WHITE PAPER
Leverage identity verification for faster benefits delivery
In today's world, in which efficiency and security are paramount, the mission of government agencies is to deliver benefits swiftly while ensuring robust fraud prevention. Yet, ensuring the correct individuals receive the benefits to which they are entitled is no easy task, especially without the right strategic and technological solutions.
This white paper looks at how a comprehensive identity verification strategy can enhance trust and client experience while expediting the delivery of benefits. Additionally, it examines the use of advanced screening tools across different application methods, including fully digital, paper-based, and mixed-method intakes.
Part 1
The importance of identity verification
Identity verification is essential to disburse benefits to the rightful recipients. Agencies can mitigate fraud and streamline the application process by verifying various identity facets, such as personal information and physical identity documents. This section will discuss the importance of a secure and efficient submission process that seeks to improve existing practices for both agencies and applicants.
Government agencies provide benefits and services to people who apply for them in various ways, including in person, by mail, and, increasingly, by filling out applications via an online account-based portal. In this case, identity verification centers on knowing that the person who applies is the person — or a trusted helper — seeking to qualify for the service or benefit and, by implication, the person who will receive those benefits after the verification and qualification stages are completed.
Not surprisingly, this process made detecting fraud attempts or misuse of identity credentials much more painstaking and rife with error. Often, agencies couldn’t detect fraud until after the benefit was paid. However, if applied correctly, today’s identity screening tools can prevent problems, thus saving time and resources for staff while potentially diminishing wait times for applicants.
Consider the example of the Supplemental Nutrition Assistance Program (SNAP). Every U.S. state now delivers SNAP benefits electronically with a card or a phone app. Intake, however, is a different matter.
States and some localities perform the intake of new applicants in a variety of ways. There are three typical methods of submitting a SNAP application: entirely on a digital platform, a paper application filled out in person or by mail, or a mixed process in which an initial application might be made online and then identity documents presented later in person. Each one of these methods presents challenges for the screening agency. A streamlined approach, however, can do more than catch fraudulent applications — if broadly implemented, it can prevent them.
Let’s delve into each of these methods more fully.
Digital applications
Digital applications for benefits can be reviewed for identity purposes in three phases. In Phase 1, the agency must determine whether a human or a bot submitted the application. It’s here where newer screening tools are vital to the basic functioning of a modern electronic filing or intake system, as digital platforms have essentially created a new form of agency-level risk, even while they provide a much more efficient processing method overall. The most likely form of automated fraud agencies and institutions will encounter in digital applications is new account fraud. Some means of auto-detection should be present so that bot-generated applications are removed immediately.
All other applications then move forward to Phase 2. Here, the submitted information must be verified. First and foremost, does the applicant exist? That is, can their identity be located in existing databases using traditional identity markers such as first name, last name, and address? If their identity cannot be thus verified, the application should be set aside, as it may be a synthetic identity or a wholly fake person.
Caution in these early phases is warranted. If not well-categorized, initial screening rejections in Phase 1 might also contain applications that fall short of validation checks for non-fraudulent reasons. These aren’t artificial identities in origin, but it may be that the applications are incomplete or do not conform to predefined expected responses and syntax. Some means of distinguishing these two situations should be present. That’s why it’s important that screening tools be customized for each agency’s needs and core mission, especially when fine-tuning for this distinction. Not all agencies balance the risk of underservice and the risk of fraud in the same way.
In Phase 2, where bot activity is already filtered out, sequestering cases that have the characteristics of a fake or synthetic identity can be flagged. Again, without fine-tuning, the screening tools will invariably catch cases with errors or incompleteness that aren’t fraudulent. An agency’s flagging process should be driven by its business rules and risk profile.
