Electronic identity verification

Fraud feeds on weak digital identity verification

As citizens shifted from brick-and-mortar to online services in the wake of the pandemic, state and local governments agencies weren’t prepared for the increase in digital identities and new digital accounts – or the related fraud, an expert said.

“The first quarter of 2020 was sizing up to be typical fraud landscape,” said Andrew McClenahan, solutions architect with the LexisNexis Risk Solutions’ Federal Government Solutions team. Online transaction levels fell 17% in February and March as government workers shifted to online, but as stimulus checks went out in the spring, fraudulent transaction volumes increased by 35%, he said, citing data from the LexisNexis Digital Identity Network.

The same network serves as the source of the company’s biannual “Cybercrime Report.” Published Sept. 15, the report studied online transaction volumes from January through June 2020 and found that transaction volume for government services grew, especially as more people created digital identities to carry out needed business online.

The network “saw a growth in transactions from new devices, as well as new digital identities, with many new-to-digital consumers moving online to procure goods and services that were no longer available in person, or harder to access via a physical store,” according to the report.

“A lot of the state and local governments saw antiquated systems that were slammed with an unprecedented level of transactions and customers,” said McClenahan, former director of the Florida Department of Children and Families’ Office of Public Benefits Integrity. “The combination of a need to get benefits out quickly in a frictionless customer experience combined with a lack of digital identity verification and fraud risk analysis really created a ripe environment for fraudsters.”

What’s more, state and local governments are not used to such broad fraud exposure. Many of their systems lack fraud, waste and abuse risk analysis capabilities, and officials were so focused on meeting missions that in some cases, security took a back seat.

“I think a lot of agencies were having to stand up mobile apps and some digital services because their call centers just couldn’t handle the move from the physical presence to telephonic,” McClenahan said. “The cybersecurity was not generally part of the rollout.”

Additionally, although the report found that human-initiated fraud is decreasing -- by 33% year-over-year -- bot attacks rose, by 32% in e-commerce and 38% in financial services. These bot attacks are also new to the public sector, and agencies were unable to keep up, McClenahan said. “Government agencies are … the slowest and weakest member of the herd for fraudsters to attack,” he said.

In fact, digital identify verification – or the ability to ensure that someone is who they say they are when they try to access digital services – is the biggest area of risk and cybercrime that the company sees, he said, adding that “there has been a clear void or blind spot, both at the state and federal levels when it comes to digital identity.”

What’s more, many agency IT managers are unclear about the difference between a digital identity and a device assessment. Many agencies use cookies, for example, to determine that a device can be trusted, McClenahan said. The problem is that devices change and one user uses many devices, creating “challenges for saying this is a digital device vs. a digital identity,” he said.

Managers should think of digital identity verification as a doorbell.

Digital identity verification allows you to see “who’s coming to your door before they ring the doorbell, and that’s the difference between having a physical identity verification and a digital identity verification,” McClenahan said. Agencies need to have information to verify both that “this person exists and that this person is the one that’s coming to ring the doorbell.”

Federal leaders are addressing the need for digital identity verification. On Sept. 11, bipartisan members of the House introduced the “Improving Digital Identity Act of 2020.” It takes a three-part approach to modernizing “lagging digital identity infrastructure” by establishing a task force to bring key federal, state and local agencies together to develop secure methods; directing the National Institute of Standards and Technology to create a framework of standards on digital identity verification services; and establishing a grant program at the Department of Homeland Security to help states upgrade the systems they use for credentials, such as drivers’ licenses.

About the Author

Stephanie Kanowitz is a freelance writer based in northern Virginia.

Featured

  • automated processes (Nikolay Klimenko/Shutterstock.com)

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected