As the federal government tries to grapple with just how much money was lost to fraud during the height of the COVID-19 pandemic, industry leaders believe advances in identity verification and biometrics technology and data protection could prevent it from happening again in the future.
The House Committee on Small Businesses hosted a hearing Wednesday morning with private-sector leaders to discuss recovering stolen pandemic loan funds and establishing safeguards against digital fraud in the event of another national emergency.
While the amount of money lost to fraudulent actors is contested — argued to be a range of amounts up to $36 billion and more than $400 billion — committee members looked to identity verification and biometrics technology that agencies like the Small Business Administration used that were not effective during the pandemic, as well as how bad actors used stolen information to commit fraud.
Industry leaders offered solutions to fight digital fraud, which included presentation attack detection (PAD), to defend against those trying to enter online platforms with masks or computer-generated images that try to trick biometric verification processes. Other witnesses spoke to the data that was stolen and used in order to steal the identities of other small businesses.
“I want to show you the actual log-ins that our vendors accepted as real people,” Rep. Aaron Bean, R-Fla., said during the meeting, displaying various pictures of dolls that were used for biometric verification in order to acquire government loans meant for small businesses.
ID.me, an online platform to help prevent fraud and abuse, uses software to detect false presentations in biometric verification. Such technology could be used in the future in order to prevent fraudulent behavior, but it wasn’t employed throughout the pandemic to assist in protecting small business funds.
J.T. Taylor, senior director of fraud investigations and operations at ID.me, identified the images that Bean presented as “masks” that were able to get through online platforms to commit fraud. Taylor stated that through biometric verification software ID.me uses, this could have been prevented and has been used to detect fraud.
“We stopped these at the gate and you can see [those committing fraud] got through various platforms,” Taylor said in an interview. “The way that it does that is it’s looking for depth cues as well as pixelation. That [PAD] is a software, and then we run that in the verification platform servers.”
While biometric verification has been offered as support for agencies that are trying to defend against fraud, Linda Miller, founder and CEO of Audient Group, said that stolen information was used most widely to commit fraud.
“It’s important to note that identity theft plays a role in loan fraud, but it was not the largest driver of fraud,” Miller said during the hearing. “Front-end identity verification technology including remote biometrics is but one tool in [Small Business Administration’s] toolset, and it is by no means a panacea,”
Miller reported that those who successfully committed fraud created “shell companies” that used information stolen from other small businesses in order to apply for loans, a process that is only uncovered through conducting “due diligence” on the information from the loan applications. She said the Small Business Administration now has safeguards in order to prevent from this level of fraud occurring again.
“They now require tax transcripts of loan applicants, they use vendor information to verify a bank account and they flag certain…prefixes, none of which was done during the start of the pandemic,” Miller said.