What Groundhog Day can teach us about tax evasion

Groundhog Day is one of those quirky bits of Americana that add richness and flavor to life. Everyone likes Groundhog Day.  It’s a fun, light-hearted way to cope with the cold, dark days of winter.

Taxes, on the other hand, are not so fun and light-hearted. Mention the word “taxes” to someone you meet on the street, and the universal reaction is negative.  No one likes taxes.

Oddly enough, Groundhog Day and taxes have a hidden connection – one that can teach us about analytics. Let me explain.

This morning, I took my two daughters – Maggie and Kate – to the neighboring town of Malverne, NY. Malverne is the home of Mel the Groundhog.  Every February 2, Mel dutifully wakes up and checks the weather.  The entire town awaits his prediction.  Today, to the delight of my girls and the entire crowd, Malverne Mel did not see his shadow – thus heralding an early spring.

Watching Mel look for his shadow, I was reminded of one of the bedrock principles of taxation – nexus. Don’t worry… I promise not to torture you with legal mumbo-jumbo.  In simple terms, “nexus” is whether a person or business has a sufficient presence to be taxed.

Consider the fictional example of the XYZ Corporation and the state of California. If XYZ Corp has an office or plant in California, the question is easy – the state can levy a tax.  What happens, though, if XYZ Corp has no physical location, but instead it has employees who live in Arizona and travel into California on a regular basis?  Or the company sends delivery trucks into California?  There are many complex ways in which businesses work, so the issue of taxability – or nexus – can be convoluted.

“So wait a minute,” you are probably saying. How in the world did you get from Mel the Groundhog to tax nexus?  Therein lies the hidden connection.

Combine Groundhog Day with nexus and you get the concept of “Groundhog Nexus”. What is it?  It’s an aggressive philosophy that says, “If you so much as cast your shadow in my state, I’m gonna tax you.”  I first learned of Groundhog Nexus over 20 years ago from Bernie Johnson, the former head of tax compliance for the Ohio Department of Taxation.

This tough and aggressive philosophy sounds great in theory. But it is hard to enforce.  In practice, finding businesses that “cast their shadow” but are not paying taxes is hard to do.  Governments struggle to enforce tax laws in this gray area.

Innovative tax administrators are turning to analytics to solve this challenge. Kentucky is using analytics to adopt Groundhog Nexus.  So are states like Iowa, Louisiana, and South Carolina.  Even the IRS is turning to analytics, with great success.

Analytics help by scouring data from multiple sources to find businesses that have economic activity in a jurisdiction. The old way of doing this work was through simple matching – which resulted in lots of work for little return.  Now, analytics are adding richness to the compliance process, giving compliance staff the ability to rank and predict who is most likely non-compliant and who is most likely to pay.  Analytics provides better leads with less work – that’s a winning combination.

So, Groundhog Day is inextricably linked to tax evasion. It might sound like a campy Bill Murray movie.  But, it’s really a story about how clever and innovative tax administrators can harness the power of analytics to stop tax cheats.

Post a Comment

CNBC highlights promise of analytics in child protective services

Screenshot from CNBC piece “Can life as a data point save America’s at-risk children?

Screenshot from CNBC piece “Can life as a data point save America’s at-risk children?

“What keeps you awake at night?” my colleague asked me. At the time, I was a child protective services administrator responsible for thousands of at risk children on any given day.   While there were many things that weighed on my mind, worker turnover created many sleepless nights, and days filled with anxiety and fear.

I was reminded of these fears when I watched the recent CNBC segment, Can life as a data point save America’s at-risk children?

When I was an administrator, of all the things that impacted quality work, workforce stability was perhaps the biggest driver of quality outcomes. I would quickly see a direct correlation between workforce stability, case load size, performance outcomes, financial performance, and client satisfaction.   When worker retention was high, so was performance. When worker retention worsened, so did performance. Worker turnover was created by many things with a general understanding that turnover attributed to more turnover.

