It’s been a banner year for fraudsters attacking the suddenly bloated unemployment program, as a top federal government watchdog estimates that as much as $26 billion in benefits aren’t going to the unemployed, but to fraudsters who are taking the system for a ride — or to regular citizens who have filed claims improperly.
The estimate is based on a 10 percent fraud and abuse rate applied to the $260 billion expansion in jobless benefits under the federal multi-trillion-dollar economic rescue package, also known as the CARES Act, noted Scott Dahl, the inspector general (IG) of the U.S. Department of Labor.
And 10 percent is taken as something of lowball figure, as that sum represents a “during the best of times” tabulation, Dahl told House members on the Hill, following up with the reality that “we are in the worst of times.”
The situation was highlighted this week as news went out that federal investigators have broken up what they say is an unemployment fraud ring that targeted the California Employment Development Department (EDD), as well as 11 other states’ unemployment departments, according to reports.
The ring reportedly pulled in millions of dollars in fraudulent claims from California and other states, with over 200 individual unemployment applications filed with EDD from one Hyattsville, Maryland address between March and October 2020, 97 of which were actually approved and paid out.
Working with Bank of America, federal investigators searched through the applications that went to the Hyattsville apartment. The investigators said the number of applications was significantly more than what would be normal for a residence of that size. Utilizing Bank of America ATM records and security footage, agents were able to track withdrawals by suspects, all of which involved using cards with someone else’s name on them.
It’s a massive and expensive problem, and one that seems to be getting more severe, with real and concrete effects. Two weeks ago, Bank of America announced that, given the massive class-action lawsuit it faced over unemployment fraud, it was just as happy to get out of the unemployment benefit payout business entirely, despite the fact that the bank has netted $47 million in fees during the pandemic.
Bank of America says it lost hundreds of millions of dollars on the contract in the last year, and has taken a reputational hit for its affiliation with EDD and the rampant fraud that forced the bank to freeze 230,000 accounts since last October — the act that landed it in that massive lawsuit.
Why It’s Happening — And How To Stop It
In a conversation with Karen Webster about the problem last fall, Visa’s Senior Vice President and Regional Risk Officer Mike Lemberger said the trouble is that the sudden influx of unemployment funds has acted as something of a beacon, attracting fraudsters to the possibility of a bigger payday. The flood of consumers’ personally identifying information (PII) into the market via phishing schemes and data breaches created a ticking time bomb in the market, which has gone off in the unemployment segment, as fraudsters are leveraging that data to scoop up illicit gains.
“The fraudsters have not been hibernating,” noted Lemberger. “They are working all the time. And as soon as they see a window of opportunity, they go for it.”
Moreover, the pre-paid cards sent by unemployment offices aren’t enabled with EMV chip technology — they are instead the simpler, and markedly less secure, mag stripe cards of the past. That part of the problem, California’s EDD noted, is already being corrected. “To improve card security, EDD is working with the bank to implement chip-enabled debit cards,” said Loree Levy, an EDD spokesperson.
In addition, enhanced unemployment benefits are sunsetting, and as of September will officially be no more. That means unemployment attacks might lose some of their luster for fraudsters, as they will be less lucrative. But, Visa’s Lemberger noted, the best defense might ultimately lie in the data itself, and finding ways to better lock it down. “One of the things we need to do better, collectively as a society, is to lock down the data that has so often made its way onto the Dark Web,” he said.