Welcome to the Pondera FraudCast, a weekly blog where we post information on fraud trends, lessons learned from client engagements, and observations from our investigators in the field. We hope you’ll check back often to stay current with our efforts to combat fraud, waste, and abuse in large government programs.
Last month CNN published a horrifying report on sexual abuse in America’s nursing homes and assisted living facilities. The report provided details on dozens of assaults, rapes, and other incidents that, quite frankly, were extremely difficult to read. In my opinion, however, this level of detail is probably necessary to shock people into taking action against what CNN rightly labelled “an unchecked epidemic”.
The numbers themselves are devastating. Approximately one million senior citizens are currently residing in 15,000 government-regulated long term care facilities. Since 2000, it appears that over 16,000 cases of sexual abuse have been reported, but the number is probably higher because of complex reporting systems and processes. And it’s impossible to determine the number of unreported cases.
Between 2013 – 2016, CNN found that 1,000 government-regulated facilities had been cited for mishandling or failing to prevent sexual assaults. 100 of the facilities had been cited numerous times. And despite this, only 226 facilities were fined just $9 million. Only 16 of the facilities were cut off from Medicaid and Medicare!
What is equally disturbing to the actual cases of abuse is the blatant disregard of safeguards and even the intentional impeding of investigations. Consider a case here in California where the employer allowed a nurse to continue working for weeks after reports of him kissing and fondling a female resident. This crime, by the way, resulted in only a $27,000 fine.
At Pondera, we often say that fraud and abuse is most prevalent at the intersection of large amounts of money and vulnerable populations. This makes nursing homes “ground zero” for abuse because it is here that the escalating costs of long term care combine with dementia and other health issues that can make senior citizens problematic witnesses.
Among several recommendations made by CNN was a call for improved reporting systems. We agree that this is an important piece of the solution. It will provide greater transparency and help regulators identify trends and clusters of abuse. But clearly, stricter oversite and enforcement are needed. So too is the type of no-nonsense reporting that CNN did for this report.
It’s April, which every year brings more news about tax fraud scandals. The news this year, however, is even more disturbing than expected. IBM’s X-Force threat intelligence group released a report last week that showed a 6,000% increase in spam emails designed to steal information from W-2s and other tax documents. Last year, these criminals “earned” over $3 billion through similar scams. And if you were one of the victims, then you are already familiar with the hassles of having your return stolen or a completely false one filed using your identity.
The continuing use of the Dark Web is a major factor behind the acceleration in this form of cybercrime. Stolen identities that include tax information are currently fetching around $40 on illicit marketplaces. While this may not seem like much, it is extremely lucrative when a fishing scam succeeds at stealing thousands of identities. So lucrative, in fact, that would-be scammers can even visit the Dark Web to buy online tutorials on how to perpetrate tax fraud.
Popular scams this year include sending emails that appear to be sent from TurboTax and other tax preparation companies. The hope is that you respond because you use that tax service. So-called spearfishing scams are also targeting corporate human resource departments. They will often send an email to an HR manager, seemingly from a member of the company’s executive staff, requesting W-2 and other tax information on the company’s employees.
Cybercriminals will continue to hone their skills resulting in more convincing emails and websites. They will continue to take advantage of technologies that allow them to increase the number of outbound messages. And they will continue to learn and share new techniques on the Dark Web. This means that all of us, as businesses and as private citizens, need to step up our efforts to protect data. These days, it’s no longer just “a fool and his money” who are soon parted.
At Pondera, we are often asked whether fraud detection algorithms will ever completely replace human investigators. And while I can’t address the “ever” part of the question, I can confidently state that it will not happen in the foreseeable future. One of the major reasons for this? Prediction models, like many people, struggle to distinguish between cause and effect.
A Stanford University professor recently shared her studies on this topic which support many of our own findings. She noted that while prediction algorithms are excellent at finding patterns in large data sets, their effectiveness is limited because they struggle with determining causation. An example she used is that algorithms have been shown to help identify patients who should not receive hip surgery because they would likely die of other causes. However, the algorithms are unable to prioritize those patients who should receive the surgery.
In several cases, the professor notes that correlation can be as low as 50%. And she properly notes that while this may be fine in certain situations, governments simply cannot conduct such high-risk experiments with social welfare, economic policies, and other important matters. And unlike controlled environments, such as those that use placebos to test medications, the real world is simply too messy and unpredictable to control all factors.
