From Money Mules to Synthetic Identities, Combating Fraud Means Following the Money
A Florida widow was directed by her online romantic partner to transfer money placed in her account into cryptocurrency. Soon, detectives were at her door. It turned out her romance was a sham, and she was the “money mule” that helped to siphon more than $10 million away from a local school district as part of a sophisticated scheme. The funds were eventually recovered, but this type of fraud is becoming all too common.
During the pandemic, networks of cybercriminals, nation-state actors, fraudsters and scam artists targeted public sector relief programs. Their actions were bold and shameless. In Minnesota, 48 people were charged with stealing $240 million from a government program aimed at feeding hungry children in the state. Others used unsuspecting victims or fake identities to perpetrate financial crimes.
As fraud becomes more widespread, networked and sophisticated, public sector agencies must keep up with the times. We need a systematic approach involving enhanced data sharing and measuring, new technologies that combine fraud detection and identity verification, and increased collaboration across all levels of government and industry partners who can implement solutions at scale.
The reality is that fraud trends like money mules, synthetic identities and “piggybacking” are on the rise.
Money mules are manipulated into receiving illegally acquired funds to their personal bank accounts and then moving it elsewhere as part of modern-day money laundering schemes. Vulnerable targets are found via online job postings, online dating forums, scams that promise easy money or by those pretending to be overseas individuals asking for help. Cybercriminals also use synthetic identities to open their own mule accounts. These criminals create fabricated or manipulated identities that are cultivated over time to fool credit reporting agencies and bypass verification checks with stolen Social Security numbers, fake addresses or international names. They act as their own mules, making it harder for enforcement agencies to recapture stolen funds.
Some will purchase access to an individual’s credit card “tradeline” on the black market and become an authorized user to the account, immediately establishing a synthetic identity with a credit history, even if they can’t use the actual card. This is known as “piggybacking.”
Unfortunately, the public sector is susceptible to these schemes due to the continued reliance on credit data and knowledge-based authentication to prove online identities.
So, what should be done?
The government needs to move away from a “pay-and-chase” approach and prevent bad actors from stealing funds in the first place. This requires rethinking what data is collected and shared across agencies and how fraudulent activities are measured, labeled and tracked.
Currently, there is a lack of analysis when it comes to digital identity fraud in the public sector. Conducting more tests and studies can uncover technologies that are effective at rooting out bad actors and verifying good identities. For example, systems that combine machine learning and artificial intelligence can also dismantle current silos between fraud risk management and identity verification, which are two sides of the same coin. Plus, fraudsters are already using these powerful tools to their advantage. We should do the same.
The criminal network is stronger today than ever before. The dark web makes it easy to share what works and where the vulnerabilities are. This means we must become more connected ourselves. State and local policymakers, enforcement agencies, industry experts and public servants must work together, share best practices, identify common bad actors and suspicious activity, and engage in discussions about what kinds of transparent policies are needed to effectively combat fraud.
The truth is fraudsters will continue to evolve and use new technologies to defeat legacy identity verification systems. Unless we act, the cycle of identity fraud will continue, leaving vulnerable Americans at risk and taxpayers footing the bill.
Jordan Burris is vice president and head of public sector strategy at Socure. Burris has a proven track record as a thought leader in the digital identity space and previously served as chief of staff in the White House’s Office of the Chief Information Officer. You can reach Jordan by email, on Twitter @JordansRules or on LinkedIn.