In 2010, the U.S. federal government issued $125 billion in “improper payments,” defined as overpayments, underpayments, inadequately documented payments and fraud. While there are many contributing factors, government agencies don’t always know who they're dealing with, which can result in the wrong individuals receiving and/or providing benefits. Identity theft is the fastest growing crime in the U.S., and with 30 billion connected devices in use, it can be very difficult to ensure that personal information is kept private.
When it comes to moving services online to streamline processes, reduce costs and increase convenience and efficiency, government has seized the moment. Unfortunately, the functionality that yields these benefits is what creates challenges for maintaining the integrity of the system.
That said, it is possible to leverage the Internet to its fullest potential, while mitigating negative outcomes. Take the Florida Department of Children and Families, which implemented online self-service portals to augment traditional channels. This move enabled the agency to improve its error rate to -0.5 percent, the best in the nation, while achieving a 250 percent boost in productivity. In fact, 95 percent of clients utilize the online system. Certainly these numbers are impressive, but how are they achieved?
The answer is a robust identity proofing management. Government agencies must invest in identity verification and authentication at the front-end of benefit administration. The right identity-proofing strategy must be anchored by robust master data management and rules-based solutions, as well as comprehensive identity management. This type of rigorous identity management involves two processes:
- Verifying, through electronic or manual means, that an individual is who they say they are; and
- Authenticating that identity through knowledge-based mechanisms, i.e. questions that only they can answer.
Identity management requirements will vary from agency to agency depending on the mission. There is no one-size-fits-all strategy. The mission of a federal agency that provides disaster relief services is to ensure efficiency delivery of benefit payments to residents who have been displaced. This must be done while meeting strict regulatory requirements for timely payments, and maintaining processes that prevent fraud and improper payments. An agency has specific identity proofing requirements – functionality that is speedy and the ability to answer questions related to property ownership. In addition, in this scenario, the information needed at the beginning of the relationship, a simple “Who are you?” is different than the information required downstream, “Were benefits received?”
We can contrast the above scenario to the case of an agency providing retirement benefits. In this scenario, identity proofing is designed to improve customer service over repeat visits. Instead of requiring a user to repeat the same steps very time they log on, a “data minimization” process will be utilized so that the system only asks what it needs to know to facilitate the transaction. The first time an individual registers with an online retirement system, he/she will be asked to provide his/her name and ID number, and upon registering, will answer several knowledge-based authentication questions. During subsequent visits, interactions will be “fast-tracked” since the individual’s identity has already been proven. The system will perform an invisible check to confirm his/her identity using two-factor authentication, thus requiring less effort from the user while increasing efficiencies.
Regardless of the scenario, there are four technology fundamentals that should be encompassed by any comprehensive identity management solution:
1. Real-time access to vast, diverse data sources
In the identity management process, data that is broad and deep is key to maximum results. The accuracy with which you can verify that individuals are who they say they are, and the percentage of the population that can be accurately verified, depends in part on the amount and variety of data your identity management system can access. Consider what you could do with data far beyond standard demographic information and what can be gleaned from a credit bureau check. Best-in-class solutions tap billions of public records that allow them to verify hundreds of millions of individuals and provide more interesting data better suited to knowledge-based authentication, such as the model of a car the consumer owned during a certain year.2. “Data linking” that connects relevant identity elements into meaningful, purpose-specific views
While data is necessary to create a robust identity management system, it is only meaningful if it can be leveraged to provide insights. It is essential to have the ability to link familial relationships to the identity of an individual that they have verified. In general, an identity proofing solution should be able to:- Locate data relevant to the identity being presented by your constituent;
- Match it with current constituent inputs, such as answers to knowledge-based questions, a voice or fingerprint, or a one-time pattern-based PIN;
- Normalize and fuse data to eliminate redundancies and improve consistency and efficiency for better real-time performance; and
- Filter and organization information into a multifaceted view that provides what you need to know for a particular transaction with confidence.
3. Analytics to quantify identity risk and tailor methods to the needed level of assurance
Analytics can provide further insight into data by detecting patterns of behavior, such as suspicious patterns of identity verification failure indicative of fraud or data integrity problems. Analytics can also be used to quantify identity risk by scoring the level of identity fraud risk associated with a particular transaction. The score will be given when your system’s rules and thresholds trigger an action; for benefits claims, these decisions would include things like accept, needs review, refuse, etc. This type of scoring provides an objective, consistent and reputable way of making complex decisions in a high volume scenario. By configuring rules within your identity management solutions, you enable it to make intelligent, dynamic decisions based on the information present and the level of risk you are willing to undertake.4. Multiple authentication factors to meet constituent needs
Today’s business environment demands that organizations that engage in identity-reliant transactions ensure the security of the critical information that they collect. In addition to a high level of security, organizations also need an equal degree of flexibility to support a wide variety of organizational platforms and end-user devices. To accomplish this goal, it is best to choose an identity management solution that can provide services across various operational systems, channels and devices. They will also support many different ways for identities to be asserted, verified and authenticated, and can apply the appropriate degree of security based on the type of transaction.Due to the number of constituents they deal with on a daily basis, government agencies need to ensure that they are following best practices for identity proofing and using the most advanced solutions available to them. In addition, identities are often viewed at one point in time, but it is critical that agencies stay apprised of any changes to an individual’s status that may change his or her eligibility for benefits. Individuals will continue to try to perpetrate fraud and a robust identity proofing system is the best line of defense.
Clint Fuhrman is the National Director of Government Health Care Programs for LexisNexis Risk Solutions. Fuhrman joined LexisNexis in 2009 after serving as Deputy Secretary of the Florida Agency for Health Care Administration, where he helped direct agency strategy and operations in the areas of legislative affairs, communications, Medicaid policy, and health information technology.
Image courtesy of Shutterstock
