GovLoop

7 Ways to Beat the Fraudsters in Online Citizen Services

Woman talking with work colleagues on video call using tablet computer from home.

By Dr. Sarbari Gupta, CEO, Electrosoft, Inc.

During the pandemic, many citizen-facing government services abruptly transitioned to online portals. The move enabled citizens to continue receiving medical, housing, educational and other benefits – with government personnel virtually supporting benefit delivery – all from the safety of their homes. Yet remote identity verification proved challenging. And it created an environment ripe for fraudsters.

Dr. Sarbari Gupta, CEO, Electrosoft, Inc.

Typically, remote identity verification requires the applicant to provide personal information (date of birth, last four digits of their Social Security number, address, etc.) and/or answer a series of questions regarding their personal life history to prove their identity. The latter type of approach is often called “knowledge-based verification” or KBV.

However, with the current state of the public internet and the dark web, personal information is easily accessible. So, it’s not difficult to masquerade as someone else over an online connection to a government service portal by successfully navigating the KBV questions and application forms with the necessary information.

Government is left to balance the need for strong identity proofing for online applicants with the cost, ease of use, accessibility and inclusion of citizens. Here are seven challenges – and possible resolutions – for government.

Challenge #1

Online portals only use KBV techniques to verify the identity claimed by the applicant. Such portals are easy for fraudsters to penetrate.

Resolution

Challenge #2

Online portals require applicants to submit photos of their driver’s license. Firstly, obtaining a fake license is easy. College kids have done this for decades! It’s even easier to falsify an electronic image of a license.

 Resolutions

Challenge #3

For the determined, it’s possible to spoof a live photo or video capture using a well-made mask or using deepfake technologies.

Resolution

Challenge #4

Fraudsters thrive in an environment where benefits applications are submitted and fulfilled rapidly through online mechanisms only.

 Resolution

Challenge #5

Many citizens who need government benefits are from disadvantaged circumstances and may not have a home address, credit history or bank accounts. Applicants may not have access to computers or the ability to operate them. It is very difficult to verify identities of such persons through purely online mechanisms. Yet, government agencies must be inclusive across populations and provide access to all without lowering the security bar.

Resolutions

Challenge #6

Identity verification solutions can be difficult and expensive. Government organizations often implement their own solutions as they stand up and refine their online portals for services.

 Resolutions

Challenge #7

Each government agency that collects, stores and processes personally identifiable information (PII) also has a responsibility to protect that PII and maintain the privacy of applicants. Applicants are frequently unwilling to provide personal information through online portals for fear of privacy compromise.

 Resolutions

The National Institute of Standards and Technology (NIST) Special Publication 800-63 provides guidelines for digital identity authentication systems and is mandatory for federal agencies. The requirements in SP 800-63, if implemented correctly, provide a strong level of defense against online identity fraud.

Whether performed in person or online, identity proofing is a challenging activity. By thinking – and acting – differently in the face of the key challenges outlined above, government agencies can implement strong identity verification mechanisms without compromising accessibility, ease of use and cost-effectiveness for citizens.

Dr. Sarbari Gupta leads one of the fastest-growing government IT services companies in the Washington, D.C. area. Her extensive experience spans software development and professional services in cybersecurity, risk management, privacy and cryptographic solutions. She is a frequent international speaker and has authored over 20 technical papers/presentations. Dr. Gupta has also co-authored multiple NIST Special Publications in Electronic Authentication, Security Configuration Management and Mobile Credentials. Dr. Gupta holds four patents in cryptography.

Exit mobile version