Massive pandemic relief fraud has Congress eyeing digital IDs

When the US government began offering financial aid to Americans struggling to cope with a pandemic-fueled economic collapse in 2020, the Department of Treasury and the Federal Bureau of Investigation urged Americans to be ever more vigilant about their personal information. COVID-19 scams seemed to be everywhere, and for government agencies, it became difficult to ensure that all the money it was sending out actually made it to the citizens most in need of aid—and not into the hands of bad actors.

It’s now estimated that hundreds of billions in COVID relief funds were stolen, Bloomberg reported, with no way of knowing the true cost of the losses.

It has perhaps never been clearer to the federal government how impactful it could be during times of emergency to already have trusted nationwide digital identification verification systems in place.

Unfortunately, that’s not where COVID-19 found America. Last year, McKinsey conducted an analysis of 12 countries, including the US, that provided COVID-19 aid. It found that the countries that were most successful in distributing aid to the right people were the ones that had already invested in digitizing financial infrastructure, including “the presence of a basic digital identification system with broad population coverage.” Countries like Singapore and India cover more than 80 percent of their populations with such a system; the US population coverage with digital IDs was around 70 percent in 2021.

Partly reacting to the pandemic, the US has slowly begun to ramp up that coverage so that more Americans have digital IDs. McKinsey reports that this will make it easier to provide financial aid more effectively and quickly in the future. But it also unlocks potential opportunities to provide Americans with more privacy and security than traditional IDs typically give.

For example, a driver’s license, which has become the default ID for most people in the country, has a vulnerable combination of sensitive information printed right on it: name, date of birth, and address. With digital IDs, the theory is that Americans can better protect sensitive information by relying on a QR code to share only the information needed for a transaction to be verified. This would limit the data collected by third parties that can then be seized by bad actors through data breaches—breaches that, without intervention, are predicted to cost the world $5 trillion by 2024, the United Nations reported.

In a truly digitized society, an ideal identity verification process might include none of those traditional ID features that many Americans associate with identity theft and other fraudulent activity. Socure, a leading global digital ID verification and fraud prevention platform, has helped many countries update systems and is now in talks with the US.

Socure’s Vice President of Compliance Debra Geister told Ars that the platform has been helping US regulators understand that beyond names, social security numbers, addresses, and birthdays, “there are a whole host of flavors” to identify Americans digitally, including IP addresses, mobile devices, and biometrics. Geister said that by consulting with fintech platforms like Socure, the US government can take advantage of private sector insights and inch closer to understanding how to mix all those flavors together to accurately verify “that the identity actually belongs to the person.”

The vision of the future being sold today is of a metaverse where people can travel back and forth, making transactions in virtual worlds and the real one. But experts say the only way this future will work is if people can trust that the avatars they meet online are who they say they are. That trust will depend on technologically advanced digital identity verification, Forbes Business Council reported, “adding a measure of safety, security, and privacy controls.” The same level of confidence in digital identity verification could exist for the public sector in the real world by relying on the same technology—if regulators can keep up, Geister said.

“As technology advances, we can't rely on old-school methods,” Geister told Ars.

What having a seamless digital identity looks like

Part of the US’s embrace of digital identity has already begun in the most basic way imaginable—with states launching digitized driver’s licenses. However, Bloomberg Law pointed out that nationwide adoption will depend on states “coalescing around a common standard for how the identification cards are built and used.” To get the whole country on board with digitizing identity, the federal government will likely benefit not just from states digitizing IDs but also from private sector financial technologies increasing the adoption of digitized identity verification.

One example is found in the increasingly popular forms of digital wallets. These can transform people's phone or watch into their ID so they can leave their real wallets with all their IDs and credit cards safely stored at home. The more that people get used to this easy way of providing ID, the more they will crave the same ease in all ID verification, whether it’s in the public or private sector, the thinking goes.

