Welcome to the Pondera FraudCast, a weekly blog where we post information on fraud trends, lessons learned from client engagements, and observations from our investigators in the field. We hope you’ll check back often to stay current with our efforts to combat fraud, waste, and abuse in large government programs.
I read with great interest a recent article about card skimmers that were found at “The Stop and Shop” gas station where I often fill up my tank. While they were discovered relatively quickly, more than a dozen customers were scammed. Several of them had their entire bank accounts wiped out.
Skimmers, for those of you that are not aware, are malicious card readers that take data from your credit or debit card’s magnetic stripe. The data is stored on a drive where it is stolen, requiring the fraudsters to return to pick up the data files. They can then clone your card or just steal directly from your accounts. What makes them so effective is that the skimmers don’t interfere in the actual transaction, making you think that you’re just filling up your tank like you have hundreds of times before.
Turns out that skimmers are growing both in popularity and sophistication. Through the first half of last year alone, skimmer use grew 21% which was on top of high growth rates the year before. In Florida, authorities found 315 skimmers during this time period, triple the number found in the same period the previous year. Considering that 29 million people use credit or debit cards to pay for gas every day, this is certainly a rich target market for fraudsters.
To take advantage of this opportunity, fraudsters continue to improve the skimming devices. They are now almost undetectable by the average citizen. So what do we do to keep our information safe? Authorities suggest visually scanning the card readers for anything unusual, tugging on the reader to see if it is loose, and checking for forced entry into the pump itself. There are even smartphone applications that use Bluetooth to help discover skimmers. Of course, you can also simply pay the attendant for your gas.
This is just one more case of honest people being inconvenienced, at best, or ripped off, at worst, by tech-savvy fraudsters. And because the use of skimmers is sure to increase over the next several years, we all may want to think twice about “paying at the pump”.
Anyone who has recently attended college or has a family member in college likely has some familiarity with student loans. In fact, 40 million Americans currently have student loans totaling an astounding $1.2 trillion dollars. Many of those who have applied for loans have been victimized by methods such as “advanced fee scams” that promise the best rate for an upfront service fee, or the ever-present loan elimination scams.
With easy access to stolen identities, fraudsters are now targeting the more lucrative loans themselves. Using stolen IDs, they enroll in classes which they, of course, never attend. Loans are made by the government, payments are not, and the unsuspecting “owner” of the loan goes into default when the fraudsters don’t make their payments.
In Grand Rapids, Michigan, a man was indicted last month for this exact scheme. He faces up to 20 years in prison for allegedly using stolen IDs to steal $150,000 in loans and grant aid. A quick check of the government’s paymentaccuracy.org website shows that he is not alone. Between the William D. Ford Federal Direct Loan Program and the Federal Pell Grant Program, $6.1 billion was improperly paid in 2016 alone.
While many of the improper payments are made to people who simply do not qualify based on income, an increasing number of loans are being made to outright fraudsters. Some estimates place the number of known fraud ring participants as high as 85,000 people. This victimizes the taxpayer, of course, but even more directly the person whose identity is stolen. It can take months or even years to clean up your credit. That’s one lesson I hope I never need to learn.
As a country, we have become accustomed to reading stories about fraud in healthcare, financial services, and government programs. It doesn’t make it right, but it’s certainly not new. Now though, news comes from the American Red Cross that $5 million of Ebola relief funds were fraudulently disbursed on overpriced supplies, fake customs bills, and even non-existent aid workers. These scams will be familiar to regular readers of this blog as they are similar to scams run against domestic subsidy programs. But Ebola relief efforts?
Between 2014 and 2016, Ebola raged through parts of Africa, claiming over 10,000 lives in Liberia, Sierra Leone, and Guinea. In response, the Red Cross collected and distributed over $100 million in aid, while doctors, nurses, and other volunteers risked their lives to save those suffering or at risk from the disease. Into this tragedy, naturally, came the fraudsters who recognized an ideal opportunity given the large amounts of aid money and the necessarily lax controls over disbursements.
Now the Red Cross finds itself having to apologize to donors who realize that 5% of their contributions were stolen. While I don’t know all the details about the Red Cross’s financial controls, I can only imagine how difficult a task it was to make sure money was distributed quickly to only well-intentioned people and organizations.
If anything, I believe this is one more reason for strong enforcement of criminal fraud after it has been committed. Trying to prevent fraud by adding bureaucracy and controls to the funds distribution process would likely add to delays during an emergency. Rigorous investigations and strong prosecutions, on the other hand, could act as a deterrent to future fraud. If not, at least it would prevent these fraudsters from plying their “trade” during other disasters.
A recent spate of high profile arrests of dentists is drawing attention to an often-overlooked segment of Medicaid fraud. Some unscrupulous dentists are exploiting gaps between what private insurers reimburse versus what Medicaid will pay for. Others are just brazenly breaking the law to rip off state Medicaid programs.
