The FBI published a notice in July 2020, alerting state unemployment insurance agencies of a significant increase in fraudulent unemployment insurance (UI) claims. According to an article in the New York Times, Washington State had identified approximately 87,000 fraudulent claims since March 2020. Comparatively, from January 2018 through May 2019, the state had only process 184 fraudulent claims. Nationally, it was estimated approximately $1 billion fraudulent had been paid.
Criminals, whether physical or virtual, follow the money. When Congress passed the CARES Act, unemployment insurance surfaced on the bad guys radar. In a matter of weeks people filing for unemployment exceeded historical highs and state systems were overwhelmed. It was what many call the “Perfect Storm.” Some states, such as California, were forced to shut down temporarily to enable staff to process backlogs and implement new integrity protocols. Within this chaos, cybercriminals thrived collecting weeks of benefit payments that rarely can be retroactively collected.
To the general public, it may appear this situation happened overnight, but in fact it has been building over the last 25 years due to budget challenges As systems moved away from in-person filing to improve productivity, the opportunities for fraud increased. A Supreme Court decision and the Department of Labor’s response compounded the problem. The 1971 U.S. Supreme Court JAVA decision (see below) created the path to the Coivd-19 perfect storm.
It Started in 1935
The Social Security Act of 1935 created the Federal-State Unemployment Compensation (UC) program. Section 303(a)(1) required a “methods of administration” that were calculated to ensure full payment “when due”. Failure to comply could result in a loss of state Title III administrative grants.
When states began administering their UI program the delivery of unemployment insurance (UI) services was geographically based and it was a one-on-one process. Each state developed a system of local offices, where claimants were required to file claims in person. The claims agent checked the claimant’s identification and social security number to verify identity. In many instances, the local office was also familiar with employers in the region, which provided an added integrity check.
JAVA Decision of 1971
In 1971 the U.S. Supreme Court upheld the decision of the California District Court that the state’s unemployment law was inconsistent with the requirements of the Federal Social Security Act of 1935. In its decision, the Court required the Secretary of Labor to ensure that payments were made with the “greatest promptness” once a determination was made.
Although no immediate changes occurred in how the system operated, the decision would have a long-term impact on how unemployment offices operated. Over time, the focus shifted towards prompt payments — sometimes at the expense of claimant verification.
Periodically, the Secretary of Labor must certify to the Secretary of the Treasury the funds needed or provide to each state for the proper and efficient administration of the law. In the mid-1990s, inflationary increase in federal funding to the state unemployment agencies stopped. By 2013, funding, adjusting for inflation, had dropped significantly. As budgets were cut, states began to look for more ways to process initial and ongoing claims more efficiently. As states struggled to meet prompt payment requirements staffing was reduced which further compounded the problem. To meet the prompt payment requirement, State Unemployment Agencies turned to technology to address the funding shortfall.
Initially, states introduced call-centers to replace in-person filing, but for the most part, the requirement for claimant identification was still a one-to-one process. Compared to today’s statistics, instances of fraudulent claims were low.
1995 Technology Shift
Colorado was the first state to close offices and require claims be processed by a call center and Wisconsin followed shortly thereafter. In response the Department of Labor issued an Unemployment Insurance Program Letter No. 35-95 (UIPL 35-95) in June of 1995. Its purpose was to encourage states to move towards implementing telephone systems or other electronic methods of filing claims. Each state was responsible for establishing procedures to protect against improper payments and fraud while deploying new technology. Specifically, states were still required to confirm the claimant’s identity.
Although in-person filing was no longer required the connection between a claimant and a claims-taker still existed. Additionally, employers continued to receive separate notices to alert them that a claim was filed. The separation notice served as an added check for a fraudulent claim.
With the rise of the Internet, states began moving to online filing. As a result, the connection between the claimant and the claims-taker changed. The online technology states deployed eroded the ability for a state to ensure that the individual filing the online claim was the same person as indicated by a social security number being used for the claim. The identification of false claims became an after-the-fact process only measured via the benefit accuracy measurement program.
2008 Great Recession
The last time the United States experienced high unemployment was during the Great Recession that followed the banking failures of 2008. In its aftermath, Congress passed the Improper Payments Elimination and Recovery Act of 2010 (IPERA 2010). This bill required state agencies to measure their improper payment rate.
