Blake Hall – Founder and CEO of ID.me, an online identification network company founded and run by veterans that allows people to prove their legal identity
During the Covid-19 pandemic, unemployment fraud and improper payments have increased as criminals have attacked state agencies. While it’s commonly understood that fraudsters stealing money is a bad thing, what’s less well known is that fraud also reduces access for legitimate people.
Outdated IT systems were a source of vulnerabilities and enabled this historic fraud to take place during the pandemic. Pew research shows that states that have fallen prey to scammers have been slower to offer benefits to legitimate claimants. Unemployed Americans who needed assistance accessing medical care, paying rent, or putting food on the table had to wait longer as agencies had to spend time and resources sorting out legitimate claimants from fraudulent ones. In some cases, states have even had to take a “pause” or “reset” by halting claims processing to put in place fraud controls, as happened when Vermont suspended unemployment claims from filing online in the US. ‘April 2021. In this case and others, the fraud reduced access to benefits for ordinary Americans.
Two federal agencies anticipated this problem before the pandemic and called for its resolution in response to high-level data breaches and in anticipation of future problems:
1. National Institute of Standards and Technology (NIST), part of the US Department of Commerce, developed standards for secure login and identity verification during the Obama administration. More specifically, NIST created Identity Assurance Level 2 (IAL2), which is considered the gold standard for digital identity verification providers because it uses evidence that validates a person’s real-world existence through a digital platform.
2. The Government Accountability Office (GAO) it also recognized the impact of inadequate digital identity standards on accessibility. In 2019, the agency overhauled legacy systems for verifying identity and rendered them ineffective. Specifically, he found that knowledge-based verification, the process of proving yourself through questions and answers that many state governments use, is problematic. The report concluded that until “agencies take steps to eliminate their use of knowledge-based verification, the people they serve will remain at greater risk of identity fraud.” Industry research has shown that 92% of scammers passed Knowledge Based Authentication (KBA) questions based on a nationwide contact center case study, while genuine customers only passed KBA questions 46% sometimes.
IAL2-compliant digital identity verification is expected to replace the outdated technology that is failing Americans, and both NIST and GAO have offered a clear road map that could have prevented the extent of pandemic fraud that has occurred. The consequences of ignoring the advice to upgrade authentication skills were dire for unemployed Americans when the pandemic hit.
In October 2020, the Kansas Deport of Labor estimated it would have to pay $37 million in unemployment claims when their anti-fraud teams discovered $35 million was fraudulent. Or consider the story of Philip Payton, violinist in Disney’s Frozen musical, who lost his job when production was halted due to Covid-19. While he was receiving unemployment benefits in New York, a criminal used his identity to file an unemployment claim in Texas and as a result his benefits were suspended for eight months.
Weak verification makes it easier for scammers to monetize stolen identities. When a scammer can claim benefits on behalf of a legitimate individual, he adds friction to the lives of the rightful owner of personally identifiable information. In Mr. Payton’s case, that friction lasted for a stressful eight months and involved numerous phone calls and hours on hold with multiple state agencies. These examples represent the millions of Americans whose livelihoods have been directly harmed by scammers. Additionally, the Identity Theft Resource Center estimated that 87% of identity theft victims experience emotional harm and 68% experience physical impact.
There is a misperception in the marketplace that government agencies have to choose between security and attrition. However, agencies can have both without compromise. Furthermore, weak verification actually adds friction for legitimate users, causing their personal information to be exploited by scammers (and leaving legitimate people to fix false claims).
This misperception is primarily driven by data brokers, companies that aggregate your data from a variety of sources and sell it to other organizations. These organizations buy quantities of consumer data and create passive profiles on individuals, often without their knowledge and consent. Data collection opt-out processes can often be deliberately understated and confusing, which prevents user control. This older model treats someone’s identity as an independently tradable commodity rather than as a personal asset belonging to an individual. Furthermore, this model struggles to verify people without a presence in online registries, as Politico recently reported that “relying on data brokers for identity verification purposes will further exacerbate inequalities over race and wealth.”
A consumer-centric model where a user presents proof of identity in accordance with government guidelines and can control when and with whom their data is shared could solve this problem. Privacy and consent must be critical to the digital identity verification industry. And, thanks to the strength of NIST guidelines, we can put users in control of their data, while also preventing fraud.
The Covid-19 pandemic has accelerated the need to embrace the future of digital identity verification. To face the moment, government agencies must rely on secure methods of identity verification and up-to-date technology to reduce fraud and prevent delays in processing benefits. A future less inhibited by fraud solves the affordability challenge and ensures a more equitable future for all Americans.
Forbes Technology Council is an invite-only community for world-class CIOs, CTOs, and technology executives. Do I qualify?