This problem of causation identifies an important intersection between human reasoning and prediction algorithms. We believe that in complex, rapidly changing environments like fraud detection, effective detection systems combine the power of modern detection algorithms with experienced human reasoning.
By leveraging the individual strengths of both machine and human learning, we can analyze massive data sets and make sense of the findings. We regularly use the system to find the problem and ask the human experts to help explain the problem. This makes the results actionable, which ultimately is what our government partners require.
A recent arrest in New York City illustrates a common fraud method that Pondera has been talking about for years: falsifying an identity (of an individual or business) and using it across multiple states, or in this particular case, across multiple subsidy programs within a state.
In February of this year, the New York State Attorney announced the arrest of several individuals allegedly involved with a fraudulent medical supply company. The company’s owner operated under a false social security number and billed the State Medicaid system for an expensive nutritional formula required by patients with feeding tubes. In actuality, when they delivered the service at all, they dispensed lower-priced Pediasure to dramatically increase their profits—apparently ignoring the health consequences to the patient.
But, as is often the case with bad actors, they didn’t stop there. In addition to their fraudulently obtained Medicaid profits, the fraudsters also used their fake socials and claimed income of less than $800 per month in order to qualify for Welfare payments. This despite the fact their medical “business” incomes were over $180,000 per year. It would not surprise me to learn that these same people were operating in other subsidy programs or in neighboring states.
This is a disturbing, but somewhat logical, pattern that we see again and again. When someone goes to the trouble of creating a fake identity or business, they use it to generate as much income as possible. They “fly below the radar” of each individual program (or state) to avoid detection, but the fraud can be very lucrative in aggregate.
The obvious solution to this is increased cooperation and data sharing across programs within a state and across states. The federal government has made significant efforts to support data sharing including the List of Excluded Individuals and Entities (LEIE), the Death Master File, and the Prisoner Update Processing System (PUPS) which can help identify claims that are fraudulently made by ineligible, deceased, or incarcerated identities.
Our hope is that these efforts expand, including at the state level, where multiple agencies cooperate to identify cross-program fraud schemes. It is not enough to detect and then stop individual incidents of fraud. Many of these incidents are too small, when viewed as discrete occurrences, to warrant prosecution. Knowing this, enterprising fraudsters “sprinkle” their claims across multiple jurisdictions to avoid attention.
Unfortunately, as was the case in New York, even these smaller, distributed fraud efforts can have an impact on patient health. The good news is that New York detected and put an end to this incident. But we all know there are thousands of similar cases each year.
A few months ago, I wrote an article offering our support to the USDA Food and Nutrition Service (FNS) as it rolls out a new program offering online access to groceries for Supplemental Nutrition Assistance Program (SNAP) recipients. My main concern with the new initiative was that FNS cannot provide an accurate SNAP fraud rate because of unreliable data coming in from the states. And we all know that offering goods and services online presents even more opportunities for fraud.
Now Congress is asking FNS additional questions in a letter sent to them on February 8th. Outlining the lawmakers’ concerns, the letter points out that as many as 10% of retailers who accept SNAP EBT cards participate in illegal trafficking schemes. These schemes pay recipients a discounted amount of cash or unapproved grocery items in exchange for their cards. They go on to point out that total annual fraud in the program is over $858 million.
The massive size of the SNAP program is one of the major reasons, historically at least, it is so difficult to detect fraud. In 2016, the program distributed $67 billion in benefits to 44 million Americans through 260,000 authorized retailers. Interestingly though, as much as 85% of the retailer fraud is committed by small grocery and convenience stores, or even flea markets like the one in Opa-Locka, FL that we recently wrote about.
With the advent of cloud computing and advanced analytics solutions, FNS now has access to the tools required to make a real difference in their fight against fraud. And by addressing the retailer side of the equation, they will also find, through association, many of the fraudulent individuals in the system as well. It would certainly make sense for FNS to leverage modern fraud detection technologies at the same time that they offer online access to groceries.
