Pandemic response watchdogs urge agencies to focus on ID theft

The federal government needs to take action to address identity fraud as it continues to grapple with criminals' use of stolen information and synthetic identities to target the over $5 trillion in pandemic relief efforts, inspectors general told lawmakers during a Tuesday hearing.

"Prevention and detection of identity theft should be among the highest priorities of federal agencies," said Michael Horowitz, the chair of a body of inspectors general created to oversee the government's pandemic response called the Pandemic Response Accountability Committee (PRAC).

The exact amount of government funds lost to identity theft during the pandemic isn't yet known, but as of April 2022, the PRAC has tracked over 241 indictments and over 110 convictions related to identity fraud in pandemic programs, according to a new report from the group released Monday.

The Federal Trade Commission reported a nearly 3,000% increase in reports of stolen identities used to apply for government documents and benefits in 2020 alone. 

"We're now in the digital age, and what we saw at the executive branch level and at the local level is so many entities were not ready for a digital age problem that arose -- people could not show up to pick up their benefits," said Horowitz.

Rep. Bill Foster (D-Ill.) asked witnesses if his Improving Digital Identity legislation—meant to spur the government to develop secure methods to validate identity attributes and work toward secure state systems for digital identity verification, likely through mobile drivers licenses, he said—would be helpful. 

President Joe Biden said at the State of the Union in March that he plans to issue an executive order on identity theft, although that's yet to be released. The White House at the time said it would have "broad governmentwide directives'' and new actions to help victims. 

"Anytime you put in an extra level of identification, … it's going to eliminate some fraud," said Roy Dotson, the Secret Service's national pandemic fraud recovery coordinator.

"The single best thing the Biden Administration can do in its forthcoming identity theft executive order is to focus on giving Americans tools that they can use to protect themselves from identity thieves," Jeremy Grant, managing director of technology business strategy at Venable LLP coordinator of the Better Identity Coalition, a trade group focusing on digital authentication policy.

Horowitz told Foster that agencies also need to make sure they're doing the basics like cross checking data so that one person can't get benefits in multiple states. 

Several witnesses said that some programs, including those at the Small Business Administration like its Paycheck Protection Program, simply had lower fraud controls. 

"For several programs… the speed overrode any controls whatsoever. Having simply a situation where you required self certification and nothing more is an invitation to fraudsters to come in and try and obtain benefits that they should not otherwise get," said Horowitz.

Kevin Chambers, director of COVID-19 fraud enforcement at the Department of Justice, told lawmakers that data management is highly federated across states, creating challenges for federal authorities looking to use benefits data in fraud cases.

"Standardization of the data would be incredibly helpful for the purpose of our work in identifying where fraud has occurred," he said. "We need to have a way to analyze that data without wasting months or years cleaning it up."