Consider these recent charges brought against dentists:
An Anchorage, AK dentist was charged with 10 felonies. His “care” included performing a tooth extraction while videotaping himself on a hoverboard. Naturally, he had to text the video to friends. He is also accused of giving expensive, and unnecessary, IV sedations to Medicaid patients and then performing unneeded procedures on his passed-out patients. Since private insurance rarely pays for IV sedation, he only performed this fraud scheme on his Medicaid patients.
A Fairfield, CT dentist who saw mostly elderly and indigent patients is accused of ripping off more than $900,000 from Medicaid by billing for services that he never performed. One hint that he may have not been acting honestly: he billed for both a cavity filling and denture procedure on the same tooth!
An Atlanta dentist was sentenced to 18 months in prison earlier this year for defrauding nearly $1,000,000 from Medicaid. Her unique talent included the ability to perform dental procedures in Atlanta while she was traveling out of the country.
Unfortunately, these cases simply support our premise that fraud will exist anywhere substantial amounts of money are exchanged in complex billing and regulatory environments. These, and other similar cases, serve as a warning that we must monitor literally every medical specialty reimbursed by Medicaid.
In their never-ending quest to circumvent the law, unscrupulous business owners are now adopting the use of so-called “zapper” software to avoid paying sales taxes. Zapper software automatically deletes a portion of cash sale transactions and then automatically reconciles the business’s back end finances to make it appear that the businesses paid the appropriate amount of taxes. This scheme reduces tax collections for governments and passes the burden to the vast majority of businesses who choose to act within the law.
Thanks to a crackdown by federal and local officials, recent arrests include $1 million in unreported sales at Cesar’s Restaurant in Lakeview, IL (home of the “killer margarita”) and $800,0000 at the Lao Sze Chaun restaurant in Milford, CT. However, a simple Google search will reveal that almost no city is immune to the zappers.
Zapper software is so popular that some businesses are now starting to offer it to their clients. In December, for example, a Canadian man pled guilty to selling zapper software to eight restaurants in the Seattle area leading to $3.5 million of taxes avoided. It is alleged that his company, which sells Point of Sale (POS) software, also sold the illegal zapper software through a subsidiary in China. After the sale of the software, they even offered to support their customers with their ongoing efforts to defraud the government.
Zapper software, while somewhat novel, is just another attempt to apply technology to skirt the law. And while law enforcement training and targeted audits will surely help detect some of these modern-age fraudsters, analytics that use peer comparisons, spike indicators, and other statistically rigorous detection methods can also help detect the problem early. Like the old saying goes, it takes fire to fight fire.
While I don’t think healthcare fraud is a particularly humorous subject, a recent case in Florida does lead to a few chuckles.
Earlier this year, a Northern Florida doctor pled guilty to falsely billing over $1.5 million to Medicare and TRICARE. The billings were submitted for a complex procedure that required the removal of skin and muscle. In reality, most of the procedures actually performed were for routine foot care, including toenail clippings.
So how did this fraudster get caught? It seems the authorities used basic peer comparison analytics to flag suspicious activities. In this doctor’s practice, half of his patients apparently needed the expensive foot procedure, placing him in the top 1% of all providers in the country for this service. This despite the fact that Ocala is only the 45th most populated city in, not even the nation, but the state of Florida with fewer than 60,000 citizens!
The doctor tried to cover his tracks by falsifying patient medical files to make it appear that he had actually performed the procedures, versus simply cutting toenails and performing other routine procedures. He now faces a maximum penalty of 10 years in prison and restitution of $1.5 million.
As the residents of Houston and surrounding areas continue to struggle with the devastation caused by Hurricane Harvey, history shows us that problems will continue long after the homes and businesses have been repaired. Every large natural disaster in this country follows the same pattern: destruction brought on by the disaster, followed by looting and price gouging, followed by huge amounts of fraud committed in the chase for assistance money.
In Texas, all three seem to be occurring at once. We’ve all seen the heartbreaking images and videos of families who have lost everything, unfortunately including those who lost their lives. We’ve also seen the inspiring stories of ordinary people that risk their lives to help a neighbor, a stranger, or a lost family pet.
Now, of course, the looting stories are beginning to circulate. In this case, it appears that law enforcement is doing all that it can to protect life and property, including announcing mandatory jail time for all thieves and burglars. However, the scammers are wasting no time setting up Facebook pages and sending out tweets with links to “relief organizations” that are actually designed to steal money from those who want to help.
I have no doubt that this fraud activity will only increase. Consider these examples following previous disasters:
- Dozens of people were convicted of using fraudulent psychiatric claims following 9/11 to steal up to $50,000 per year in Social Security disability payments.
- A New Jersey man was one of hundreds to receive relief funding (in his case $171,099) after falsely claiming his primary residence was a home damaged by Hurricane Sandy.
- An Alabama woman filed 28 claims for disaster assistance in 5 states following Hurricane Katrina.
Unfortunately, fraud thrives at the intersection of vulnerable populations and large amounts of money. And Hurricane Harvey creates this intersection by displacing so many families, by invoking a government response, and by tapping into the giving spirit of caring Americans.