If the state rates above 10%, the state is required to take immediate action to lower the rate. Again, this legislation was an attempt to reduce the number of fraudulent claims and improper payments. Every state should expect to surpass the 10% mark for 2020, the result being that they must reevaluate their online claims processing.
Perfect Storm of 2020
As discussed earlier, the separation of claimant and claims-taker has been a gradual process. It started with the original act of 1935. Then, seemingly unconnected events occurred over the next 85 years until they converged in 2020 to create the UI Perfect Storm. These events included:
- The pressure on states for prompt payments as a result of the JAVA decision
- The challenges of no inflation adjustments on administrative funding
- The movement away from one-on-one agent-managed claims
It was into this infrastructure that unemployed Americans engaged at an unprecedented rate, and newly enacted benefit programs (PUA) that alerted cybercriminals to opportunity that caused them to attack UI at an alarming pace. Resulting in the states and the Federal government losing millions to fraud.
After the Storm
It’s hard to predict what the final outcome will be from the UI experiences of 2020. However, a few lessons can be drawn from the current situation.
IPERA requirements are not going away. The cyber thieves have found the UI program and states must find new ways to minimize improper payments. Given the Covid-19 experience states will have to find a way to verify the claimant’s identity when filing over the internet or any one-on-one new method of claim filing. That verification is the only way to ensure that people filing claims are who they say they are. UI departments cannot operate at their current rate of fraudulent claims without jeopardizing their USDOL administrative grant.
Clearly, states need improved technology. Many states have legacy systems that have difficulty interfacing with 21st-century technology. These gaps can leave organizations open to system vulnerabilities. More recently, many states had their websites crash because the technology could not handle the historic volume of claims. Some states had to stop processing claims until patches could be applied. Legacy technology will become more of an obstacle to prompt payment as technology evolves.
Inadequate technology made it impossible for agencies to implement the new Cares Act benefit programs and meet prompt payment expectations. Few systems were designed to support the volcanic increase in claims. If the number of claims had been spread over weeks instead of days, the systems may not have failed, but having to process hundreds of thousands of claims at once was impossible.
Technology wasn’t the only reason payments were delayed and fraudulent claims were processed. The claims filing process was not designed to handle the volume of claims. When agents were tasked with processing thousands and thousands of claims, the one-to-many ratio made it impossible to verify every claimant’s identity. Adding to the problem was the Pandemic Unemployment Assistance (PUA) program.
By Congressional design Pandemic Unemployment Assistant recipients, such as gig workers and the self-employed, were outside the agencies’ standard process, making it difficult to verify claims. With the added pressure of processing PUA claims timely it’s no wonder mistakes were made. The push for prompt payment outweighed the need for 100% data validation. Even then, some regular and PUA claimants were waiting months for their payments.
Cybersecurity has to become a priority. Now that the agencies are on the cybercriminals’ radar, they can assume that they will continue to be targeted. The latest cybersecurity statistics are not encouraging:
- The United States is the top target for cybercriminals.
- Government entities are one of the top three targets for cybercrime.
- Cybercrime is up 600% since the beginning of March.
State agencies should look at tightening their security and improving their infrastructure to reduce vulnerabilities.
According to the 2020 Solvency Report, almost half of the states are at or below the solvency line; many have already borrowed. Additionally, more states are dangerously close to running out of funds and without federal assistance or an uptick in employment they will certainly fall below the solvency line. Previous responses to the solvency problem are not novel nor reliant on one solution. States will raise contribution requirements via state laws and may move to recover funds from improper and fraudulent claims to increase Trust Fund balances. Solvency may be the most immediate issue that should be addressed to help state economies by not hitting business’s what they are most challenged.
Founded by former state and federal agency staff and executives, On Point provides superior and efficient solutions for unemployment insurance processing. Our solution provides the technology and processes to help agencies deliver payments promptly and accurately.
We use modern technology such as predictive analytics to prevent fraud at the point of claim creation. Using resources such as the Integrity Data Hub and the national drivers’ license data verification service, On Point’s solution can quickly verify an applicant’s identity.
Our full stack solution can also help with prevention, detection, adjudication, collection, and enforcement. If you’re looking for a way out of the perfect storm, contact On Point Technology.