Welcome to the Pondera FraudCast, a weekly blog where we post information on fraud trends, lessons learned from client engagements, and observations from our investigators in the field. We hope you’ll check back often to stay current with our efforts to combat fraud, waste, and abuse in large government programs.
While shopping for groceries this week, my wife turned from her cart when a man stumbled and fell in the aisle. Less than 30 seconds later, she noticed that her wallet was missing from her purse which was sitting in the cart. Total distance from her wallet: 5 feet.
Within 3 minutes, she’d called me and alerted the store about what had happened. Within 15 minutes, I’d blocked our ATM card, our credit card, and a specialty retailer card. Total Time: 18 minutes and 30 seconds.
What had the robbery netted? A $1,000 gift card purchased at a kiosk at a nearby retailer with our credit card. A second $1,000 gift card purchased at the same kiosk with our ATM card (I was under the mistaken impression that this would require the PIN number). And a $5,000 gift card purchased with the specialty retailer card. Total take: $7,000. In just 18 1/2 minutes.
Of course, the thieves also got away with about $150 in cash and my wife’s driver license. She was worried that we were going to be robbed that evening “because they now had our address” but I convinced her that “having our address” made us no more likely to be robbed. We also freeze our credit which offers us some protection from identity theft. So this gave us some comfort.
After this incident, I wondered just how much “old fashioned” credit card fraud still exists in the United States. As it turns out, quite a bit, as 23% of the $3 billion in annual credit card fraud is still the result of lost or stolen cards. I was surprised at this number given today’s more sophisticated identity theft and forgery schemes.
As often is the case with fraud though, the aftermath can be even more costly than the initial theft. Financially, even though we were not directly responsible for the fraudulent transactions, in the end, we pay through higher fees and rates. And of course, it’s very difficult to assign a cost to the trauma of being robbed at your neighborhood grocery store.
The lesson in all of this for me? While it’s important to protect your identity online, don’t forget that thieves still snatch wallets, look for credit card offers in your mailbox and trash, and call your home to try to trick or intimidate you into providing sensitive information.
Donald Trump recently announced plans for a new child care and paid family leave plan. While I will not be offering any opinions on the plan or on Donald Trump as a candidate, I was interested to see that the announcement sparked discussion of government fraud, waste, and abuse. In this case, the discussion surrounds the Unemployment Insurance (UI) program because Mr. Trump claims that he will reduce fraud in UI by over a billion dollars each year to help pay for his proposed child care plan.
Paymentaccuracy.gov, a government website devoted to providing information on payment inaccuracies, estimates a 10.7% improper payment rate in UI for 2016 resulting in $3.5 billion in erroneous payments. While a small amount of this actually represents underpayments, the majority of the $3.5 billion is waste. The trick, of course, is reducing fraud without delaying benefits to those who are eligible and without spending more money on improving the system than you actually save!
This is where things get interesting. The White House Office of Management and Budget claims that UI program integrity improvements, over the next 10 years, would result in just $150 million a year in savings, or just over 4% of the $3.5 billion. The Congressional Budget Office’s estimates are even worse. They estimate annual savings of $40 million at a cost of $17 million per year, for a net gain of just $23 million per year!
These dramatically different viewpoints between Mr. Trump and government regulators point out two problems when discussing government fraud, waste, and abuse. On the one hand, aspiring politicians and much of the public dramatically underestimate how difficult it can be to detect, investigate, and enforce fraud findings. On the other hand, many government agencies only report on the fraud they know about and estimate savings based on using traditional techniques against those unrealistically small numbers.
Here’s what I can tell you from our experience working in Unemployment Insurance. By combining modern detection techniques with cooperation between states and the federal government, we could net far greater savings than are estimated today. Whether or not other facets of Mr. Trump's program are viable is up to you, the voter, to decide. However, I think we can all agree that there are better uses for those funds than making payments to fraudsters.
On June 9th of this year, Mike Carroll, the Secretary of the Florida Department of Children and Families provided powerful testimony to the House Oversight and Government Reform Subcommittee on Government Operations. Secretary Carroll outlined some of the many successes Florida has achieved in fighting SNAP fraud. He also clearly articulated a point that we constantly stress here at Pondera. In his words…
“We are not talking about “mom and pop” storefront operations or cottage industries. We are talking about major criminal enterprises with ties to other serious and dangerous criminal activities including drug sales, prostitution and human trafficking.”
He went on to describe the SNAP program’s largest bust ever at a flea market in South Florida. Since 2011, the flea market had served 41,000 SNAP recipients and processed $89 million in transactions. Investigators found display stands using plastic fruit and vegetables, rotten produce, guns, and large amounts of cash at the retailers.
While 22 arrests have already been made, authorities still have a huge investigation in front of them. In addition, Florida is taking what they’ve learned and using it to identify other suspect locations.
This case, while large, is clearly not an isolated incident. Consider that even using the government’s own 3.7% improper payment rate translates to $2.6 billion per year in SNAP fraud and waste. Those numbers surely support a large number of organized schemes. So for those of you that think SNAP fraud is a “victimless crime”, it’s clearly time to reconsider your position.
I am often asked what motivated me to start Pondera. So… Here goes.
In 2011, after my previous company was acquired, a good friend working at Google asked me to visit their Mountain View campus. He was interested in learning how to embed Google products in large government programs like Medicaid, Unemployment Insurance, and eligibility systems.
Over the course of a couple of days, I was briefed on Google’s products and capabilities and I was struck by the massive computing power that their customers could literally “rent” as needed. Having spent over 20 years in technology, it was becoming clear to me that cloud computing was more than the latest tech buzzword. But it was during a discussion about the Google Prediction API though, that my imagination was really piqued.
With Prediction API, I realized, government organizations could analyze huge amounts of data to predict future events and identify data anomalies. All without ever buying a single piece of hardware or software. Thinking back to my time working on large government systems, I realized that this new technology had the potential to solve one of the problems that had always bothered me: fraud, waste, and abuse.
Over the years, I had worked on over 100 large government projects. And it had always amazed me that despite the fact that improper payments often exceeded 10% of program disbursements, most government bids had only a handful of requirements to address the problem. My government colleagues explained that they were under such pressure to deliver their services with such limited budgets that they simply could not invest appropriately in fraud detection.
Sitting in that room at Google headquarters, it was apparent to me that emerging technologies offered a new way to solve an old problem. One week later, I founded Pondera and set out to change the fraud detection market. Five years later, we’ve helped our clients prevent and collect hundreds of millions of dollars in improper payments. And we’re just getting started...
Fighting fraud is an interesting challenge. When an organization shuts down a fraud scheme, bad actors don’t suddenly become good citizens. Rather, they evolve. They evolve by designing and testing new methods that, when they succeed, are exploited until they too are detected and shut down. In fact, many of the more enterprising fraudsters proactively try out new methods to avoid any “breaks in revenue”. This constant game of “whack-a-mole” is well known to program integrity staffs.
This ever-changing nature of fraud schemes demands an ever-changing detection system. If an organization’s fraud detection methods look more or less the same as they did the year before, I can almost guarantee you that their fraud rates have returned to the levels prior to the introduction of the detection systems. Bad actors will simply find another way to conduct their business.
For these reasons, it is important to be nimble in fighting fraud. Complex technologies and massive data warehouses will lose effectiveness over time. If it takes a year to negotiate a change order, to deploy new technologies, or to integrate new data sources, literally billions of dollars in improper payments can be lost. The trick is to stay even with or just a “step” behind the bad actors, not miles behind.
While all state agencies want to choose the right partner to help them with their fraud detection efforts, I would challenge them to ask themselves the following questions: How easy is the company to work with? How willing will they be to incorporate new technologies (even if not their own)? How important is fighting government fraud to their company versus everything else they do? How passionate are they about the problem? Honest answers to these questions will reveal a lot about the future success of your efforts.
As a company that works with government clients, we spend a tremendous amount of time and money responding to Requests for Proposals (RFPs). We understand that governments use RFPs to ensure competitive bidding processes and to articulate their requirements. However, the process still causes enough angst for prospective bidders that, ironically, it often actually limits competition.
We wrote in a previous blog post about the lengthy RFP procurement cycles and their impacts on the final project. Today I’d like to discuss the formats of the RFPs themselves which often cause confusion, leading to large numbers of vendor questions, which in turn leads to delayed timelines and incorrectly submitted bids. I confess that I have never been on the “other side of the table” writing an RFP and I can only imagine how difficult it must be. But I still have one simple suggestion that I wish government agencies would take prior to releasing an RFP.
Before releasing an RFP to the vendor community, I suggest that government run an internal “mock” procurement: “release” the bid to a few agency employees and ask them to respond to it. They don’t have to provide actual answers, just an outline so they can make sure they understand what the RFP requires, where responses should go, how the format works, and other structural issues. It’s important that these people had nothing to do with the writing of the RFP document itself because then they’d naturally understand what they intended when they wrote it.
Commonly confusing issues we see in RFPs include where to place a Statement of Work (in tables or in text), repeated questions, seemingly mutually exclusive statements or requirements, and “thrown in” requirements that belong in other sections and break up the flow of the response.
I think government officials would be amazed at how much confusion and time they could take out of their procurements by performing this simple quality assurance exercise. This would also reduce the number of questions the state would have to respond to and provide more focus on issues of substance rather than administrative or formatting issues. Finally, it would lead to more uniformity of responses allowing governments to evaluate responses for their merit rather than having to search for answers to their requirements.
One of my colleagues recently returned from a conference on government program integrity with an interesting anecdote. He recounted a vendor presentation where the speaker was touting a 52% accuracy rate in their fraud lead generation system. So… nearly half of the system’s leads generated false positives. Not so sure I’d brag about that.
High false positive rates lead to wasted investigative time and money and unwarranted intrusions into the lives of legitimate program beneficiaries and service providers. Ultimately, they lead to a lack of confidence in the system itself and investigators revert back to more manual detection methods. When one considers all the important services governments deliver and the immense political pressure they endure, this is obviously not acceptable.
Shortly after hearing this story, we were asked to respond to a question about false positive rates and any existing industry standards or even benchmarks. While every vendor, including Pondera, makes claims about our system efficacy, very few standards actually exist. Conversely, our clients (the government program administrators) generally are subject to improper payment standards placed on them by the federal government.
I think there is a great opportunity, even responsibility, for governments to create these standards. Fraud detection standards would challenge the vendor community to “put up or shut up”, leading to more innovation. They could also be adjusted as the standards are met and surpassed leading to constant improvement. And they would provide governments with a uniform method for measuring vendor performance.
It is true that fraud detection systems still rely on quality program data and can suffer from the old adage "garbage in, garbage out”. So government would still share in the responsibility of meeting any new standards. But clearly, there is more we can do. And this would benefit all parties involved… except, of course, the fraudsters.
I believe that simple things can make a big difference. This week, for example, I went through self-checkout at a local grocery store and the keypad gave me the options of “debit card” or “all other tenders” to complete my transaction. “All other tenders”—who talks like that? No doubt there was a group of people that decided that, technically, “tenders” was the best word to cover all the other options. It doesn’t really matter that it makes the system more confusing. That’s my problem.
Software systems suffer from this problem perhaps more than any other consumer product. I remember the old joke about having to go to the “start” button to stop the computer. This still happens, despite the fact that experience has shown us that the single most important feature contributing to the success of software is usability.
Put simply, even the most powerful system is completely worthless if people can’t figure out how to use it. My own brother discovered this when he recently decided to switch from the iPhone to an Android phone for the additional capabilities. Not a very technical person, he quickly switched back complaining that he was utterly confused by the “full fledged computer” he was carrying around in his pocket.
At Pondera, we make the claim that our system is “built by investigators, for investigators.” And it’s true. Our most important design principle is to “mask” the underlying complexity of the system and provide analysts and investigators with an intuitive system that works the way they do. Technical people can’t do this. Data scientists can’t do this. Only investigators can do this. That’s why we hire them and task them with our most important work.
A few weeks ago, I published a blog post titled “Money Obtained Fraudulently is Rarely Used for Good Purposes”. In it, I made the argument that government fraud is a serious, and at times very ugly problem. Now I no longer have to make that argument because the United States Justice Department is making the argument for me.
Last week, the Justice Department announced the largest health care fraud case it’s ever prosecuted; one that defrauded over $1 billion over the past 14 years. The alleged perpetrators of the fraud are said to have leased private jets and chauffeured limousines. One even bought a $600,000 watch! Remember, this is your tax money we’re talking about. The system ran on a complex network of bribes and kickbacks.
And if that’s not enough, here is one of the schemes they allegedly ran. They “treated” seemingly healthy, elderly people with medications they did not need in order to create addictions which would lead to further treatments. Pure evil. Unfortunately, fraudsters are most active where large amounts of money meet vulnerable populations. This is yet another example of that and more reason for us to do what we do.
Last year, 60 Minutes did a segment on the impact of errors in the Social Security Administration’s Master Death File—a database that stores dates of death for Americans. The system stores 86 million records, and despite all best efforts, it still has some issues.
60 Minutes pointed out that errors in the system contribute to millions of dollars in improper payments each year. After all, the system would seem to indicate over 6.5 million Americans over the age of 111 when, in fact, there are probably fewer than 100. On the other hand, false positives where people find themselves mistakenly placed on the list, lead to nightmarish scenarios for obtaining loans, opening bank accounts, and other everyday tasks.
This story demonstrates one of the largest challenges for government agencies: how to use imperfect data sources to minimize fraud, waste, and abuse while also not “harassing” legitimate people and businesses. And unlike a private business that may view a false positive as an inconvenience (who hasn’t had to call their credit card company to say that “yes, that large ice cream purchase was legitimate”), government officials are severely criticized when they act on false positives. In effect, they are criticized for not acting and they are criticized for acting.
Pondera suggests that governments mitigate the effects of false positives by using composite indicators that draw information from multiple sources—both simple data matches like the Master Death File and more complex behavioral sources. For example, a Medicaid investigator would feel much more confident looking into a person who not only shows up on the Master Death File, but also appears to be traveling 100 miles for 20-minute doctor appointments, receives highly unusual (and expensive) procedures for their apparent diagnosis, and often sees two doctors in distant cities on the same day.
Anyone who has worked for or with government program integrity units understands the unique pressures they face. Combining available data sources with intelligent analytics can go a long way toward helping them investigate the right cases while not interfering with program delivery.