Formal and informal stay and exit interviews provided some insight including:

  • Too much paperwork
  • Taking time off only added to work load upon return
  • Not making enough impact
  • Limited technology and tools needed to perform the job

Recent child protective services work allocation studies have shown that 35-45% of a case worker's time is spent doing administrative duties and that less than 25% of a case worker's time is spent conducting client facing activities.   Technology can help flip those numbers, but I used to encounter a reluctance to embrace innovations that could impact the workforce and the children being served. As someone that has been in the trenches and led large child protective services operations, I truly believe in the power of analytics to support informed decision making that will help improve child welfare outcomes and save lives.

Implementing an operational analytic solution in a state and/or county child welfare system can actually impact worker efficiency and effectiveness by:

  • Eliminating worker bias and need for fidelity monitoring.
  • Allowing for a more accurate assessment of risk as opposed to many current actuarial models.
  • Decreasing time spent on administrative tasks and increasing percentage of time on client facing activities.
  • Helping workers prioritize case related tasks.
  • Providing caseworkers with better information to help inform decision making on behalf of kids.
  • Allowing for an ongoing assessment of risk and safety based on real time or daily data feeds rather than at specific intervals throughout the life of a case (a lot can happen on a case between home visits)
  • Helping inform inexperienced workers on risk levels and what factors attributed to risk to help inform placement and service related decisions.
  • Truly impacting the ability of a caseworker to have critical case related information available at their fingertips.

In addition, an analytic solution will not increase racial disparity or negatively impact the ability for community organizations to serve at risk children. I have yet to see an analytic model where race and/or ethnicity is a stand-alone or weighted risk factor when determining risk of re-maltreatment. As this Chronicle for Social Change article indicates, it could actually reduce the chance of a low-income household being unfairly characterized as high risk.

In a recent White Paper titled, “A Path Forward: Policy Options For Protecting Children From Child Abuse and Neglect Fatalities”, released by The Commission to Eliminate Child Abuse and Neglect Fatalities, an initial finding was that:

There is insufficient knowledge about the circumstances of child abuse and neglect fatalities and few proven strategies to prevent child abuse and neglect fatalities”. The report goes on to say, Although thousands of children die because of abuse or neglect in the U.S. in a given year, unfortunately not much is known about the circumstances of these fatalities. Even less is known about which strategies have been proven to prevent child abuse and neglect fatalities. There is a clear need for a national research agenda on preventing child abuse and neglect fatalities. In addition, there are steps policymakers can take to maximize what we know from existing data.”

The reality is that, as an industry, child protective services has continued to do things the same way for a long time and expect different outcomes. Innovation is a great catch phrase, but often moves at a snail’s pace due to fear of change. Given the fact that the industry is data rich, but analysis poor, now is the time for administrators and policy makers to lean on the power of analytics in an effort to do things differently and expect different and improved outcomes.

The LA County analysis highlighted in the CNBC piece shows the very real promise of analytics to alleviate case worker burden and improve child safety. To borrow the commission’s phrase, this is a “path forward”, technologically. I believe this is just the beginning of the use of analytics in child welfare. Much will be learned along the way, I’m sure, and I welcome your comments on the promise, and perils, of these developments.

Post a Comment

Hey, government of [insert state], where's your Center of Analytics?

Imagine trying to make the right decision for a child in protective custody if your information was limited only to what was reported to your department about a single incident. Without additional information about the child’s home environment, health and education, criminal background of adults in the child’s life, and prior referrals, a case worker would be challenged to take informed action.

The NASCIO 2015 State CIO Survey lists "Managing Data as a Strategic Asset" as one of the top of mind issues for state CIOs. So what's the best approach to bringing critical information together to make it a true, strategic asset? A Center of Analytics.

It's never been more important to create such a center. Government collects information about everything - birth and death records, transportation statistics, accounting, payments, incomes, taxes, business ownership, economic indicators, population growth, health data, food inspections and on and on.

And now with the explosion of technology even more data is being created through our cars, phones, shopping and interactions on the internet. Government, like the private sector, must be able to identify relevant and meaningful data, ensure the quality and reliability of that data, and find ways to use that data to addresses its key business challenges.

As a result, many government organizations are creating strategic positions like Chief Data Officer or Chief Analytics Officer to focus their enterprise data sharing and analytics efforts. Other government entities are establishing enterprise data offices and enterprise analytics programs. These positions and organizations can guide government in setting strategic vision, creating policy and procedure and implementing effective data management and analytic solutions.

Ideally, these efforts would culminate in a Center of Analytics. Why? For one reason, to avoid creating the same type of siloes in our analytics solutions that government has created in transaction and operational systems. Government can gain insight and efficiency from better sharing of data and reusing of analytic capabilities..

How often do government IT systems “re-invent the wheel” and spend limited resources duplicating effort that has already been successfully implemented elsewhere – for example, many systems managing eligibility verification or payment validation flag applications or payments for individuals who are known to be deceased. Why have multiple systems repeating the same logic when a Center for Analytics can make a deceased verification service available to multiple IT systems?

From my own experience as the former Director of the North Carolina Government Data Analytics Center, as well as listening to teams around the country who are focused on enterprise analytics, there are best practices, lessons learned and successful strategies to help guide your efforts in enterprise analytics.

Look for a series of blog posts focusing enterprise Center of Analytics including:

  • Building a Center for Analytics – Keys to Success
  • Analytic Solutions – Implementation and Adoption
  • Showing the Value – Demonstrating ROI

Stay tuned for more information about a Center of Analytics!

Post a Comment

The intersection of open & internal government data

Government organizations are seeking new and innovative ways to use an abundance of data – both internally for government operations and externally to provide the public with greater access to information. This intersection of open and internal government data is the topic of a Route Fifty webinar taking place on December 8th at 2:00 EST titled Leveraging Data for State and Local Government Transformation.

I'm delighted to be one of the panelists, joined on the program by editors from Route Fifty and Government Executive and data and performance leaders from the Commonwealth of Virginia, City of Pittsburgh and Pew Charitable Trusts. If you'd like to hear good ideas, best practices and approaches to turning public data into the energy that powers government services, please join us by registering here.

Government is using data internally in a variety of ways:

  • To improve public safety through better sharing and access to data that supports criminal justice operations and analysis
  • To reduce the cost and improve efficiency of government social services through fraud, waste, and compliance analysis
  • To help kids through data sharing that enhances child safety, facilitates child support enforcement and improves outcomes for at-risk children and youth
  • To optimize health services through clinical data and health care claims analysis
  • To enhance financial and budget forecasting and oversight
  • To improve citizen interaction with government through consolidated data and streamlined government processes

But more and more, government is also making data available to the public to improve transparency and to find new and innovative ways to use government data sources. Just a few examples of government open data includes:

  • Government spending data that provides insight into government contracts and services
  • Air and water quality data to help citizens make decisions when air or water quality conditions might impact their health
  • Sex offender registries and crime statistics to provide public safety information
  • Emergency management and disaster response information to better serve the public in times of natural disasters
  • City transportation information that provides everything from status of bus routes, to available parking places to bicycle routes

And making this data available to public enables citizens to help government through the creation of new apps and ways to interpret the data.

With so many possible uses of government data, it's sure to be a dynamic and informative discussion. Please tune in on Dec. 8 to explore this critical topic.

Post a Comment

How does a highly effective teacher unlock student potential?

“(Teaching) is an incredible opportunity to be a catalyst for what we want the future to be," says Shannon Hardy, a 21-year math and science teacher from The Exploris School, a Wake County charter school in Raleigh, NC.

Ms. Hardy uses data not just as a summative measurement tool, but as a key to unlock student potential that is not so easily realized. The video below shows the genuinely loving relationship between Ms. Hardy and two exceptional students with very different needs.

Invest four minutes in watching this video and I promise you will want to seek out Shannon Hardy to learn more about how she gets it done. In both cases, the data revealed what wasn’t immediately apparent, but critical for the teacher to know.

This is part 2 of a video blog series that illustrates how highly effective teachers do far more than positively impact student learning gains, but become part of something bigger to change students’ lives. Part One highlighted the relationship between a student-athlete and teacher-coach.


The video first introduces us to young Kaleo, a historically high-achieving student who was hampered by insecurity while struggling to find his place in a new school. “I was nervous about how I’d look in school, how I’d be in school, how other people would look at me.” Personal note: So was I, but it took me until my senior year in high school to snap out of it. Not Kaleo. The Exploris School and Ms. Hardy’s math class quickly became “like a family” because of the unique culture and climate. By using data to understand Kaleo’s abilities, Ms. Hardy was able to boost his self-esteem, his academic performance, and simultaneously help other students through his classroom leadership.

