Are We Losing the War on Identity Theft?

GUEST BLOGGER

Steve Lappenbusch, Ph.D.
Tax and Revenue Strategic Market Planner, LexisNexis Risk Solutions

An identity is stolen every three seconds – adding up to about 27,000 per day. In 2012, more than 12 million Americans were victims of identity theft. Furthermore, there have been a record number of security data breaches in recent years that have exposed more than 822 million records, compromising individuals’ personal information such as name, Social Security number (SSN) or bank account. The likelihood that at some point in our lives  each of us will fall victim to a data breach or identity theft is alarmingly high.

Identity theft has become an epidemic for government agencies as well. No sector of government is immune for the simple reason that the government cannot possibly know all there is to know about a person’s identity footprint. This is advantageous to identity thieves. who take advantage of the vast quantities of confidential personal data that is transmitted online. They are using this information against us – and, sadly, they are winning.

There are three critically important factors that LexisNexis has learned that can help government stop the current epidemic of identity fraud. All three things challenge current assumptions in every government system:

  1. Everyone’s identity has already been compromised. 
  2. Government programs cannot possibly know all there is to know about a person’s identity. Identities are always bigger than the government.
  3. To assess an identity for risk, you have to understand identity risk outside government data.

Simply put, we are losing the war on identity theft. Our identities are freely available for pennies a piece on the Internet. It is time to defend ourselves against a crime where the fraud weapons used against us are our own identities. This is a fundamental change in the assumption around identities in government systems. Self-reported data must all be suspected, as most, if not all, identities have been compromised over time. Once the identity is assumed to be stolen, a new approach in identity risk analysis must be used.

Proceeding from the new, data-driven assumption that all identities are already stolen enables the government to think outside the traditional box of identity protection and begin thinking in terms of risk – identity risk. Specifically, how do tax agencies control the risk of all those stolen and synthesized identities hitting their tax systems – tax systems never originally designed for a world where you could not depend on the identity presented?

So, what is the answer? An approach that embraces identity risk analysis, rather than data matching, has proven effective at the state level. Primarily this means analyzing input tax identities against identity information far outside the tax system, or any government system, and against analytics derived from decades of identity risk expertise. 

Avoiding costly identity risks requires reconsidering what an identity really is, carefully cataloging and mapping your identities, and leveraging a unique combination of expertise, patented identity integration technology and a massive, unmatched, nationwide repository of identities going back more than 40 years. This allows you to take into account the complex, dynamic and rapidly changing nature of tax filer identities. It can also solve both owned and matched identity risks simultaneously by allowing identity integration. 

To learn more about identity challenges and risks facing the government today and solutions to help resolve these issues, visit IdentityGov.com.

CFE’s Knowledge, Persistence Exonerated Innocent Woman

MEMBER PROFILE

Cliff Coutcher, CFE
Fraud Investigator (retired), Rhode Island State Police

“It was a classic case of when bad things happen to innocent people,” Cliff Coutcher, CFE, said about a particularly memorable case “It’s scary.”

Coutcher, a former fraud investigator for the Rhode Island State Police, helped free an innocent woman who had been arrested, transported across several states, and held in custody for 11 days for a fraud she didn’t commit. Coutcher helped uncover a case of identity theft by an 18-year-old Rhode Island man that had turned the woman’s life into a nightmare.

“The incident was an example of something that can go perversely wrong in the system… if people don’t have the knowledge or the training to uncover what really happened,” Coutcher said. The case involved internet fraud – and Coutcher successfully traced the criminal activity to a Rhode Island man who had stolen the woman’s personal information to set up a purchasing scheme. The suspect’s subsequent confession to Coutcher exonerated the Tennessee woman.

Now retired, Coutcher looks back on the identity theft episode as one of many significant accomplishments in a decades-long career of fighting fraud. He investigated cases including millions of missing dollars from a loan and investment firm, the collapse of the Rhode Island Share and Deposit Indemnity Corp., the corruption case of a former governor, and the fraud investigation of a former state senator.

Coutcher said his CFE certification and access to membership resources helped provide the tools he needed to stay on the cutting edge of fighting fraud in an ever-changing industry.

“The training and networking have been excellent, and the ACFE always keeps me up-to-date on current (fraud) issues,” Coutcher said.