It is also important to note that the number of SNAP program retailers and recipients, while large, is very manageable. Consider that at Pondera we’ve performed equally complex fraud analytics on Medicaid programs with as many as 200,000 providers and Unemployment Insurance systems with over 1,000,000 employers. And when one considers that the overwhelming majority of SNAP trafficking fraud occurs in a concentrated subsection of small and medium retailers, the problem becomes even more manageable.
I read with great interest the story this month about a woman who cheated her way to a second-place finish in the Fort Lauderdale half marathon. After posting a time of 1 hour and 21 minutes, the website www.marathoninvestigation.com revealed several problems with the woman’s results including: the race statistics she posted to a website were manually entered (versus those calculated by her GPS), a second set of results she posted seemed more consistent with a bike ride, and a zoomed photo of her post race wristwatch revealed that she ran only 11.65 miles of the 13.1 mile race. This evidence led to an admission and apology by the runner.
What I find interesting about this incident is how indicative it is of the ever-increasing power of data. While runners collect data to help them train and perform better, it can also be used to uncover cheating and fraud. This is no different in government subsidy programs, like Medicaid and welfare systems. Governments collect data to help them improve service delivery to their constituents, and with modern technologies, the data can also reveal fraudulent anomalies and patterns.
Of course, bad actors who want to defraud programs are aware of the increased use of data to catch them. Gone are the days when they can blatantly abuse government systems knowing that the size and complexity of the programs would make it nearly impossible to catch the cheats. In running, who would dare to repeat Rosie Ruiz’s 1980 Boston Marathon “victory” where she was spotted riding the subway with her runner’s bib?
Instead, bad actors often “fly under the radar” – stealing smaller amounts over longer periods of time to avoid being noticed. Second place in the Fort Lauderdale Marathon is certainly “under the radar” compared to a victory in the Boston Marathon.
So, now that our fraud detection capabilities can catch bad actors who boldly fly above the radar and those who strategically fly below the radar, one would hope that it would lead to decreases in fraud attempts. But I also know that making fraud harder to commit rarely turns fraudsters into honest and contributing members of society. It just makes them work harder. This simple fact provides us with the incentive to continually improve on our technologies and approaches. This is one war we fully intend to win.
Earlier this year, four government agencies – Commerce, Health and Human Services, Energy, and the Environmental Protection Agency—received letters from congress directing them to provide documents and comments detailing their efforts to “identify waste and… to achieve budget savings in the next five years.” The letter referenced a report from the Pentagon that identified a “clear path” to saving over $125 billion over five years, which was subsequently suppressed because of the dramatic findings.
The Washington Post, which was mentioned in the letter from Congress, exposed the Pentagon’s internal study in December 2016. The Post explained the reason the Pentagon buried the study was that they feared Congress would cut their budget if they knew of the waste. Incredibly, the “clear path” to savings did not even require layoffs. Rather it would use attrition, early retirements, reductions in expensive contractors, and modern technology to streamline operations.
To put the size of the problem in perspective, the study showed that the defense department paid over 1 million back-office staff to support 1.3 million active duty troops (the smallest number of troops since 1940). Thanks to these large numbers, the savings from streamlining could have led to reallocating up to $125 billion for troops and weapons and rebuilding the nation’s aging nuclear arsenal. But apparently, some Pentagon officials decided that protecting against budget cuts was more important.
The four agencies who received the letter from Congress have until March 10th to respond. Their response must provide a copy of their internal reports similar to the Pentagon report, lessons learned for their department if they do not have a similar report, and any efforts the department has made to combat waste. Given that these four agency budgets total over $1 trillion, twice that of the Department of Defense, there should be ample opportunities for savings.
Shortly after Tom Brady led the New England Patriots to the greatest comeback in Super Bowl history, he noticed that his game jersey had been stolen from his bag. Asked if it was still missing hours later, he responded "Yeah, it's going to be on eBay at some point."
This got me thinking about the market for high profile stolen items like sports memorabilia and famous artwork (yes, Pondera people think a little differently than the average sports fan). How, after all, could someone hope to profit from selling such a famous jersey—certainly not by selling it on eBay.
As it turns out, the markets for stolen items like sports memorabilia and artwork are quite mature and well-defined. Stolen art obviously has a longer history and much can be learned from it. For example, pricing for stolen art is typically around 10% of the estimated value. Interestingly, this means that many of the most famous paintings are less likely to be stolen because even 10% of $100 million is a lot to pay for an item that you can’t even show to friends!
