Fraudsters stole $4.4 billion from DES, and it could happen again

During the pandemic, fraudsters stole $4.4 billion in federal COVID CARES Act unemployment money from the Arizona Department of Economic Security, and experts say it is bound to happen again. 

“This was a completely preventable issue and it was not hard to fix,” Haywood Talcove, CEO of LexisNexis Risk Solutions Government Group, a public records database, fraud-prevention and identity-verification company that provides its services to journalists, corporations and government agencies said.

The issue that the Arizona Auditor General discovered was that the department lacked “critical identity verification or other anti-fraud measures” in place prior to paying out the $4.4 billion in fraudulent claims. 

Arizona wasn’t alone in this problem, either. 

The U.S. Department of Labor estimates that $63 billion of the $630 billion in disbursements has been misspent, with some experts saying that the number is likely well over $100 billion in fraud. California lost $11 billion but the end tally could be as high as $30 billion, while Nebraska officials have said that nearly 66% of their unemployment money was misspent, as well. 

Even before the pandemic, fraud was on the rise, with the Federal Trade Commission reporting a nearly 3,000% increase in identity theft related to government benefits in January 2020. 

“Arizona, along with the other states, was simply not prepared,” Talcove said. “This problem has been solved in the private sector for about a decade.” 

The issue? Fraudsters using tried and true methods of gaming the system with leaked databases of people’s information. 

The Arizona Mirror was easily able to find multiple databases of phone numbers, social security numbers, emails and addresses readily available for purchase on popular deep web forums frequented by thousands of users. 

One forum even offered up databases for free to users. 

“Here is some of the data you will see: Full names, Home Addresses, Income/Salary, House cost, Amount of children, Phone Numbers, Email Addresses,” the user said on a post titled “USA DATABASE (PEOPLE WHO LIVE IN USA).” 

These databases are then used to help file fraudulent claims by stealing a person’s identity. Sen. Dianne Feinstein and Ohio Gov. Mike DeWine even had their identity stolen to be used to fraudulently claim unemployment benefits during the pandemic. 

“They have a patented technique they use,” Talcove said, adding that he has seen some advertise on the deep web their services, selling a “fraud bible” with detailed instructions on how to commit unemployment and other types of fraud. 

DES says that it prevented much more money from being in the hands of fraudsters, stopping more than $75 billion from being stolen. 

“Arizona continues to be hailed as a national model for unemployment benefit fraud prevention and recovery,” DES spokeswoman Tasya Peterson said in an emailed statement to the Mirror. “Had Arizona not responded so quickly, fraudulent benefits may have topped an estimated $80 billion.” 

Arizona quickly saw fraudsters utilizing the database technique. In a case study by ID.me, a company which worked with DES to require real-time identity verification for Pandemic Unemployment Assistance, Arizona saw a 246% increase in PUA applications in a 60-day period. 

However, ID.me, came out in March of this year saying that the state’s system had “problems from the start.” 

By July 2020, DES was also partnering with Google Analytics in an attempt to identify trends in applicants and retroactively remove fraudulent people. The department says that the number of weekly PUA certifications fell by 87% because of that partnership. 

It wouldn’t be until December 2020 that Congress would require that identity verification be a requirement for all future unemployment benefits. 

By February 2021, the fraudsters began taking another route: targeting regular unemployment insurance. In response, DES began implementing an identity verification system similar to what was used for pandemic aid, and claims once again fell — this time by 96%, according to the department. 

“As a result of the measures taken throughout the pandemic to prevent fraudulent activity, we’ve also partnered with more than 100 law enforcement agencies and over 200 financial institutions worldwide,” Peterson said. “As of September 30, $1.4 billion in fraudulent benefits have been recovered. Over 200 cases have been submitted to the Arizona Attorney General’s Office for prosecution, and more than 100 have resulted in criminal indictments.”

Despite the work by DES, fraudsters still ended up netting nearly 30% of the $16 billion in unemployment payments given to the state.

In Arizona, that fraud could have been prevented in a few ways, Talcove said. 

People who commit this type of fraud always use the same device, and there are consumer services from companies like Amazon that do device assessment or identification to ensure that someone is not making multiple claims or logins from the same device, Talcove said. 

Another way to prevent fraud in the process is to ensure the email address is legitimate and not one associated with a leaked database, a step Talcove said is common in the private sector. 

Lastly, many fraudsters will actually use invalid physical addresses because they don’t live in Arizona — and oftentimes not in the United States. Cross-checking the address they provide with other information they provide is another way to prevent fraud, Talcove said. 

However, the pandemic and the issues COVID-19 created for many people led to an opening up of these systems, so much so that Kentucky’s auditor found that the program was so weak it violated federal laws. 

“Having this system completely open was a huge mistake,” Talcove said. 

But balancing equity for people who desperately needed unemployment assistance and keeping out fraud is worthwhile, Talcove said. Those who did need the assistance likely were unable to get through due to high call volumes of fraudsters overwhelming the system. 

In a blog post about Arizona’s unemployment system, DES Director Michael Wisehart said that the department would be putting out a request for proposals to modernize the state’s “decades old” unemployment system. 

“While no one could have expected just how significant an impact the pandemic was going to have, we acknowledge there were issues with the Unemployment Insurance program throughout the pandemic,” Peterson said. “The Department is committed to transparency and continuous improvement and we continue to use opportunities like audits to diligently resolve and improve upon issues and systems. 

Since the information about the amount of money that has been lost to fraud has been coming out, Talcove has been working to try to help states shore up their ability to fight off fraudsters. 

Over half the states in the country now have solutions in place that help mitigate this type of fraud, pushed in part by Talcove, who said that the real person with the power to fix the issue lies elsewhere in the Arizona government. 

“That’s where the governor, (Doug) Ducey, needs to come in and ask for best practices,” Talcove said, adding that Ducey needs to work to address the issue which he said could be solved with a “small amount of money.” 

Ducey’s office did not respond to a request for comment. 

As for the future, Talcove said he’s certain that more agencies will be hit soon. 

“They’re headed into the Department of Revenue, the food stamps program and Medicaid,” he said. “If we were in Vegas and I was playing poker and I had a stack of chips in front of me, that’s where I’d put them.”