Fraud threats on government agencies growing in numbers and severity

New TransUnion Public Sector Fraud study highlights how threats such as Account Takeover (ATO) erode trust in government’s online and mobile services

June 16, 2021

As more U.S. citizens have interacted with government agencies online during the COVID-19 pandemic, account takeover fraud threats (ATO) are becoming more prevalent. The findings were revealed in TransUnion’s Public Sector Fraud Study, created in conjunction with the Ponemon Institute.

The study surveyed nearly 600 leaders across federal, state, and local government agencies about their experiences with customer fraud and the technology used to combat it. A clear finding is that ATO fraud has become more prevalent in the public sector as consumers’ use of the web, mobile phones and connected enterprise/civic software have significantly increased.

More than half (53%) of respondents in the study said that ATO fraud has increased in the last two years. Yet, only 41% of respondents said senior leadership makes it a priority to prevent ATO, and only 38% said their agency regularly assesses the ability of its IT systems to prevent and detect fraud.

“The breadth of services delivered on government websites creates complexity, and agencies face dynamic constituent and regulatory requirements to protect customers, verify identities, authenticate eligibility and secure payment transactions,” said Jonathan McDonald, executive vice president and head of TransUnion’s public sector business. “Each agency, be it federal, state or local, has unique regulatory and fraud challenges depending on the types of e-commerce services offered. Constituents expect positive online experiences from public sector agencies as government websites form a critical backbone for constituent service delivery.”

Rising risk: mobile phones are a significant ATO fraud vector

Not only are ATO threats on the rise, but six in 10 government agency workers said the severity of these attacks are as well.

Because mobile phones are ubiquitous, they represent the largest threat to customer accounts.

57% of visits to U.S. government websites are mobile
62% of respondents said mobile phones are the most vulnerable to ATO

The report also found that government agencies are not making adequate investments in security technologies to protect customer data and make online access to accounts secure and convenient. Only 39% of government agency respondents said customers are happy with the security they offer.

AI perceived as a growing force

Agency leaders agree artificial intelligence (AI) and improving identity authentication will help them deliver a better customer experience while ensuring greater security. More than two-thirds of respondents felt more investment in these two areas is necessary to achieve this goal.

“Combatting fraud in each vector, from mobile to online portals, is an imperative and essential task that government agencies must address in 2021. Focusing on emerging tools, such as AI, device risk assessment and identity verification, in addition to policies and best practices for a seamless user experience, will go a long way towards protecting and gaining the confidence of consumers,” added McDonald.

According to the study, 65% said artificial intelligence decision-making tools/technologies and interconnected devices will improve the ability to track customers’ status to improve the security and convenience when accessing online accounts. In addition, 61% said improvements in identity authentication will improve the state of access governance and, therefore, improve user experiences.

Improving benefit enrollment security with identity verification
Government agencies provide trillions of dollars in benefits to constituents annually. The programs that provide cash payment benefits like unemployment, Medicare, SNAP and Social Security are particularly tempting targets for criminals. In 2020, federal agencies reported more than $7 billion of confirmed improper payment fraud.¹

“Government agencies can address these challenges and be in a position to improve their service levels with a friction-right approach that seamlessly verifies and authenticates constituents throughout their customer journey. Using integrated identity proofing, risk-based authentication and fraud analytics, agencies can scale protections while delivering the streamlined experience their constituents demand,” concluded McDonald.

TransUnion’s Public Sector Division provides fraud, benefit eligibility verification, continuous evaluation services, identity authentication, data breach response, investigation services, and other key solutions to federal, state and local government agencies in the U.S. TransUnion’s solutions help both private and public sector organizations manage risk and reduce costs.

Government agency officials may register for a July 29 webinar to learn more about the findings. The full study can be downloaded here.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.