Evolving digital identity verification was a big trend discussed this October at the Las Vegas conference Money 20/20, where banks, major financial services technologies, nascent platforms, investors, and customers all gathered to discuss what’s most needed next in fintech innovation. As a featured speaker, JPMorgan Chase’s global head of payments, Takis Georgakopoulos, told hundreds of conference-goers why monitoring spiking consumer demand for a more seamless digital identity drove the bank to new investments this year.

“You see much more people wanting to own their digital identity across multiple different platforms, be able to use it in the way they like, and be able to interact with the platform, both online and offline, in the way that they choose, with a wallet that they choose, and currencies that will become, over time, interoperable between the real and the virtual world,” Georgakopoulos said. This and other key trends “drive a lot of our investments,” he said.

One of those investments earlier this year was in VW Pay, a digital wallet initially created for Volkswagen cars. Adit Gadgil, JPMorgan’s global co-head of technology, media, and telecommunications, told Ars that the car-based wallet solution would have remained a captive fintech system within VW, but now, JPMorgan can spin it out to be available to a wide range of car makers globally. Gadgil said that as the Internet of Things advances, the futuristic view that JPMorgan takes is one where you can pull up to a McDonald’s and pay for your food with your car or head to a gas station with pumps that detect and accept payment directly from your vehicle.

“You step out of a car, you fuel up, and off you go—you don't have to worry about the payment experience,” Gadgil told Ars. Comparing it to the marvel of Uber when it first launched and seemed to make a ride to anywhere appear out of thin air, Gadgil said that car-based wallets offer “a magical, delightful, seamless payment experience.”

It’s not just banks interested in digital identity. Chief compliance officer for the cryptocurrency exchange network Coinbase, Melissa Strait, told Money 20/20 attendees that she was also very excited about new ways that digital identity can be verified through blockchain technology initially developed to support cryptocurrency transactions.

“We can have a trustless identity, where I can know that you are a trusted party not because I know your name and your date of birth and things like that but because of the attributes you carry with you,” Strait said.

For JPMorgan, those attributes look like a mobile device or a car—or even less visible wearables that make it so that people won’t even need to carry an item to be recognized during legitimate financial transactions. “In China, they call it ‘you pay with a smile,’” Georgakopoulos said.

Challenges slowing down regulators

Although data breaches and fraud were major concerns for consumers who were shopping online in record numbers during the height of the pandemic, Strait said the growth in decentralized finance platforms in the past few years led the US government to primarily focus on anti-money laundering regulations. This, Strait said, provides challenges to traditional law enforcement investigations, which depend on knowing identifying information in order to issue subpoenas and file cases against bad actors. By taking away traditional IDs, the government has to rethink a cascade of legal processes defined by knowing names, addresses, and dates of birth of people involved in financial transactions.

“If you're removing that tool in their toolkit, that really starts to be a bit of a reframing in the way that they do their work,” Strait told conference-goers.

However, Geister told Ars she has found that US regulators also want to be able to provide aid securely and diminish fraud. It’s still very early days for regulators tackling these issues, and Geister said that to ease regulators into the future, her goal is “to help them understand the scope of what's possible” to secure an identity.

But what seems so exciting about digital IDs for fintech businesses like Socure, Coinbase, and JPMorgan appears less comfortable to regulators, Geister said. In her work, regulators aren’t even comfortable with a person's device pre-filling forms to add identifying information—a convenience Geister said consumers love.

“The regulators right now are saying, ‘No, anything that is not the consumer putting in their information is not acceptable,’" Geister said. However, lately, she sees regulators shifting course on that line of thinking and considering new ways to protect a person’s identifying information. Congress is even currently weighing a new law called the Improving Digital Identity Act, which would create a government-wide task force “to develop secure methods for governmental agencies to validate identity attributes to protect the privacy and security of individuals and support reliable, interoperable digital identity verification in the public and private sectors.”

As more people seek ways to verify their identities online and offline, for business and for government use, Geister expects that catching regulators up to financial services platforms will continue to be slow and steady.

“You think about government payments or aid programs—they don't want to stop them,” Geister told Ars. “But at the same time, that leaves them open to fraud. So I think that they're going to have to solve these problems a few at a time. I don't see them taking a massive leap.”

Source