Combating Identity Fraud in Government Vendor On-Boarding & Personal Identities

Topics: Financial Crime, Fraud, Government, Government Fraud, Government Regulation, Risk Management, Thomson Reuters Special Services


Governments can and do fall victim to fraud just like businesses and persons. One growing way this is happening is through government vendor fraud.

Government vendor fraud can happen when third-party contractors hope to be awarded, oftentimes, lucrative contracts or deals with the government, but for some reason or another would be barred from doing so due to an excluding factor such as a prior criminal history. That’s where identify fraud kicks in — a contractor hoping to evade detection of their prior criminal history will submit a false identification, fake identity, or similar false documentation.

The government’s ability to detect and combat this type of vendor fraud comes during the on-boarding process and is the key to prevention.

I recently moderated a webinar in partnership with the Association of Certified Fraud Examiners (ACFE) that discussed ways to assess the complex process of on-boarding government partners. The webinar also established a framework for how clean data can mitigate risk and determined how technology will continue to shape the future of identity verification and risk analysis.

On the webinar, Confirming Identities in the Government Sector: The Importance of Clean Data in Partner Onboardingwe heard from Jason Thomas, Chief of Innovation and Special Programs for Thomson Reuters Special Services (TRSS) and Hans Miller, Founder and CEO of Airside Mobile Passport.

During the 60-minute, ACFE members-only discussion, the audience asked about government vendor on-boarding, but also about person identity theft and how best to stay safe. Here are several audience questions with responses from Thomas and Miller:

What is the best method of conducting vendor on-boarding? What red flags should a company look for?

Jason Thomas: There are a number of ways to on-board a vendor. Most processes involve checks of records that indicate the economic viability of the company, the history of its leaders, other companies the vendors do business with, etc. The goal is to get as complete a picture of the vendor as possible before allowing it into your ecosystem.

It’s hard to be specific on red flags as the risk appetite between companies differs. My company may be more risk averse than yours. What I would recommend is that you first determine your level of acceptable risk and then craft policies that align with that.

Want to stay up-to-date on our thought leadership pieces and other topics such as government fraud, waste, and abuse? Follow the Risk & Compliance Spotlight page on the Legal Executive Institute’s blog.

Do you recommend that organizations go back and periodically audit its data for accuracy?

Jason Thomas: Yes. Organizations that have an on-boarding process typically review the records they base their decisions on once, at the initial vetting. But, as we all know, things change — employees leave the companies we been on-boarding, the company’s leadership changes, the businesses they do business with change. So, if we are focused on creating a robust and viable on-boarding screening process, then continuous evaluation is a requirement.

What are some steps individuals can take to obtain or ensure control over our personally identifiable information — and address any errors or inconsistencies?

Jason Thomas: Google yourself. Facebook yourself. Search Twitter for yourself. Pick the platform and search for yourself — even those you think you don’t have a presence on.

The first step is knowing what information is out there about you. Once you’ve determined what’s out there, and depending on the platform, you can lock down your account and make much of your data less accessible to the general public. You can also delete your account completely.

Lastly, some platforms enable you to remove third-party data about you from their platform. For example, Google give you the ability to remove from its index search results related to you that you no longer want in their system. (It’s called “The Right to be Forgotten” and you can find more info here.)

Will the new Real ID-compliant driver’s license be better and less prone to hacking? What role will bio-metrics play in critical IDs, such as driver’s licenses and passports in the next 5 to 10 years? Is the trend to move toward a more biometric driven identification?

Jason Thomas: There is certainly a trend to using biometrics for identity. In my mind however, that’s just one part of your identity. It’s an attribute of your identity, much like your behavior patterns are an attribute. The idea is that since biometrics — in the primary form of a fingerprint — are unique to you and that they are theoretically impossible to duplicate, and thus are a safer way to authenticate your identity.

To a large degree I agree with this. But, in my view, anything is hackable. So, while the trend will be toward a more biometric-driven ID, the trend will also be an increased attempt to hack and exploit those biometrics for illicit purpose.

How secure is the information on Mobile Passport?

Hans Miller: Information stored in the Mobile Passport is extremely secure. The information is stored exclusively on the device and is encrypted in transit and at rest. Only the Mobile Passport member can access the data on the device or choose to share it with U.S. Customs and Border Protection officials. There is no “master key.”