While there are notable exceptions, including the 1911 theft of Da Vinci’s Mona Lisa (recovered two years later), the large majority of art thefts are of less than $10,000 items from private homes. The items are often sold after a period of time to legitimate galleries by “owners” who claim to have inherited them. Most estimates state that only about 5% of art thefts are ever truly solved. A recent seizure of famous Dutch art on the Ukrainian black market, for example, focused on recovery versus deciphering the 10 year “chain of custody” since being stolen.
Back to Tom Brady’s jersey. While not as expensive as a famous painting, many experts estimate its value at around $500,000. This would translate to a $50,000 value on the black market. And because it is such a famous item, it certainly wouldn’t be wise to display it openly.
While $50,000 is a great deal of money, I’m not sure many of us would take the risk of avoiding the Texas Rangers for that payday.
For those who need more impetus to stay on the straight and narrow, remember that O.J. Simpson’s 33-year prison sentence stemmed from a Las Vegas robbery over sports memorabilia that he claimed was stolen from him. And while Tom Brady’s 5th Super Bowl win is sure to ease the pain of his stolen jersey, I’ll still be rooting for the Texas Rangers and Houston P.D. in their efforts to recover this important piece of sports history.
The USDA recently announced a pilot program, starting this August, to offer online access to groceries for Supplemental Nutrition Assistance Program (SNAP) recipients in seven states. Groceries will be delivered to the recipients’ homes by seven participating retailers including familiar names such as Amazon, Safeway, and Shoprite.
For many SNAP participants, this is both a tremendous convenience (saving them time) and a potential necessity (providing access to healthy foods in rural and urban “food deserts”). In fact, America’s poor have higher access to the Internet than they do to cars: 88% to 79.6%. And no one can argue that time spent with family, working, or seeking work is more valuable than time spent commuting to and shopping in grocery stores.
Of course, online transactions often lead to more opportunities for fraud. And for their part, the USDA is mandating stricter controls than those required for non-SNAP transactions, including the use of a secure PIN number on all SNAP transactions. They have also provided funding in recent years to help states address benefit card trafficking problems.
It is also known that when large sums of money are distributed through online transactions, bad actors will innovate new ways to defraud the system. In 2014, while the improper payment rate in SNAP was relatively low at 3.66%, this still represented over $2.5 billion. Perhaps more concerning is that for 2015, after the USDA worked with all 50 states to assess their payment accuracy rates, they were not able to provide an overall improper payment rate for the SNAP program because data from 42 of the 53 reporting agencies could not be validated.
In many ways, this situation encapsulates the challenges facing government organizations. While their main directive is to provide important services to citizens – which I believe includes online access to nutritious foods—they also must protect the taxpayers’ money and make sure benefits go to those who are qualified to receive them. We wish the USDA luck with this new pilot and stand ready to assist our state government clients in their program integrity efforts.
In a recent Texas senate hearing, it was revealed that in 2015, the state’s 22 Managed Care Organizations (MCOs) had recovered only $2.5 million of fraudulent payments out of $12.5 billion in claims. That’s about two-hundredths of a percent. Not one of the MCOs recovered even 1% of payments and most reported less than $20,000 in recoveries per full time investigative resource.
These numbers are stunningly low considering the actual amount of managed care fraud, estimated by the American Bar Association to be over $17.5 billion per year. There are dozens of ways to commit fraud in managed care programs including enrolling ineligible, deceased, or incarcerated individuals, collusion and kickback schemes among providers, and billing across MCOs.
In fact, many instances of managed care fraud can be even more insidious than the fraud found in fee-for-service programs. For example, rather than billing for unnecessary services which is common in fee-for service, fraudulent managed care providers are more apt to deny necessary procedures to increase their profits. They also recruit healthy members to bill capitation fees while incurring smaller expenses than those for less healthy members.
As states move more of their Medicaid populations into managed care, it is critical to not pass the responsibility of fraud detection to the MCOs. The current situation in Texas, whatever the causes, should not be tolerated. It is clear that not all MCOs will “play by the rules” and this will inevitably lead to higher capitation rates and less effective care. This is pretty ironic considering that lower costs and improved care were two of the main drivers behind moving to managed care in the first place.