Some feds continue to see fraudulent FSAFEDS deductions

One former official questioned why OPM and the FSAFEDS program didn’t have stronger fraud controls in place before recent reports of fraudulent deductions.

Some employees have continued to see fraudulent deductions from their Federal Flexible Spending Accounts, weeks after FSAFEDS fraud was first reported.

Employees have reported fraudulent FSAFEDS deductions in paychecks as recently as June 7, Federal News Network has learned. FNN could not confirm the number of employees who have continued to see fraudulent deductions. The FSAFEDS fraud was originally estimated to impact approximately “several hundred” employees.

The Office of Personnel Management operates the FSAFEDS program through a contract with HealthEquity, a third-party vendor.

HealthEquity referred all questions to OPM. An OPM spokesman said the agency was continuing to work with the HealthEquity “to secure impacted accounts, refund impacted individuals, and implement additional anti-fraud controls.”

OPM did not answer specific questions about further reports of fraud impacting the program. “At this time, there is no evidence that OPM or our vendors’ systems have been compromised in any way,” the spokesman said.

But agencies have continued to warn their employees about the potential for FSAFEDS fraud. In a June 13 notice, the Coast Guard alerted employees to OPM’s temporary pause in new FSAFEDS enrollments.

“Your vigilance is crucial in helping address this issue promptly and effectively,” the Coast Guard wrote in the alert. “FSAFEDS appreciates your cooperation and understanding and will continue to communicate any new updates with members in the coming days and weeks.”

The ongoing pause in the FSEFEDS enrollment function also applies to current employees who experience a qualifying life event (QLE), such as the birth of a child or a marriage. OPM said employees will be able to retroactively adjust their elections due to a QLE after the pause is lifted.

Employees can also submit claims for reimbursement while the pause is in effect.

John Hatton, vice president for policy and programs at the National Active and Retired Federal Employees Association (NARFE), said the situation was “obviously concerning.”

“The questions now are how OPM and federal agencies are going to identify all unauthorized deductions, and ensure every federal employee is made whole; and how quickly can OPM get FSAFEDs enrollments back up and running so this employment benefit remains available to federal employees,” Hatton said in a statement. “We’re thankful the OPM OIG has identified this problem, and hope law enforcement is able to identify and prosecute the individuals responsible for these fraudulent activities.”

FSAFEDS fraudsters used personal data

The FSAFEDS fraud stems from bad actors using federal employee information to either create fraudulent accounts or fraudulent reimbursement claims, according to one government source. The source said HealthEquity has been introducing new anti-fraud and security measures, including requirements to use Login.gov, which features multifactor authentication.

But Linda Miller, the founder CEO of Audient Group, LLC and former deputy executive director of the Pandemic Response Accountability Committee, questioned why OPM didn’t require HealthEquity to use stronger fraud controls in the first place.

“There needs to be really stringent identity theft-based fraud controls at the front end, and anybody that is administering a program like this should be expected to have a baseline level of those kinds of controls,” Miller said. “Anytime you’re dealing with a service that involves money being exchanged, [multifactor authentication] is the floor, not the ceiling, when it comes to anti-fraud controls.”

Miller said it’s easier than ever for fraudsters to leverage stolen personal data, including that of federal employees, that can be found for sale on the deep or dark web.

“In my experience with federal agencies, across the board with some exceptions, there’s not really a lot of attention on the possibility that fraud or identity theft could be happening,” Miller said. “The awareness of this issue is so small compared to the impact and the size of the problem.”

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories