The COVID-19 pandemic displaced massive numbers of workers due to jobs being eliminated or paused as organizations navigated the impacts of this crisis. In turn, the country faced an unprecedented increase in unemployment benefit claims. State and federal agencies were overwhelmed by the volume of claims, which opened new opportunities for both foreign and domestic criminals to take advantage of the system. To protect its citizens and resources, the Arizona Department of Economic Security (DES) forged partnerships to provide benefits to eligible individuals while protecting taxpayers and combating fraud, resulting in billions of dollars of savings for the state.
The March 2020 CARES Act included authorization of the Pandemic Unemployment Assistance (PUA) program, which not only covered traditional workers, but also expanded the pool of workers eligible for unemployment benefits. This included self-employed, gig, and other independent contract workers who were unable to work due to COVID-19 related reasons but who would not traditionally be eligible for Unemployment Assistance. To apply for PUA, applicants only needed to submit a name, date of birth, address, and Social Security Number, and to self-report their employment status as being unemployed due to COVID-19.
The convenience of applying for PUA invited significant danger. As a result of previous corporate data breaches, the required personally identifiable information was already readily available on the dark web. This made it easy for fraudsters to apply using someone else’s information and falsely claim unemployment benefits. The impact of creating such an attractive target was immediately obvious: The FTC’s 2020 Consumer Sentinel Network report disclosed a 2,918 percent increase in identity theft related to government benefits. As early as May 2020, mass unemployment fraud orchestrated by Nigerian cybercrime organization “Scattered Canary” reportedly siphoned hundreds of millions of dollars from the state of Washington.
The surge in fraudulent claims was not only financially damaging, but also placed additional strain on state agencies’ already limited resources. Between May and October 2020, the Arizona Unemployment Insurance Dashboard reported an over 640 percent increase in initial PUA applications.
To simultaneously combat fraud and sustain critical services, the Arizona DES cultivated several public-private partnerships. DES enlisted Google’s fraud analytics team to analyze the millions of claims it had received. Based on the analysis, Google’s team estimated that the vast majority of the claims were fraud, many the result of identity theft.
In September 2020, DES partnered with ID.me to implement a system for identifying legitimate claimants among the deluge of false applications. The state implemented its new identity verification system for high-risk claims in September, and expanded the program to all new and existing PUA claims by early December 2020. The system contributed to a dramatic reduction in the number of PUA claims, from over 570,000 per week in October to 6,700 per week just six weeks later—a 98.8 percent decrease in new claims.
Thanks to the reduction of fraudulent claims, DES staff was able to devote their attention to assisting legitimate claimants and delivering benefits in a timely manner. DES Director Michael Wisehart estimates that their partnerships helped save the state of Arizona over $75 billion in fraudulent payouts. Protecting Arizona’s money and resources meant that the state could not only effectively handle PUA benefits through the program’s conclusion in September 2021, but it is now prepared to handle identity verification for future programs with ease.
To learn more about how the Arizona Department of Economic Security countered fraud and protected Arizona citizens, read the case study here.