A newly enhanced manner of engaging in fraud, synthetic identities can be detected in Phase 2. These fraudulent attempts at creating an identity are usually built from stolen points of identification and supporting documents that may be genuine. Synthetic identities may be used for various reasons, only one of which is to access financial resources, but the manner of deception is similar across use cases. Any public-facing agency can encounter this kind of fraud, so screening at this stage is vital. In the case of a SNAP applicant, for example, the goal likely is to obtain funds fraudulently.
In Phase 3, an agency typically wants more significant interaction with the applicant before approving benefits, either through a phone call, an in-person visit, or a video conference. Some agencies use a Phase 4, where they apply biometrics to compare submitted identity documents with in-person, selfie, or video presence.
The purpose of Phases 3 and 4 is to authenticate the applicant — to make sure that the person who will receive the service or benefit is, in fact, the real person who has applied and has the credentials to support their application. These phases are closest to the traditional, pre-digital screening and evaluation practices, despite the introduction of biometric tools in authentication.
Another benefit for overburdened government agencies is that these newer screening tools can handle applications at high volumes and set aside incomplete or bot-authored ones. However, agency workers must consider the meaning behind the different reasons applications may not pass initial screenings, based on their experiences with their client base and core mission, and incorporate such learnings into the agency identity business rules and risk profile.
Paper documents
These applications and their accompanying documents are the traditional manner of submitting a petition for benefits. For many reasons, not every applicant — or even every agency — can move forward in the process completely online. Most agencies use both digital platforms and paper intake of applications and documents.
Between agencies and institutions with different core missions, there is variation in the required personal information initially asked of applicants. Thus, any tool adopted to automate screening should be one with the flexibility that enables agencies to customize criteria for the reasonable completeness of each phase.
Indeed, each agency's traditional paper document review may have had an advantage in this regard that should be appreciated. When building a new, more automated, and quicker system, it should retain the benefits of your agency’s specific good practices while evaluating documents more efficiently, like the SNAP Fraud Framework.
As in our SNAP example, paper applications typically require identifying document information such as driver’s licenses or state-issued IDs, and often, having agency staff manually input or scan such items into a screening and search program remains necessary. One common pain point that can appear here is the honest mistake by the applicant in writing down or properly identifying which sequences of numbers on a card are the correct ID numbers to submit. In addition, illegibility from either the applicant or agency staff — or staff’s inevitable errors in manual transcription or data input — can cause similar problems.
As with electronic submissions, the agency certainly does not want any system of processing to confuse these common errors with fraudulent intent. To the extent that currently unverifiable applications can be moved aside into special handling, processing the remaining applications will be more streamlined. In this way, integrated database portals can help intake staff process complete and incomplete applications more efficiently.
Mixed-method submissions
Some agencies facilitate applications with both components — an initial registration online by the applicant with minimal information, followed by a paper or manual intake process, which binds together a case combining Phase 2 and later phases.
Further, several factors might support an agency maintaining a mixed-method application process, including:
- Applicants who lack regular access to and familiarity with digital platforms
- Agency budget constraints on technology adoption and retraining
- Continuing legal requirements for paper records and real-ink signatures, whether for good reasons or simply due to inertia
- The need for qualitative or “high-touch” interactions between applicants and service or benefit providers to determine qualification
- A vital need for a non-electronic backup system in case of cyberattack, mass data loss, or natural disasters that can knock systems offline
Agencies should consider in advance how much of an impediment the loss of applicants’ digital data would be. Does the agency have adequate off-site data backup to serve its client applicants in the event of a breach? Does a fully digital system meet all local, state, and federal legal requirements? Do potential applicants typically have good access to digital platforms? Has the agency created high-level protections for the data it gathers from applicants?
For example, the SNAP program partners state-level administrative agencies with a federal oversight agency, the U.S. Department of Agriculture (USDA), which has certain requirements that state agencies must meet. While the USDA requires that certain advancements be made by state agencies, like accepting some form of electronic signature from applicants, other decisions are left in state agency hands. However, regulation and oversight changes periodically, and there’s no reason to expect that the administration of nutrition benefits will become less electronically based over time.