An ACFE Life Member since 1991, Coutcher was named 2005 CFE of the Year. He was awarded at the 16th Annual ACFE Fraud Conference and Exhibition for his commitment to fighting fraud.

A woman in Tennessee can attest to his dedication. For her, Coutcher is a personal hero.

LexisNexis® Joins with ACFE to Fight Fraud

GUEST BLOGGER

Larry Benson
Director of Strategic Alliances, Revenue Discovery and Recovery
LexisNexis Risk Solutions

We all know that companies, academia, non-profits and governments are defrauded each year and lose billions of dollars, as a result. The key impediments to stopping fraud are 1) knowing how to detect it and 2) knowing how to prevent it. By sponsoring International Fraud Awareness Week, the ACFE is helping to raise awareness and to educate the fraud prevention community about the resources, tools and best practices available to stop fraud.

My company, LexisNexis, is proud to be a supporter of International Fraud Awareness Week. LexisNexis is so committed to the concept of educating people about fraud that they asked me to author Fraud of the Day, a daily commentary on how fraud is perpetrated against government programs. At LexisNexis, we view Fraud of the Day as an important educational resource for government officials to learn how fraudsters are scamming the government, so they can be knowledgeable about fraudsters’ techniques and be better prepared to prevent them from succeeding.  

That’s really what International Fraud Awareness Week is all about – fostering an opportunity for fraud prevention experts to learn what works and what doesn’t in the fight against fraud. And winning that fight begins with talking about the challenges faced by the fraud prevention community. Along those lines, here’s my take on one of the most prevalent types of fraud in the government today: identity fraud.

Identity Fraud – Why the U.S. Will Continue to Suffer

Fraud is defined as a deliberate deception or cheating intended to create an advantage or a gain. Fraud requires two specific things to take place. First, a party must purposely present a mistruth or lie. Second, a different party must accept the misrepresentation as truth.

In cases of government fraud, the accepting party is always the government agency. Federal, state and local governments often depend on self-reported information coming directly from the potential beneficiary. This information, often unsubstantiated, creates an opportunity for deception.

Government program theft is a significant issue within all benefits-based programs. At the foundation of these programs is the most basic question: “who are you?” There are a number of ways to misrepresent the identity of an individual, and the legal documents to substantiate that misrepresentation are easily created or stolen.

The ubiquitous identifier for U.S. citizens is the Social Security Administration’s (SSA) Social Security number (SSN). This number has been used for decades to uniquely identify individuals for both commercial as well as government endeavors. The SSA began issuing SSNs in 1935, with the original purpose of tracking individuals for only Social Security purposes. It has since been widely adopted as the defacto national identifier.

Printed on the Social Security card (SSC) from 1946 to 1972 was the wording “Not for Identification.”  This was printed because the SSC was, and still is, not suitable for identification – it does not have a photograph, physical description or date of birth. In fact, all the SSC does is confirm that a particular number has been issued to a particular name.

So, how is it that identity fraud is so easy to perpetrate and so difficult to stop? Because the very foundation to establish an identity is easily stolen and/or recreated. As shown above, even the SSA acknowledges that the SSC should not be used as identification, no less just the number. With just a name and matching SSN, an unscrupulous individual can quickly claim government benefits under another persons’ name/identity. The enablement of technology, especially the Internet, allows fraudsters to easily register and claim benefits under the identities of others without even having to visit the agencies’ office. 

Programs ranging from tax return submissions, to food stamps to student loans face a large percentage of identity fraud. How can this be stopped? A national identification card (NIC) must be adopted that ties in biometrics and two factor authentication. A Smart Chip embedded NIC that contains one of the following: fingerprints, facial recognition, voice print or retinal scan information must be used to verify the identity of the individual presenting the NIC. The NIC should contain four critical features: a photograph, the biometric data, an internally retained PIN that is only known to the holder, and a sequencing number allowing all government agencies to look up and access the biometric data for identity verification.

Until the U.S. is ready to move away from the 20th century methodology of identification and embraces 21st century technologies, fraud will continue to grow at triple -digit rates and continue to overrun our agencies.

To read more about how government agencies can combat and prevent fraud, visit FraudoftheDay.com.