Welcome to the Pondera FraudCast, a weekly blog where we post information on fraud trends, lessons learned from client engagements, and observations from our investigators in the field. We hope you’ll check back often to stay current with our efforts to combat fraud, waste, and abuse in large government programs.
Way back in 2006, I read an article in the Harvard Business Review that described how the Internet had changed the sales profession. One key observation dealt with the “de-coupling” of the sales cycle from the buying cycle. Prior to the Internet, buyers had to contact vendors for information on their products. Today, buyers do their own research and successful salespeople need to unhinge preexisting customer assumptions prior to starting their sales process.
I believe that the Internet has had an even greater impact on fraud in government benefit programs. Government agencies are under constant pressure to move applications, certifications, and other processes on line to make them more convenient for citizens and businesses. This makes perfect sense because, after all, government exists to serve the needs of the citizens. Unfortunately, moving these processes to the Internet dramatically increases the incidence of fraud.
The Internet provides a degree of anonymity that makes it extremely attractive to fraudsters. The number of fictitious businesses and “ghost beneficiaries” in government programs has exploded in recent years. Many of our customers deal with applications associated with out-of-state or out-of-country IP addresses. Others come from deceased or incarcerated individuals. Still others show indicators of originating in “sweat shops” that create bulk applications and claims.
Just like the salesman that had to adjust to the new sales cycle, it’s important that government program integrity staff adjust to the changing fraud landscape. IP spoofing, anonymous email services, and the wide availability of stolen identities are realities in the post-Internet fraud market. Relying solely on the traditional detection and investigation techniques is no different than the sales person who thinks their prospect hasn’t done any of their own research.
Big data analytics and the predictive engines they spawned give Internet companies a way to monetize the online experience. By tracing online behavior, companies can target advertising, promotions, and point of sale opportunities based upon past buying decisions. Online habits of Web users can be associated with ideologies, interests, and values. Increasingly sophisticated probability engines predict future buying decisions with enough accuracy to fuel a dramatic increase in online sales and commerce over the past decade. Analysts use temporal versions of these tools to forecast market trends and evaluate risk.
In the fraud detection market however, early attempts to detect fraudulent behaviors using these same probabilistic engines have achieved limited success.
What makes detecting fraud different than detecting interests, values, and ideologies? The simple answer: Fraud is binary in nature–either a particular sequence of behaviors is fraud or it is not. For example, if an individual provider of medical services submits claims to an insurance company for 5,000 hours of services in a week (an instance from actual data), there had better be around 100 employees licensed to provide that service. If there are only three or four employees with the required licenses, the provider has committed fraud. Probabilistic engines struggle to detect fraud because they are not capable of modeling this“all or nothing”nature of violating a law.
At Pondera, we still make use of predictive analytics. But rather than detecting absolute fraud, we use the algorithms mostly to inform our fraud scores and to detect emerging fraud methods.
Once reliable methods of detecting fraud have been developed, predictive engines can also play an important part in helping insurance companies, financial institutions, and government agencies prioritize targets of investigation. Predictive models can identify the highest value targets that will recover the most money or disrupt the largest criminal organizations.
This week, my company is responding to an RFP for SaaS fraud detection services. While we are thankful for the opportunity to respond, the RFP and its process also illustrates the need for governments to adjust their procurement processes with the advent of cloud computing. After all, we responded to the RFI for this procurement over two years ago!
This means that the current solicitation is at least partly based on product capabilities from early 2014. While this might not be a big problem for traditional IT projects, this is a lifetime in SaaS. In fact, if a SaaS solution offered mostly similar functionality over a two-year period, I’d recommend not selecting that solution. Effective SaaS solutions push new features in days and weeks, not months or years.
With this background in mind, I’d like to propose that governments consider the following three modifications to their procurement policies. Some of these changes may require assistance from legislative bodies and funding organizations in addition to procurement professionals.
1. Reduce the time between RFI and RFP: This will help governments avoid building their requirements on functionality that has long since been replaced. SaaS functionality is a moving target – it’s supposed to be.
2. Smooth out funding over multiple years: Traditional IT projects required large upfront implementation costs followed by lower ongoing support, maintenance, and operations costs (assuming the initial implementation was successful). SaaS solutions spread the cost more evenly over time as the solution continues to improve.
3. Make sure your staff is ready when you award: True SaaS solutions can be implemented quickly, often in as few as 120 days. By the time you award a project, you should be ready to discuss security plans, access the required program data, assign staff (not just project staff but system users), and address many other details that could often be delayed in lengthy IT projects.
I bet you cna’t bvleiee taht you can uesdtannrd waht you are rdnaieg. Unisg the icndeblire pweor of the hmuan mnid, aocdcrnig to rseecrah at Cmabrigde Uinervtisy, it dseno't mttaer in waht oderr the lterets in a wrod are, the olny irpoamtnt tihng is taht the frsit and lsat ltteer be in the rhgit pclae. The rset can be a taotl mses and you can sitll raed it whoutit a pboerlm. Tihs is bucseae the huamn mnid deos not raed ervey ltteer by istlef, but the wrod as a wlohe.
The preceding paragraph, which has made its way around the Internet for years, can be really fun to share with friends. However, it also serves as a caution to anyone involved in fraud detection. In many ways, bad actors, knowingly or unknowingly, have depended on how the human mind works to perpetrate fraud schemes. Like the old expression goes, sometimes the best place for fraud to hide is in plain sight.
This is especially true in government programs that process massive amounts of transactions and must adhere to a staggering number of program regulations. Traditional “top down” systems can analyze large data sets and find nothing wrong (after all, the first and last letters are in the right place). “Bottom Up” systems, on the other hand, will identify individual problems (the word is scrambled) but may miss the patterns in the data (this entire paragraph is scrambled). A common example of this is the medical provider that always “flies just below the radar” by maximizing claim amounts and frequencies.
The best detection processes take both a “top down” and “bottom up” approach. They can identify individual transaction problems as well as identify patterns of bad behavior over time. In this way, you can make the old “80-20” rule work in your favor. 80% of improper payments are likely caused by 20% of program participants. If you only address each individual transaction, you’ll never run out of work but you also never really improve your program integrity efforts.
Click here for an infographic on the "80-20 rule".
Remember back to last year when the IRS announced that cyber thieves stole personal data from 100,000 taxpayers? This sophisticated scheme accumulated personal data from other sites and used it to answer identity validation questions on the IRS web site to gain access to taxpayer accounts.
The 100,000 taxpayers affected? The IRS revised that number later in the year to 334,000 Last week they raised the number again to more than 700,000! Combine this with the high-profile hacks at Sony, Target, Anthem, and other organizations and one thing becomes very clear: bad actors are rapidly improving their identity theft methods.
In response, government agencies need to prepare for an onslaught of fraudulent tax returns, unemployment claims, Medicaid treatments, and other services. In 2015, the IRS paid out $5.8 billion in fraudulent returns. Several of Pondera’s clients also saw dramatic increases in “ghost” beneficiaries, often paired with fictitious businesses, set up solely to defraud government programs. 2016 promises to be even more problematic.
As program integrity experts, we have to recognize that we are moving into a new age of identity theft problems. We can log on to YouTube and watch a music video about Unemployment Insurance Fraud. CNN has run stories on street gangs trading liquor store holdups for benefits fraud. The barbarians are at the gate and it’s our responsibility to strengthen the defenses.
In 2009, congress enacted the American Recovery and Reinvestment Act (ARRA), also known as the Stimulus, to bolster the economy and help America recover from the Great Recession. The idea was that various tax credits, business incentives, and public works projects would stimulate the economy while also improving the nation’s infrastructure. While arguments continue over the effectiveness of the program, it is estimated to cost nearly $100 million annually for 10 years.
Today, seven years after ARRA was enacted, I think about the economic impact we could achieve through the eradication of overpayments in government programs. The government estimates that over $125 billion in FY 2015 were paid improperly. This number, even after subtracting the underpayments that are also counted in improper payments, is larger than the highly controversial ARRA spending totals. In effect, by eliminating FWA from government programs, we could implement a permanent economic stimulus!
I know that it is unrealistic to think that we could completely eliminate improper payments. But I also know that we can make drastic improvements by increasing our support for program integrity efforts and by continuing to develop and implement innovative detection solutions. It would also help if legislative bodies approved processes to support agency collection and enforcement efforts. I realize this sounds like a lot of work. But it seems to me that a permanent economic stimulus is worth every bit of effort.
By the time we engage with an agency, they are fully convinced that they need to change something: the way they are detecting fraud, waste, and abuse, or maybe the way they are managing cases. When it comes to change though, we’ve found that the devil truly is in the details.
Each of your staff will typically fall into one of the following categories. It’s important to recognize this and to staff your change projects appropriately.
Champions: These people embrace the future vision and want to help achieve it. They love new challenges but also expect that they’ll need to find ways around unexpected problems. They vocalize successes and accept changes for the “long haul”. Projects without champions will never meet their potential.
Cynics: Unlike champions, these people think that the change, usually any change, is not necessary. They perceive their value in their knowledge of how “things have always worked” and any threat to this is a threat to them. There is no way to change a cynic’s mind and no way to bring them on board. Cynics are never good for a change project. It’s important to recognize them and keep them to the side.
Skeptics: Skeptics, which can often be confused for cynics, need proof to get on board with a change effort. They need to be convinced that the change is good for the agency or for them. Skeptics are a vital component to project staffing because the rest of your agency will clearly see when a skeptic has been “converted” to a champion.
Followers: This category makes up the majority of staff assigned to most projects. At the beginning of the project, they will contribute and won’t do anything to undermine the effort. As the project progresses, they will move to whichever side is gaining momentum: success or failure. This is why champions and converted skeptics are so important—they generate excitement and commitment from followers.
If this all sounds obvious, I challenge you to think back to a change effort that you’ve observed that should have succeeded but managed to fail short of expectations. You may very well find that the reason was that identifying “change readiness” was either done incorrectly or ignored altogether. We’re not advocating expensive, complex, and lengthy change processes. But we are suggesting that you think about this before engaging in any important project or process change.
We’re all in this together. You may work in Medicaid, Unemployment Insurance, Integrated Eligibility, SNAP, WIC, TANF, or any of the other important government programs that so many Americans depend on. Regardless of the program though, we all share the common goal of fighting fraud, waste, and abuse to make sure that our programs help those people who qualify for and truly need the assistance.
The goal of the Pondera Blog is to post and share information that is relevant to all government program integrity professionals. If we’ve learned nothing else as we work across programs and across states, it’s that bad actors don’t limit their activities to one program or one state. They follow the money wherever it leads them. For PI professionals, this means there is a lot to learn from your peers in other states and other programs.
We hope you’ll check back often for new content. Our intent is to post information on emerging fraud methods, promising detection techniques, lessons learned from our projects, and a variety of other topics. Some might question why we would share this information in a public forum where Pondera’s competitors can easily view what’s of interest to us (clearly we’ll never post anything that could help fraudsters). Our answer to that question is simple: we’re all in this together.