Tools that provide agencies with enhanced screening and verification should be flexible enough to grow as federal oversight — or greater flexibility for the states — does. As it stands now, the USDA recognizes that advanced screening tools are increasingly likely to be adopted by state agencies and it provides guidelines for decision-making about them.
Even if an agency that does intake for nutrition assistance benefits is currently dependent on a primarily paper and in-person process, identity verification and validation can still be enhanced with access to a tool that combines many data sources into one portal. Staff can search for applicants’ past and present addresses, employment and benefits history, and other information in one step rather than many.
Part 2
There are challenges that characterize every method used
Regardless of location, government agencies face numerous challenges in processing applications, whether they are submitted digitally, on paper, or through mixed methods. This section will outline these challenges and propose solutions to enhance both efficiency and security across all submission types. It will also look at how automated systems and innovative solutions can aid agencies in confirming identities, no matter which application method they use.
How can agencies keep up?
Agencies that quickly transitioned over the last decade to a digital-platform application option for SNAP petitioners, like New York City, now have electronic submissions accounting for more than 90% of applications. At the same time, electronic submission methods increased the number of applicants after these changes were made in 2015. Timeliness — the USDA’s measure of how many cases were processed within 30 days — increased until the fiscal year 2020, when the COVID-19 pandemic caused a rapid rise in eligible applicants. Wait times increased substantially, with the timeliness measure dropping from more than three-quarters of applications being processed within 30 days in 2020 to less than 40% in 2023. Fortunately, the timeliness level is now increasing again.
The lesson here is that even agencies eager to adopt electronic submission methods will run up against real-world conditions that either temporarily or permanently change the game. Due to changes in needs, the rise in cases from more user-friendly approaches, evolving fraud techniques, and new state and federal requirements, agency leaders should consider partnering with vendors who provide electronic enhancements. These tools can help their staff adapt and keep pace with these dynamic conditions.
Indeed, a streamlined submission process is crucial for reducing complexity and enhancing the customer experience. Digital applications and an improved onboarding process lessen the burden on applicants and staff while decreasing automated fraud.
How newer tools and approaches can work to verify client identities
Traditional practices often focus on detecting post-occurrence fraud — detecting improper use that has already occurred and stifling access to the illicit user. However, by preventing and deterring fraud at the outset, agencies can circumvent the need for extensive post-fraud investigations. In fact, leveraging technology earlier in the process can result in better outcomes that save time and money.
Trusted guardians of digital data — those professionals in government, education, and corporate enterprises who collect data from the public — have begun to decisively move away from single-solution cybersecurity. The days of relying on passwords, or even passwords and two-factor authentication, are behind us, and newer, multifaceted approaches to access authorization are gaining strength.
Newer digital screening tools take a preventive approach to fraud and digital impersonation by offering comprehensive identity verification solutions that use some combination of five authentication factors:
- Knowledge
- Possession
- Inherence
- Location
- Behavior
When an individual approaches an agency for the first time and wants to create an application or account, these five factors can be used to make it more likely that the applicant is both real — not a bot nor a synthetic identity — and is also the person they claim to be.
The first of these factors is knowledge, something the individual would know, such as a piece of personal identifying information. This part of the applicant submission process is probably the most familiar. Agencies ask for legal names, addresses, and information from identity documents like driver’s license numbers, Social Security numbers, student IDs, health insurance numbers, etc. When identifying information is submitted through a form on a digital platform, advanced tools can swiftly filter the information. They can detect discrepancies where the entered data does not align with existing database records or where personal identifying information within a single application is inconsistent, such as a Social Security number submitted under a different name.
In many cases, these flagged applications will simply contain non-fraudulent errors and can be bounced back to the applicant for correction. However, this step on a digital platform can block and deter a lot of illicit bot-generated activity, saving agency workers a great deal of time down the road.