Even more unfortunate is the fact that most of the fraud will go undetected and unprosecuted. Consider that the vast majority of the 22,000 cases of potential fraud passed to the government's Katrina task force were never prosecuted. And it is likely that FEMA collected less than 5% of the estimated billion dollars of fraud following the Hurricane. Only by increased enforcement and stricter sentencing will we be able to break this heinous pattern. And, to me at least, this is a pattern worth breaking.
It has been an interesting few weeks for the Supplemental Nutrition Assistance Program (SNAP), formerly known as the Food Stamp program, with two high profile busts. Both cases illustrate common schemes used to defraud the SNAP program, which distributed over $70 billion in food-purchasing assistance last year to 44 million Americans.
In Georgia, two convenience store owners used stolen identities to apply for SNAP benefits which were then loaded onto EBT cards (similar to credit cards) and mailed to addresses they controlled. Once received, they swiped the cards at their own convenience stores and pocketed over $800,000 before being caught. The U.S. Attorney assigned to the case said, “They used the SNAP system as an ATM for their personal gain, diverting critical benefits that help those who need assistance in our communities.”
Then, in Delaware, seven case workers at the Department of Health and Social Services were indicted for creating 100 fake accounts and cashing $959,000 in benefits. After creating the accounts, the case workers had the EBT cards mailed to state service centers where they simply intercepted them and used the cards themselves. Their scheme was detected when a supervisor noticed incomplete application data for one of the cards.
The Georgia case illustrates just how easy it can be (at least for a time) to use stolen identities to defraud government programs. Even if the suspects hadn't owned the convenience stores, it would not have been difficult for them to find one that would pay them a discounted price in cash for their cards.
The Delaware case is one we commonly see across states and programs where unscrupulous employees use their knowledge of the system to defraud their own government agency. Large amounts of money, combined with loose supervision, often prove too tempting for those with questionable morals.
A quick check of the government’s fraud reporting website, paymentaccuracy.gov, reveals that improper payment rates for SNAP are still not posted because of reporting problems. I look forward to updated numbers when they are available because even a small number like the 3.2% reported rate for 2014 translates to over $2.2 billion per year in improper payments.
Almost everyone is familiar with antivirus software. Not everyone is familiar with how it works though. Even fewer have examined how we can apply the way antivirus software works to combat fraud. I believe that there are important lessons here which can improve our approach to fraud detection and prevention.
At a high level, antivirus software performs two important functions prior to opening a file on your computer: 1) It compares the file to known viruses and other forms of malware, and 2) It checks the file for suspicious code which may indicate a new, previously unknown virus.
The first function depends on a network of users willing to share known viruses and a system that is able to collect the virus data, design a fix, and disseminate the fix to other users prior to them being infected. The second function depends on heuristic programmers that can design systems to learn and even anticipate potential problems. Working together, this is one of the most effective ways to address the constantly changing nature of Internet malware.
Government fraud prevention, when done properly, works in a very similar manner. By examining known bad actors, bad transactions, and bad behaviors, systems can quickly compare ongoing program data to identify suspect transactions. Modern fraud detection systems also include predictive algorithms that can detect anomalies, trends, patterns, and clusters that may indicate fraud.
Unfortunately, many governments are unable, or unwilling, to share data. This limits the “network” effect that antivirus software uses so effectively. If more states and programs shared fraud schemes and findings, the library of known bad actors and methods could detect fraud and prevent it from moving from state to state and program to program.
The good news is a number of states are moving toward state-wide fraud prevention efforts and a number of government subsidy programs are moving toward cross-state fraud prevention efforts. I am confident that the future success of these efforts will promote additional sharing, leading to a larger network, and more efficient governments.
Big data analytics and the predictive engines they spawned give Internet companies a way to monetize the online experience. By tracing online behavior, companies can target advertising, promotions, and point of sale opportunities based upon past buying decisions. Online habits of Web users can be associated with ideologies, interests, and values. Increasingly sophisticated probability engines predict future buying decisions with enough accuracy to fuel a dramatic increase in online sales and commerce over the past decade. Analysts use temporal versions of these tools to forecast market trends and evaluate risk.
In the fraud detection market however, early attempts to detect fraudulent behaviors using these same probabilistic engines have achieved limited success.
What makes detecting fraud different than detecting interests, values, and ideologies? The simple answer: Fraud is binary in nature–either a particular sequence of behaviors is fraud or it is not. For example, if an individual provider of medical services submits claims to an insurance company for 5,000 hours of services in a week (an instance from actual data), there had better be around 100 employees licensed to provide that service. If there are only three or four employees with the required licenses, the provider has committed fraud. Probabilistic engines struggle to detect fraud because they are not capable of modeling this“all or nothing”nature of violating a law.
At Pondera, we still make use of predictive analytics. But rather than detecting absolute fraud, we use the algorithms mostly to inform our fraud scores and to detect emerging fraud methods.
Once reliable methods of detecting fraud have been developed, predictive engines can also play an important part in helping insurance companies, financial institutions, and government agencies prioritize targets of investigation. Predictive models can identify the highest value targets that will recover the most money or disrupt the largest criminal organizations.