Trust Creates Vulnerabilities: A Look at Government Fraud and How to End the Cycle
/It’s a continuing trend in the headlines: Fraudsters are exploiting government-funded programs or targeting public-sector organizations directly. Fraudsters targeted Medicare. A child nutrition program was exploited in Minnesota. Hundreds of millions of dollars in California welfare benefits were stolen by a Romanian crime ring.
All these fraud schemes are similar in that they involve government programs, but, according to Linda Miller, there's one more similarity: All these systems were designed for trust. That was the subject of “Designed for Trust, Exploited at Scale: Why Government is Easy to Defraud,” presented by Miller, president of Program Integrity Alliance, at the 37th Annual ACFE Global Fraud Conference.
“Government fraud is an architecture,” said Miller. “The reason that we experience the level of fraud that we experience today is not about political issues. It’s about an architecture that has been built and perpetrated to allow fraud to grow and manifest.”
Changing Threats
Miller looked back at some U.S. government programs, including 1935’s U.S. Social Security Act and the establishment of Medicare and Medicaid in 1965, pointing out how all these programs had trust involved. For example, with Social Security, the government assumed real identities were being used, and Medicare and Medicaid claims were assumed to have come from humans. According to Miller, the threat environment was much different back then, and that was what these systems were built for.
“This is the atmosphere that the U.S. government faces today. They built a system that was intended to get benefits to people who needed them at a time when that was incredibly important,” said Miller. “It still is important to get those benefits to the people who need them, but there was never a contemplation that there would be an entire industry established to try to defraud these programs.”
What Role is Government Playing in Perpetuating Fraud?
According to Miller, government is easy to defraud due to six design flaws that are still not repaired:
Trust: Applicants are presumed honest.
Speed: Payments are prioritized over verification.
Fragmentation: No one sees the whole picture.
Legacy technology: The systems weren’t built for modern threats.
Identity: Programs struggle to verify who they’re paying.
Incentives: Agencies are rewarded for service delivery and not fraud prevention.
Facing the Future of Fraud
Miller said the next generation of fraud is already here, and it includes these types of threats:
AI: The technology can generate thousands of fraudulent applications per hour because the volume is no longer human-scale.
Synthetic identities: Fraudsters build fake people over years, such as credit histories, addresses and employers, then cash out at scale.
Cross-program fraud: Criminals can exploit several benefit programs at once, so no single agency sees the full pattern.
Real-time payments: Because of instant payments, by the time the fraud is detected, the money is gone.
International networks: Sophisticated networks operate beyond jurisdictions, law enforcement and extradition.
According to Miller, some of the ways government agencies can prevent fraud include:
Leadership from the top: Miller said fraud prevention can’t be a mid-level compliance function. It should have “a senior White House official with authority.”
Making the invisible visible: “When we're thinking about how to build the system in the future, we can't just be talking about investing money and technology because we all know we need that,” said Miller. “But what we also need is to completely change how we think about putting money out.”
Verify before you pay: Move from trust to verification.
Fix the data ecosystem: Miller said data-sharing legislation needs updates and clarification. For example, the Privacy Act of 1974 was written for paper records.
Stop outsourcing the brain: “This is nothing to say bad about contractors,” said Miller. “But we don't have the ability of government to use them effectively because we haven't built in-house the technology literacy, the data literacy, and the ability to be able to manage our data internally.”
Emergency-proof future spending: “If there's another pandemic, if there's another major funding initiative, we need to say, ‘OK, a certain amount of this funding is going to be put aside for program integrity,’” said Miller. “We're going to expect certain types of controls but we're not going to lower the guardrails so much that it becomes a free-for-all.”
Restore human judgment: Miller said agencies should have the authority to act on common sense because rules-based systems can’t recognize all the patterns that a person would find suspicious.
Miller said government agencies already have the tools and the blueprint to make these changes, but someone must step up to get it done.
