As of this writing in early March 2021, COVID19 vaccine deployments have given society a proverbial “shot in the arm”, granting a tantalizing view of life in the after-days. Given demonstrated vaccine efficacy, the US and the world at large are slowly grinding toward a return to coveted “normalcy” -- we just need to remember that there was much bad along with good prior to entering the Coronavirus cloud.
News of “normal fraud” resulting from strategically efforted phishing, identity theft, malware system lockouts and the like seemingly took a backseat during the past year, giving way to more non-authenticated or synthetic identity driven fraud that then ravaged our aid programs.
As such, it’s useful to reflect on several exasperating events that occurred within our fraud prevention space over the past year to be prepared for the re-acceleration of fraud activity in the new-normal.
It’s become evident that COVID19 created (among other things) a ripe fraud environment and opened the floodgates to “low-hanging” opportunistic fraud. Along with the daily, tragic news of loved ones lost, we’ve also become inured by nightly reporting of how state and federal government aid agencies were, to be kind, “outmaneuvered” in their existing safety and security policies.
State unemployment aid along with national stimulus payments and loan programs were easy pickings for fraudsters in 2020, with not-yet-completed Labor Department investigations projecting well over $100 billion in lost taxpayer funds.
To be sure, we’re still mired in wide-eyed, frustrated rage within the “what’s happened / happening?” stage and are likely years away from forensic-driven conclusions and inevitable “...make sure this will never happen again” proclamations.
Here are a few sobering examples of tax dollars “at waste”:
Through Jan 2021, Uveritech’s home state of California processed 19.5 million unemployment claims since the pandemic began. To put that number in perspective, at the height of the Great Recession in 2010, California processed “just” 3.8 million claims.
In monetary terms and impact, per Julie Su, Secretary for the California Labor and Workforce Development Agency, "Of the $114 Billion dollars in unemployment paid by California since March 2020, approximately 10% has been confirmed as fraudulent. An additional 17% of the paid claims have been identified as potentially fraudulent."
Boiling it down, that's $11.4 billion in confirmed fraud and possibly as much as $20 billion more to hit us after all’s said and done in the accounting of this most vexing financial period in CA state history.
Specifically, of California’s confirmed fraudulent payments, virtually all of it (95%) was associated with the federal Pandemic Unemployment Assistance (PUA) program. The remaining 5% was hitched to California's own Unemployment Insurance (UI) program.
On the national level, things are equally dire, with fraudsters taking unabated advantage of the SBA loans provided by the CARES Act.
A fraud microcosm:
- Fraudsters successfully gleaned more than a half-million dollars in forgivable SBA loans. They claimed to have employees earning wages at four different businesses and sought over $500,000 to pay them. However, three of the four businesses were not in operation prior to COVID-19.
- An engineer was charged with fraudulently seeking over $10 million in CARES Act SBA PPP loans, after claiming to have over 250 employees in two companies. However, there were no records of revenues or payment of employee wages in 2020 by the business.
- A large retailer filed fraudulent loan applications seeking over $8 million in PPP loans. The complaint alleges fraudulent payroll documentation for non-existent expenses. The partnership for which relief was sought was established only days before loan applications were submitted.
- The owner of several Chicago IT companies filed bank loan applications fraudulently seeking more than $400,000 in forgivable PPP loans. He significantly overstated the payroll expenses of another company he owned, and submitted falsified IRS forms to the lender, misrepresenting 1099-MISC contractor payments.
These (and innumerable more) stories and specific circumstances reveal the diverse and successful approaches fraudsters took to game an overwhelmed system -- a system that either couldn’t or just didn’t perform the required authentication due diligence that was and still is required.
As such, this blog aims to redirect focus to the fruit higher up on the tree -- equally as, or maybe even more lucrative than the abundant and opportunistic fruit picked below. It just requires more strategic effort to grab the ill-gotten gains.
Short term shift or Permanent pivot?
Now we’ll consider the consequential effects the global pandemic will have on how the financial services industry operates.
We’ve all witnessed and participated in decreased in-person bank visits (and markets and gyms and barbers and...) resulting in significant, albeit temporary transaction volume and new account opening decreases due to lockdown measures.
The critical concern and question for banks and any legacy / incumbent retailer coming out of the pandemic, has been whether that business slide will be permanent or... shifted. At least for banks, the answer may be more of the latter scenario.
Per Cornerstone Advisors, who in 2020 surveyed Mid-Size Financial Institutions, while in-branch new accounts saw a 59% decrease during the pandemic, new online accounts actually increased by 40%.
Further, while the decrease of in-person new accounts during COVID might be expected, more impactful is the potentially permanent shift in customer behavior as a result of the pandemic, as evidenced by their expectation of a 6% decrease in new in-branch accounts and a 25% growth projection of new online accounts.
If these trends are borne out, beyond downstream questions on needed in-branch staff, density of “brick and mortar” branches in a given metropolitan area, etc., this surge and pivot towards online new business will force operational prioritization on security and customer identity authentication.
We advise financial institutions to vigorously audit their systems and processes to face the new-normal in remote account establishment and ongoing transactions.
In summary, we expect to see in the post-pandemic era a resurgence in “fraud fundamentals”, with crooks returning to pursue the longer-term play for identity theft, application fraud, account takeovers etc.
The low-hung and short-term targets of unemployment insurance, stimulus payments, and government loans were effectively akin to shooting fish in a barrel, for fraudsters who accurately saw an opportunity and took advantage of an already understaffed, overwhelmed system.
Coming out of the tunnel, it will be critical to balance:
1) Knowing your customer -- who he IS and who he ISN’T -- to ensure your funds fall only into the right hands
2) Delighting your customer -- provide best service and support that enables them to get their business done quickly and easily