Some 837,000 Americans filed initial claims for unemployment insurance last week, according to the U.S. Department of Labor. While this reflects a slight decrease from the previous week, initial jobless claims are still stuck above the highest levels reached in the 2008-2009 Great Recession, according to The Associated Press. This number doesn’t paint a completely accurate picture because California, which accounts for more than a quarter of the country’s aid applications, provided the same figure it did the previous week.
Why? Because the State of California Employment Development Department has stopped accepting new jobless claims during a two-week reset period so it can tackle a backlog of 600,000 claims and implement some much-needed anti-fraud technology.
While the U.S. labor market continues to grapple with the effects of COVID-19, government agencies providing unemployment benefits are also grappling with a spike of fraudulent claims related to the pandemic by people using stolen identities.
Using stolen data to steal benefits
Earlier this year the FBI reported that U.S. citizens from several states have been victimized by criminal actors using stolen personally identifiable information (PII) to submit fraudulent unemployment insurance claims online. The ability to obtain PII is nothing new — fraudsters were doing this well before the onset of the pandemic.
Between data breaches, the dark web, phishing attacks, social engineering and impersonation scams, it’s easy for cybercriminals to get their hands on names, Social Security numbers, phone numbers and home addresses. They then have enough information to pose as their victim and file a fraudulent claim online with the ultimate goal of gaining control of communications and payments.
Victims of unemployment insurance theft often don’t know they’ve been targeted until much later, when they try to file their own claim for unemployment insurance or receive a notification from the state unemployment insurance agency. In some cases, this correspondence comes in the form of a physical letter containing the full Social Security number or other valuable PII of the person being defrauded. If the fraudster has already changed the mailing address tied to the claim, the government is unintentionally putting the victim at higher risk for continued identity theft.
Fighting fraud with digital identity verification
It’s clear that the current process of allowing people to file unemployment claims using readily available information isn’t working because there is no way to determine whether someone filing the claim is who they say they are. Data-centric approaches alone do not meet Gartner’s definition of identity proofing because there is no test that the individual claiming the identity is, in fact, the authentic possessor of that identity. The identity assurance achieved with this capability used in isolation is relatively low, relying only on “something you-but-not-only-you know.”
Implementing a biometric-based identity verification process is key to thwarting unemployment fraud amid the pandemic and beyond. Government agencies responsible for each state’s unemployment benefits program need to consider high-assurance solutions with the following four requirements:
- Government-issued ID: Asking for a photo of a driver’s license or passport when someone files a new claim establishes the individual’s real-world identity, and AI-powered software can quickly determine if the ID document is real.
- Real-time selfie: Determine if the person possessing the ID is who they claim to be. Requiring a selfie also acts as a strong deterrent to fraudsters who generally do not want to show their face while committing a crime.
- Liveness detection: Ensure the individual is physically present and not a spoof by incorporating liveness checks which can sniff out if someone is using a video or a picture of a picture instead of a valid selfie.
- Ongoing biometric authentication: Require the user to capture a new selfie which creates a fresh biometric that is instantly compared to the original selfie to confirm the account owner is the actual person logging into the account.
By implementing advanced digital identity verification, government agencies can adapt to the modern fraud landscape and prevent cybercriminals from stealing unemployment benefits from the citizens who truly need them, while making it easier and more secure for legitimate users to submit claims and access their accounts.
Robert is responsible for all aspects of Jumio’s business and strategy. Specializing in security and enterprise business, he held C-level or senior management positions at Infrascale, Secure Computing, McAfee, Quest Software, Sterling Commerce and IBM.