Rooting out Fraud in Government Programs

To bolster the U.S. economy during the pandemic, trillions of dollars have been allocated to COVID relief initiatives, such as the Paycheck Protection Program (PPP), emergency loan programs and unemployment payouts. As unfortunate as it may sound, the crisis has created serendipitous circumstances for malicious actors to siphon off federal funds through various underhanded schemes. The scourge of fraud, waste, and abuse (FWA) has since shifted into hyper-drive and keeps gaining momentum.

Government administrators lack time and resources to fight fraud in ways they are accustomed to, that is, via anonymous tips, whistleblowing and manual controls. Some face budget constraints and rely on crude technology for vendor screening. As a result, much of agencies' efforts are reactive and focused on the investigation after the fact rather than prevention, which minimizes the chance of recovering stolen funds and doesn’t prevent the snowball of fraud from growing.

A combo of limited human resources, rudimentary analytic tools and a lack of proactivity renders conventional fraud countermeasures in the government sector ineffective. In a coronavirus world, the fatigue of overworked personnel is fertile soil for error, not to mention that the amount of incoming data has gone far beyond the threshold of their verification capabilities.

What needs an overhaul?

The key to fixing the problem is to automate as many repetitive and manual tasks as possible. Thankfully, this isn’t a matter of reinventing the wheel. The capabilities of modern fraud prevention systems have been yielding positive dividends for finance, health care and e-commerce entities for quite some time. Federal agencies are starting to follow suit, but compared to businesses, still lag behind.

The following trio of mechanisms can seamlessly fit government programs and take their anti-fraud efforts several steps further.

AI-driven behavioral analytics. With machine learning at its core, this technology pinpoints deviations from baseline activity that can be telltale signs of fraud. It collects data from multiple sources and processes it in real-time to establish patterns of what’s normal, instantly alerting administrators to events that stand out.

For example, the system can mine transactional data generated from use of electronic benefit transfer cards and spot situations that exceed the range of intended applications. Automating the eligibility verification routine is another scenario where AI can help. It aggregates information from different databases to check employment history, personal assets and other details that show whether a person is eligible to receive benefits.

This technology provides several game-changing advantages over traditional fraud management methods. First of all, it can extract meaningful information from huge volumes of data that government employees can’t possibly sift through on their own. Secondly, it learns from past cases and continuously fine-tunes its algorithms to improve detection accuracy. Thirdly, it works 24/7 to ensure uninterrupted protection against foul play. The only caveat is that the system may require a certain period of human oversight, given a high chance of false positives at the early deployment stage.

Rule-centric approach. This strategy involves configuring a fraud prevention system to monitor a set of metrics that reflect standard risk factors in a particular government program. For instance, an administrator can specify the average time it takes to fill out an unemployment application online – say, 20 minutes. If applications are completed in seconds, that’s interpreted as a red flag requiring extra scrutiny. By identifying likely fraud automatically, government staff can focus on important decision-making instead of digging through heaps of data for fraudulent applications, some of which will undoubtedly slip through the cracks.

Advanced countermeasures for insider threats. Dubious activity doesn’t necessarily stem from unscrupulous vendors, contractors or scammers. White-collar crime has always been a part of the government fraud paradigm, with double-dealing employees trying to game the system and abuse their privileges to mishandle federal funds. Fraud prevention tools can give agencies a leg up in combating this type of chicanery too.

Role-based access control (RBAC) is one of the pillars of this protective layer. It keeps unauthorized users from accessing specific digital assets based on a predefined set of permissions. When a violation attempt is spotted, the system terminates the sign-in session and sends an alert to the information security team.

To discourage shoulder surfers, fraud prevention tools facilitate the integration of biometrics into the authentication workflow. By the way, this is an important bastion of defense against phishers who may hoodwink government employees into disclosing their credentials for accessing federal systems.

Technology makes a difference

With a long track record in the private sector, fraud prevention systems have matured and can help forestall FWA in government programs. Compared to billions of annual losses over fraudulent schemes, procuring tools that provide sophisticated data analytics appears to be a reasonable investment. This is a recipe for reducing human error, closing the talent gap and ramping up the rate of successful fraud detection.

Machine-learning features of these systems are particularly useful because they can automatically check massive amounts of data for signs of sketchy activity and improve their algorithms over time. It is important to understand, though, that these components are only as good as the man-made training models they originally use.

That being said, anti-fraud tools aren’t a replacement for human controls – they work in concert with traditional techniques. The automation of tedious data mining and processing allows government administrators to concentrate on preventing high-profile abuse and making important decisions.

David Balaban is a computer security researcher with over 17 years of experience in malware analysis and antivirus software evaluation. He runs MacSecurity.net and Privacy-PC.com projects that present expert opinions on contemporary information security matters.