We then meet Hannah, a courageous young girl with autism who wasn’t always so outspoken, noting that, “learning is hard for me because I can’t really find the right words to say.” At the start of the school year, Hannah struggled academically. Ms. Hardy could not figure out how to get Hannah performing at the level she believed was possible.

Looking at her 6th grade academic record, initial expectations were bleak. But, by digging deeper into Hannah’s growth and achievement data, Ms. Hardy was able to show Hannah that she actually performed on grade level in third grade. Hannah could see that her social anxiety in 4th and 5th grade led to a steady decline bottoming out her math performance at 12% by the end of 5th grade.

Hannah had to understand her own potential.  Once a trusting relationship was established, Hannah finally spoke out to her peers about her autism because “at my school I felt safe there and I trusted a bunch of people there.” Ms. Hardy could then push Hannah harder because the data informed them both of what was possible, and she balanced the rigor with a great “sense of humor and she made learning experiences fun.”

So how did Ms. Hardy manage to pull this off for two exceptional learners amidst a class of many others who also needed differentiation? She focused on relationships before rigor, and relied on data as a guide. “Kids have so many social and emotional challenges in middle school and their feelings of security will impact all of their work and performance. So, if I have data that tells me this child was performing higher, then I know to ask for more. If I have a data that tells me that this child has always performed at this lower level, then we know to be more nurturing. We know to take our time, to chunk it more, and look for more resources…Teachers have to focus on values first….If values aren’t at the core of what we’re doing, then the rest doesn’t matter. We have to be people first.”

Amen to that.


Post a Comment

Child protection agencies lagging in use of analytics to protect kids

At-risk kids webinar image-12-15What happened to the adage, "What gets measured, gets done"?  Though progress is being made, there are too many child protection agencies that have yet to understand the profound impact data-informed policy and practice have on performance outcomes, as well as staff retention and satisfaction.

Without dipping deep into the well, I pulled this small sample of quotes from multiple reports and audits done on child serving agencies:

“The better our data, the better we can target where real crime is going on [and] where we are seeing some problems in police-community interactions that we can catch ahead of time,” President Obama said. “The use of technology or the use of data, combined with smart community policing, can really make a difference.”

"Staff stated there is a need for analytical support to extract data and create reports, which would provide better information regarding call information for management to staff appropriately for peak times."

"The Child Abuse and Neglect Center Referrals Statistical Summaries do not include data on After Hour Program calls nor average number of calls and dispositions per social worker, to provide adequate information to manage staffing"

"Over the course of the audit, department staff routinely indicated they recognize CPS activities are not well documented. However, they stress their work keeps children safe and ultimately that is the focus of their activities, with documentation of those activities being secondary."

"The Department is data rich, but analysis poor. They do not use data to in assessing, planning, implementing, evaluating, and improving the effectiveness of service delivery."

No one would ever say we should put data collection over child safety, but it doesn’t have to be an either/or decision. In fact, better data analysis will help caseworkers know where best to spend their limited time.

Some agencies are further along than others, however, many are lacking the tools, capacity, and data driven culture to implement business reporting and/or advance analytics into continuous quality improvement efforts.  That being said, it all starts with laying a firm foundation within the culture of the agency that emphasizes data collection, analysis and utilization of data to improve the ability to make informed case practice and policy decisions.

To hear from national thought leaders on the issue of creating a data driven culture that positively impacts services for children, please register for the Dec. 3 webinar, How Data Helps Protect At-Risk Children.

Post a Comment

Internal fraud:  Rogue employees, biased procurement officers, and outright thieves

John Beale was one of the highest paid government employees. A 10-year veteran of the Environmental Protection Agency (EPA), Beale defrauded the Federal Government of nearly $1M in employment wages and fraudulent travel.  Beale came under suspicion after it was noticed that the he was still being paid wages 19 months after his “retirement”. This began to shed light on his blatant and elaborate schemes to defraud the agency on the taxpayer’s dime.

