A college professor in Washington State received a call from the Federal Trade Commission. To protect against money launderers, she was told she must transfer her life savings, including her retirement funds, to the government. In the end, she turned over more than $400,000 to an imposter.

Unfortunately, there are millions of similar stories across the country. According to a new report from the FTC, American consumers lost a record $10 billion to fraud, including rampant imposter scams like this one, and filed more than 1 million reports of identity theft in 2023.

The report underscores the pressing need to build a robust and trustworthy digital identity ecosystem. Doing so will prevent identity fraud without making it harder for legitimate people to access critical government services.

Bad actors steal personal data, and then use it to commit identity fraud. They do this by targeting every part of the digital identity process from validation to verification to authentication.

Recent analysis released by the Financial Crimes Enforcement Network found that of the 1.6 billion identity-related reports filed by financial institutions in 2021, 69 percent involved attackers impersonating others (validation); 18 percent involved attackers using compromised credentials (authentication); and 13 percent involved attackers exploiting insufficient verification checks (verification). In total, the agency identified $212 billion in suspicious activity related to identity in 2021 alone.

Identity fraud is estimated to continue to increase in 2024 as fraudsters become more networked, data compromises become more prevalent, and massive amounts of personal identifiable information continue to be available on the dark web. Artificial intelligence is making it easier to either steal one’s identity or combine real and/or false information to create a new fake identity, called a synthetic identity.

There has been progress toward this goal. But too many digital identity providers continue to rely on outdated approaches that keep legitimate people from receiving benefits while failing to prevent fraud.

There are three steps our leaders in government can do to prioritize a strong digital identity ecosystem in 2024.

A layered defense approach

First, government leaders should take steps to move away from relying solely on images of physical documents that are often lost, misplaced, stolen or fabricated. The pace of technology has made it far too easy for fraudsters to defeat unsophisticated systems that evaluate only images of these documents.

Layered defenses which simultaneously evaluate document, device, and behavioral elements are essential for preventing deep fakes, fake IDs, and stolen and fabricated identities from intercepting government digital services and benefits. Congress should reintroduce, and pass legislation such as the Improving Digital Identity Act which would advance a government-wide effort to address the U.S.’ fragmented digital identity infrastructure.

Beyond credit header data

Additionally, we must also move away from legacy approaches that rely on credit header data to verify identities. This is problematic because the same personal information used by credit bureaus to verify identities is too often compromised data that is easily acquired on the dark web.

In addition, certain populations, including new-to-country individuals, young people, and underbanked communities, are more likely to have an insufficient credit history and have a more difficult, if not impossible, time receiving the benefits they are due. Instead, government leaders should work to incentivize the adoption of approaches that use the latest in AI technology to deliver more equitable outcomes.

Advance transparency

Finally, government leaders must take steps to create a transparent reporting environment for the digital identity ecosystem. This can be accomplished through the long-awaited executive order on digital identity, through the creation of performance reporting standards, or inserted into contracts with digital identity providers. Government should also require digital identity providers to regularly publish their auto-approval rates, with a focus on coverage, accuracy, precision, and equity. And all data reported must be validated to ensure that we are clear on what is working and what is not.

Prioritizing a modern digital identity ecosystem is long overdue. Doing so will help us stay ahead of bad actors who are only focused on lining their pockets, while simultaneously confirming that good people can be included in an ever increasing digital economy.

Jordan Burris is VP and Head of Public Sector Strategy at Socure. He is also a board member at the Identity Theft Resource Center and a former chief of staff to the Federal CIO.

In Other News
Load More