an inside job by an Employment Development Department employee and former tax preparer, who used her past customers’ PII to create and authenticate false claims to receive over $4.3 million. U.S. states paid out over $500 billion in total fraudulent claims, with California’s share being over $114 Billion. To date California has stopped over $60 billion in fraud, 95 percent of which was from the Pandemic Unemployment Assistance. How were these crimes attempted and committed so easily, when the private sector keeps releasing advanced security tools?

“Criminals are more aware of the systems because they have studied them in order to take advantage of them,” says Andre Boysen, chief identity officer of SecureKey. “People don’t log into government systems everyday, so if they can’t log in, they assume they’ve forgotten their password, not that their account has been compromised.”

Government services are important, but a lot of us do not use them on a regular basis. This means we do not have the kind of daily familiarity authenticating with government websites as we do with say, Google or Amazon. Once or maybe twice a year, I interact with the online versions of the California DMV, property tax collector, business tax office, local government to renew my AirBnB permit, as well as less frequently with agencies to renew my global entry card, and the System for Award Management to participate in government contracting. Other government services include unemployment assistance, food stamps, WIC and CalFresh. Because many of these services are run by different levels of government, varying from the city, county, state and federal levels, the accounts and user interfaces for them are all different.

“Because I don’t use these websites except once or twice a year, I may not remember my password, unless I use a password manager. When I forget my password, I have to jump through a lot of hoops to reauthenticate. That’s a huge amount of effort for users who have to reset their password every time they go to a website,” says Boysen. “Is the solution a national ID card? For some countries, this is a great solution, but for other nations this goes against deep-seated values.”

Government sites could use some of the security functions that are used in the private sector, like SMS authentication or authenticator apps. But at the same time, government services must serve all constituents, not just the ones that use a smartphone. So there have to be alternate ways for people to prove their identity if they do not have access to the latest private sector technology.

And then there is the backlash. Why is it fine for me to unlock sensitive apps on my phone with my face, but there is a backlash about using face biometrics software to prove my identity on a government website? There is a fear that governments will misuse this kind of data, but over and over I have seen the private sector weaponize any scrap of data collected about us against us for advertising and to increase app engagement. To me this is much worse, and yet, as users we have no choice other than choosing not to use the private sector products. Governments do not have the luxury of shutting out a segment of their “market.”

Boysen thinks government identity systems need to hide security from the user, like how the EMV chip is hidden in our credit cards, but how would this solution help the aforementioned less technical users, especially in countries that do not like the idea of a national ID card? Government systems must be designed to protect the user – all the users, even the most vulnerable ones — like those who have lost jobs, homes or are otherwise down on their luck, while protecting the system from criminals.

It is a challenge to design systems that balance security best practices, usable interfaces, accurate online identity verification, while solving for the most underserved who may not be online and need support the most. I do not envy the government’s challenge to do so.

About the author

Heather Vescent is a digital identity industry thought leader and futurist with more than a decade of experience delivering strategic intelligence consulting to governments, corporations and entrepreneurs. Vescent’s research has been covered in the New York Times, CNN, American Banker, CNBC, Fox and the Atlantic. She is co-author of the The Secrets of Spies, The Cyber Attack Survival Manual and The Comprehensive Guide to Self Sovereign Identity.

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

Could be 25 years before TSA gets facial recognition in all US airports

The Transportation Security Administration (TSA) foresees significant delays in implementing facial recognition across U.S. airports if revenue continues to be…

 

Single solution for regulating AI unlikely as laws require flexibility and context

There is no more timely topic than the state of AI regulation around the globe, which is exactly what a…

 

Indonesia’s President launches platform to drive digital ID and service integration

In a bid to accelerate digital transformation in Indonesia, President Joko Widodo launched the Indonesian government’s new technology platform, INA…

 

MFA and passwordless authentication effective against growing identity threats

A new identity security trends report from the Identity Defined Security Alliance (IDSA) highlights the challenges companies continue to face…

 

Zighra behavioral biometrics contracted for Canadian government cybersecurity testing

Zighra has won a contract with Shared Services Canada (SSC) to protect digital identities with threat detection and Zero Trust…

 

Klick Labs develops deepfake detection method focusing on vocal biomarkers

The rise in deepfake audio technology has significant threats in various domains, such as personal privacy, political manipulation, and national…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events