He was paid for over two and a half years of “work” where he claimed to be serving on a project with the Central Intelligence Agency but was not working at all.  He rang up over $57,000 in travel expenses for an uncompleted project, many times expensing meals near his home in California when he was supposed to be travelling in another city or state.  To top it off, he fraudulently obtained a parking spot worth $200 per month based upon claims he contracted Malaria while serving in Vietnam. This was also not true.

Beale is a prime example of an insider threat. A well-established and trusted employee whose extensive experience allows them to commit a variety of types of internal fraud.

"The individual" is a prominent focus in today’s cybersecurity training.  Often referred to as “the weakest link”, an organization’s employees are frequent entry points for cyber criminals into a secure network environment.  Meticulous phishing schemes have become common, making it even more difficult to safeguard assets.  Security groups have stepped up training to help staff members spot questionable emails or social engineering attempts to obtain internal information. However, the threat will persist as mistakes are an unavoidable part of human nature.

Employees also introduce other risk to an organization, unrelated to any external hacker influence.  Employees serve in positions that can be ripe with fraud – such as Procurement.  Other positions also present a fraud risk, such as customer service representatives with access to personally identifiable information, internal program management, IT or administration, and systems administrators who often have broad reaching access to the organizations network environment.  While most employers vet potential job candidates, and the government will subjects certain positions to  security clearance background investigations, the risk still remains as individual’s circumstances and motivations can change overtime.  The FBI’s Robert Hanssen of the FBI, NSA contractor Edward Snowden, and US Army Private Manning all illustrate national security incidents, where security clearances failed to deter abuse of trust.  Agencies must develop policies that acknowledge that internal risks evolve, even at the individual employee level.

In all fairness to the EPA, who was subject to additional inquiries that surfaced a myriad of fraud and questionable practices, the John Beale situation really could have happened to any organization.  The fact is, most organizations may have policies and even controls in place, but they are rarely enforced and often completely overlooked.   For agencies, it’s difficult to turn the attention inward among the ranks of “our own”.  As human beings, we want to trust one another, especially those we have known for years.   However, recent events, including Beale’s fraud, have proven that organizations can no longer ignore these risks – and coupled with the external threats such as cybercrime – it’s imperative to improve prevention and detection of internal risk.

Employees can be an organization’s greatest assets, and its most vulnerable weakness.  Training and formal programs are a good start towards ensuring the integrity of an organization, but executives and security professionals must be proactive in looking at internal risk and where it can occur. The procurement process, individual employment wages or expenses, sensitive data and classified information are all ripe for insider attack.  Government organizations may not have profit margins or shareholders to motive them in addressing internal fraud, but they do have (and themselves are) taxpayers who ultimately end up paying the price.

Post a Comment

Cyber barbarians are at the gates! Analytics can help

Barbarians are relentless, and they are inside the gates!  That didn't go well for the Romans, and they had the most advanced technologies of their day.  So how do we do better against the relentless waves of cyber barbarians attacking virtually everywhere?

The answer to that is analytics, which offers early detection of behaviors that indicate a breach in the wall, and quick responsiveness to repel those virtual ropes and ladders.  Most of these attackers are after data they can use to commit fraud, identity theft and hijack finances, and their goals are quickly uncovered with proper monitoring.  Some stats around the risks faced today:

  • The FBI is on record, stating that over 500 million financial records were hacked  last year, and 110 million Americans, half of all US adults, had their personal data exposed year
  • In the U.S., an identity theft occurs every 3 seconds, according to Javelin Strategy & Research
  • According to reports to the FTC, 34% of stolen identities are utilized for government fraud, with the highest rates in Florida.  Credit card fraud was a distant second at 17%

On a personal note, in a 12 month period, I received four notices of data breaches from a wide variety of companies, ranging from retailers to health insurers.

But once data has become the virtual haul of cyber barbarians, how can we be protected as consumers?  How do banks, retailers and government agencies ensure that they don't become victims of fraud as citizens suffer from the impacts of identity theft?  Properly monitoring attempted contacts, transactions and requests through analytics.  Seeing if the information provided matches that on record.  Comparing new behavior to known behavior, and results across transactions to identify outliers and matches with past fraud.