When the agency receives a paper application, these same intelligent data search tools can be used by manually entering the case. Although this takes more time, it nonetheless leverages the same large repository of publicly available documents and can confirm the knowledge that the applicant has about themselves.
Knowledge approaches are how agencies traditionally qualify applicants for benefits or access. In recent years, however, other interaction elements have become important markers of authenticity. The second one, recent in origin but familiar to many in the form of two-factor authentication, is possession, something the individual has. This factor includes identifying the digital device the applicant is using — such as a cell phone or computer — and browser identification, then ensuring that these items are not on a list of known fraudulent devices or coming from high-fraud locations.
Legitimate applicants from high-fraud locations can still successfully apply, of course, but their cases may be moved to other forms of verification. These tools can also create an association between the application and an individual’s portfolio of electronic access methods as a form of digital-use identity footprint.
Possession factors are also more than your device. Government IDs like driver’s licenses and passports are also common possession factors; they’re something you have that only you should possess.
The third element of comprehensive identity authentication is inherence, something that is unique to the individual. This factor would include fingerprint scanning, retinal scans, voice recognition, and facial comparison or age verification.
The fourth factor is location, somewhere the individual is. Intelligent tools can detect a digital applicant’s geolocation and what networks they are using. This process includes identifying IP locations, city and country of origin, and use of various networks — while matching all that against blacklists and illicit networks. Agency staff can use their local knowledge to identify legitimate, often-repeated third-party locations such as libraries and social service organizations and then focus on the rest for further scrutiny.
Finally, there have been significant innovations in the field of behavioral biometrics, making the fifth factor in an electronic application process behavior, something an individual does. When we interact with intelligent machines, our unique patterns emerge: how fast we type, our preference for copying and pasting or using frequent keyboard shortcuts, our tendency to enter data quickly with frequent corrections or slowly and methodically, and our browsing patterns.
Using these multiple screening methods the first time an applicant makes contact can significantly improve security and prevent fraud. However, great caution must be taken with the data collected this way — in the same way that collected medical data should be subject to extra safeguarding. Much of this personal identifying information, especially behavioral biometric markers, is intelligence about individuals. Collecting and recording that data then imposes an ethical obligation on the government agency to ensure that the data is not subject to any breach during a cyberattack or accessible to outside commercial interests.
Now is the time to adopt intelligent screening tools
Implementing a thorough identity verification strategy allows government agencies to enhance trust and improve the experience for those applicants who need their services the most. This approach not only speeds up the delivery of benefits but also fortifies the system's integrity, ensuring that aid reaches those genuinely in need in a timely fashion.
Government agencies’ transition to digital applications has produced benefits for both applicants and agencies, but the emergence of fraud using digital means has not been far behind. Intelligent screening and search tools can work with agencies using digital portals, paper applications, and mixed-method submissions if these tools are flexible enough to respond to circumstantial and technological changes.
The pandemic, a sequence of natural disasters, or even regulatory changes have shown agencies where their pain points and bottlenecks may occur. Newer tools, as they become available, can be incorporated with agency-specific custom designs to meet the needs of agency workers as they try to serve the public at large.
You can learn more about how Thomson Reuters solutions can prevent identity fraud for all the application types that your agency handles and how we can transform your identity verification processes.
Thomson Reuters is not a consumer reporting agency and none of its services or the data contained therein constitute a “consumer report” as such term is defined in the Federal Fair Credit Reporting Act (FCRA), 15 U.S.C. sec. 1681 et seq. The data provided to you may not be used as a factor in consumer debt collection decisioning; establishing a consumer’s eligibility for credit, insurance, employment, government benefits, or housing; or for any other purpose authorized under the FCRA. By accessing one of our services, you agree not to use the service or data for any purpose authorized under the FCRA or in relation to taking an adverse action relating to a consumer application.
Protect your agency with streamlined identity verification solutions to authenticate individuals and evaluate risk in seconds