Selfies: A new weapon against public assistance fraud By Monty Faidley One downside in moving public assistance programs into the digital world has been the loss of face-toface contact between citizens and government agencies. Previously, validating the identities of beneficiaries wasn’t an issue because government employees could see who they were talking to, but this has clearly changed. While no one is ommending a return recto old ways of doing business, identity fraud has become a serious and grow- ing threat to the integrity of Health and Human Services (HHS) programs. Last year taxpayers lost more than $100 billion from public assistance programs due to fraud and improper payments. And, based on what I’ve heard from law enforcement and witnessed in my experience working with government customers, much of it stemmed from organized criminal groups – both foreign and domestic – who sell stolen identity information on the “dark web,” which is often used to commit fraud against HHS agencies. It is an alarmingly easy criminal enterprise that has increased dramatically since government services went online. Criminals often use stolen identities for robbing tax refunds, medical benefits, unemployment insurance benefits, death benefits and other public assistance programs. The people hurt the most are the disad- vantaged Americans who truly need the safety nets. HHS agencies ur- gently need to adopt new multi-layer secu- rity models of authen- ticating users to prevent fraudulent manipulation of their programs. The current norm of requiring only single-layer authentication such as passwords or PINS is woefully inadequate. Multiple layers of strong authentication are needed to withstand the constantly evolving nature of fraud schemes. The good news is that the ubiquity of smartphones combined with biometric-based security technolo- 44 gies like fingerprint scanning and facial recognition offer HHS agencies a powerful new authentication weapon to combat identity fraud. One promising idea is using smartphone “selfies” as part of a multi-layer approach for verifying and authenticating beneficiary identities. A new generation of smartphone apps are emerging that could help agencies validate identities with the near-reliability of faceto-face contact. We’re already seeing it deployed in the commercial world. Earlier this year, MasterCard launched its “Selfie pay” service that lets consumers use selfies to authenticate online purchases. And today, free apps such as Identity Snapshot are emerging on the iTunes Store specifically designed to authenticate identities for any number of government services. Since no single database of peoples’ faces currently exist (outside of state motor vehicle departments) for running massive facial recognition queries, apps like these will initially work in conjunction with identity documents like driver licenses and state IDs to correlate the selfie with
other information. Here’s a typical example: Beneficiaries first enter their identity information on their smartphones, then photo-capture an identity document like a driver license in the same way mobile banking deposit apps capture images of checks. Next, a selfie image is captured and presented alongside the identity document for visual verification. The agency’s data records verify if the person exists and that the data they provided matches their own. The apps can also verify that the mobile device or the user’s identity is not associated with previous fraud attempts. They can be configured to determine if the IP address is outside the U.S., or if the Social Security number has been used on multiple applications. The apps can also generate a one-time identity quiz or a one-time password for access. These multiple layers can on the smartphone front-end can also be reinforced on the back-end by leveraging identity repositories to further ensure that people applying for benefits are indeed who they claim to be. And when beneficiary data is shared between states, authentication is even more powerful. States can better identify fraudsters who move their criminal activities from one state to another. Wrapping up Using selfies as part of a multi-layer identity authentication approach has one huge advantage: it’s easy and people are comfortable with it. A majority of U.S. adults now sport smartphones, and the vanity-inducing nature of social media has made posting selfies part of the cultural fabric. It offers less “friction” when it comes to widespread user adoption. As identity fraud in benefits programs increases, agencies can maintain program integrity by using selfie-driven multi-layered authen- 45 tication to verify beneficiary identities and keep the crooks at bay. Agencies should also consider expanding beyond traditional departmental data to leverage information from other government agencies and third-party external sources. It is perhaps our best option for bringing back the reliability of face-toface engagement with beneficiaries. Monty Faidley is Director of Health and Human Services and Special Investigative Unit with LexisNexis Risk Solutions. He may be reached at firstname.lastname@example.org.