Many organizations are following this route.  As more do, we will all see the impacts of data breaches mitigated.  When there isn't any treasure to be raided, the motivation for cyber barbarians to attack plummets.  Kentucky Department of Revenue is heading down this path, protecting citizens of that Commonwealth (and the rest of us - identity theft crosses borders!) from fraud and the impacts of identity theft.  At the same time, this keeps taxes in place and available to pay for roads, teachers and other critical needs, rather than running off with the cyber barbarians.

Believe me, that's a much better approach than a moat.

More to add to the conversation during International Fraud Awareness Week? Please share your thoughts in response to this blog, or seek me out on Twitter @CarlHammersburg and weigh in.


Post a Comment

Medical identity fraud isn’t just expensive, it can be deadly

Identity fraud typically conjures thoughts of credit card scams or stolen Social Security numbers. Medical identity fraud is often overlooked, but can be a crime that kills.

On the black market your medical identity can be worth as much as $50 per person versus $1 for a Social Security Number. Imagine the harm that could be caused if a fraudster obtained both for a cost of less than $52. Medical Identity Fraud is gaining momentum and in the next few years you will hear more and more about it, not just from a financial perspective, but from a quality of care perspective as well.

What Is Medical Identity Theft?

Medical identity theft is “the appropriation or misuse of a patient’s or [provider’s] unique medical identifying information to obtain or bill public or private payers for fraudulent medical goods or services,” according to S. Agrawal and P. Budetti in their article, Physician Medical Identity Theft, in the Journal of the American Medical Association.

So medical identity fraud are the fraudulent activities resulting from the theft.

Common medical identity fraud schemes

All providers are at risk for medical identity theft. Criminals typically use two major approaches to bill fraudulent claims with stolen medical identities.

In the first approach, criminals use provider medical identifiers to make it appear as if providers ordered or referred patients for additional health services, such as Durable Medical Equipment (DME), diagnostic testing, or home health services.

In the second approach, criminals use provider medical identifiers to make it appear that a physician provided and billed services directly. On January 5, 2012, a woman in Florida was sentenced to prison for using a New York physician’s medical identifiers from April 2004 through March 2007, to bill services never rendered. She billed the services to a Medicare Part B carrier in New Jersey. The physician did not know the perpetrator, never saw any of the patients, and did not give permission to use his identity.

Potentially deadly implications for quality of care

What if you needed a blood transfusion during a trip to the emergency room; however, you received the wrong type of blood?  Your medical history clearly showed that you were AB positive but yet you didn’t receive that type of blood. In the past, you might assume a doctor or nurse made an error. However, in today’s world it could be a result of medical identity theft.

In this example a fraudster, using your medical identifier, could go to the emergency room to get treatment for a real condition they have. By getting treatment, their medical profile now is a part of your record. That is, the fraudster changed your medical history by adding a false diagnosis, blood type and identifier to your record.  So the fraudster’s blood type, allergies, diseases, and health conditions, that are not accurately reflecting your health, become a part of your record. This is just one small scenario of what can go wrong, causing a serious quality of care issue. The scenarios are frighteningly endless.

Medical ID theft vs. Financial ID theft

The threat of medical identity theft has increased, in part, because of breaches, including the high-profile, massive attacks on some of the nation's largest health insurance companies.

Hackers stole information on a reported 80 million customers and employees in one such attack. Anytime a healthcare breach occurs, the long term medical identity fraud threat may go on for years before the attempt to commit fraud with the stolen information could occur. Therefore, the true damages of a breach will be hard to truly quantify in the short term.

Until recently, there was not a lot of data to steal from medical records because digitization is a relatively new concept. The Affordable Care Act has put into place digital healthcare record requirements that will only increase the amount of information that is available for the taking.

What makes medical identity fraud particularly tricky is medical facilities and insurance companies often do not have systems in place to alert you to unusual activity, unlike banks and other financial institutions. There also are very few steps in place to verify procedures with the alleged recipient. That is, someone can use your insurance policy for a procedure, yet no one will call to verify the claim in advance. Also, while a bank or credit card will usually refund your money or remove suspicious charges while an incident is investigated, you might immediately find yourself on the hook for a fraudulent medical bill.

Imagine opening your mail one day and having $250,000 in medical bills that you never received. It becomes a tangled mess to alleviate the error and is a burden on insurers and hospitals as you try to determine what actually occurred in your medical past to correct your medical record. This is happening across the United States and will only worsen.

Learning from the Financial Marketplace

The financial marketplace has systems in place to alert you to unusual activity. Chances are that on any given day a transaction that you make has analytics running behind it to make sure the event is a legitimate one.

To tackle medical identity fraud, the wheel doesn’t need to be completely reinvented. Many of the same data analytics used in the financial market place to detect anomalies could be used with a different algorithm to successfully identify medical identity fraud, and following our previous example, prevent the wrong blood type from being administered in the healthcare system. There are hundreds of other applications as well. In sum, analytics can not only help prevent fraud from a traditional cost recovery sense, but it can help ensure the quality of care that is delivered.

Medical-Identity-Fraud blog sidebar

This week is International Fraud Awareness Week, which I’ll be celebrating at the SAS-sponsored NHCAA Institute for Health Care Fraud Prevention Annual Training Conference in San Diego. Please come say hello if you are partcipating.

Post a Comment

What's all the fuss about identity quizzes?

Source: www.stoicmonkeys.com

Source: www.stoicmonkeys.com

Identity quizzes are a hot topic among fraud fighters, and particularly so among tax administrators. A quick web search finds that a lot of state tax agencies use quizzes to fight refund fraud, including Indiana, Louisiana, and Ohio. Even the IRS has gotten into the game.

In reading the press releases from these states – as well as the marketing materials from the vendors who pitch them – you would think that tax agencies have developed a secret weapon to stop all tax fraud. “The identity protection program is a way the Department of Revenue is proactively protecting the identities and refunds” of taxpayers, trumpets one state tax agency.

All of this hoopla begs the question, “What’s all the fuss about identity quizzes?”

For those of you who are unfamiliar with them, identity quizzes are a way to verify someone’s identity called “knowledge based authentication”. It’s a simple concept. If you aren’t sure about someone’s identity, ask them a few questions that only they should know the answers to. Get the answers right? We trust you. Get ‘em wrong? You must be a con artist who is trying to cheat the system.

The trick in making this concept work is to find a good source of information for the questions. Turns out that the data collected by credit reporting agencies – previous addresses, car registration data, mortgage amounts – can be an easy and mostly-reliable source for questions. Combine that data with information from previous tax returns (think “prior year adjusted gross income”), and you’ve got a foolproof way of stopping tax fraud. Right?

As Lee Corso from ESPN’s College Game Day likes to say, “Not so fast, my friend!

Relying solely on identity quizzes to stop tax fraud is a flawed strategy. Here are three reasons why:

  1. Fraudsters have figured out how to get around them. The most sophisticated bad guys have figured out ways to pass the quiz! How? Similar to what credit reporting agencies do, fraudsters have started to collect data for commonly-asked questions – previous addresses, car registration data, and others. Often, this stolen data comes from data breaches, such as the recent Office of Personnel Management breach. Ask the fraudster to take a quiz, and he will gladly oblige.
  2. Quizzes solve only a sliver of the fraud problem. Tax fraud is massive and complex, with hundreds of various schemes that can be perpetrated. But, tax administrators use identity quizzes to stop only a single scheme – one known as “stolen identity refund fraud”. That must be a massive part of tax fraud, right? Wrong. Stolen identity refund fraud accounts for less than 2% of all tax fraud and non-compliance.
  3. Quiz questions can be (ridiculously) wrong. Just ask an Ohio woman who recently took an identity quiz. She was asked which address she shared with another woman.“That is my ex-husband’s third wife,” she said. “Clearly, I did not share an address with her ever. So I answered ‘none of the above,’ which apparently was incorrect.”  Saving someone from being a victim of refund fraud by making them a victim of bad questions? That makes no sense at all.

It’s pretty clear that identity quizzes have big limitations in fighting fraud. So what’s the take-away?

ID quizzes can be used to stop some kinds of fraud, but only when they are part of a much larger arsenal of fraud-fighting weapons. Before you fall for the hype, ask tough questions about what scheme(s) an identity quiz will stop… and about whether they will continue to be relevant as fraudsters develop ways to evade them.

Post a Comment