IRS staff members knew ahead of time that some of the individual payments for pandemic relief would go to the deceased. It’s because of how timely or untimely the vital records data comes in from Social Security. There are other ways to verify people’s eligibility for government benefits. For more information, Matt Harcourt, vice president of Strategic Alliances at LexisNexis Risk Solutions, joined Federal Drive with Tom Temin.
Insight by Galvanize: During this webinar Marianne Roth, the chief risk officer of the Consumer Financial Protection Bureau, will provide a deep dive into enterprise risk management at CFPB. Additionally, Dan Zitting, the CEO of Galvanize, will discuss how making better use of data and technology can help federal agencies more rapidly allow decision makers address and mitigate risks.
Tom Temin: Mr. Harcourt, good to have you on.
Matt Harcourt: Thanks Tom, good to talk to you.
Tom Temin: Data is always at the bottom of some of these questions. And of course, LexisNexis is a data provider. Does the government, do you believe, not have the data it needs? Or is it simply not available in a way that’s useful and timely sometimes when doing eligibility determinations?
Matt Harcourt: You know, Tom, I think you say the word government and it’s a large connotation. State, local, federal, everybody falls into that piece, and I think probably most of the data they do have in one way, shape or form. What they don’t have is across all government in one database that makes it easy. So, you know, you look at all the different types of data that is out there from consumer data to phone and email to assets to property, licensing, business and employment data, derogatory information. When you put all that together, you really get a get a picture of somebody, and the government probably has it in different silos and different patches and in counties and cities and across everything, but it needs to be pulled together. And then it becomes really difficult when you get into assigning the data to the right person. I know that there are 14 Matt Harcourts alive in the country right now. If we’re talking about Tom Smith, or Tom Jones, how many of those are there? So then the government would – the onus would be put on the government to then assign all that data to the right Tom Smith or Jones. We do that for a living. We have a proprietary algorithm that runs through that, that makes sure that with 99.9% accuracy, that when we ingest a data source, when we ingest a new piece of data that it gets assigned to the right “Lex ID” is what we call that.
Tom Temin: Got it, and how would an agency then know that the data is constitutionally available to it, that privacy is protected and so on that it can make use of that data in, say, a eligibility determination?
Matt Harcourt: So we’re governed by a whole bunch of different regulations, everything from Graham-Leach-Bliley to the Driver’s License Protection Act. So we make that determination based off of the agency, their mission, what they’re going to use that data for. We have a team of experts that assign usage. For instance, law enforcement probably has access to a wider set of data than would dog licenses within states, or something like that.
Tom Temin: Sure. And let’s talk about the IRS for a moment because again, they did know that this would happen because it’s just the nature of the information sharing scheme they have set up, that there’s a mismatch in time for the deceased. Bringing back the idea of Jim Smith – I once read there’s a Jim Smith Society – I don’t know that it still exists – of people that are afflicted with such a common name. And I guess if someone wanted to apply for benefits fraudulently what better name to use than Jim Smith? So what would be a better mechanism say for the IRS to know that this Jim Smith is this Jim Smith and he’s alive, versus that Jim Smith is legitimately, as the character in “The Wizard of Oz” put it most definitely dead.
Matt Harcourt: So the foundation of any successful identity theft prevention strategy is verification and authentication. Government agencies have to take a multi layer approach to both of those processes. Identity is not static. It’s changing, it’s changing constantly. So taking those couple of steps in, I want to verify that the Tom Temin that I’m working with is actually the Tom Temin and that I want to be working with, or that he exists. And then I want to verify and authenticate that I am actually working with the right Tom. It’s not just necessarily deceased people or incarcerated people getting access to CARES distribution money, but it’s also synthetic identities that are living out there. And bots that are running programs on many of these programs to try to test what they can and cannot do. I think that the opportunity for fraud is much deeper than just sending a cheque to the wrong deceased person or somebody who’s incarcerated. It goes much deeper than that.
Tom Temin: We’re speaking with Matt Harcourt. He’s vice president of Strategic Alliances – we think – at LexisNexis Risk Solutions. And if an agency is operating an application that requires verification and authentication of the identity. How do they incorporate these third party data sources such as yours into their application process when it’s probably drawing on their own database?
Matt Harcourt: So a couple different ways. We like to sit at the front end and we like to verify that beforehand. The federal government set up login.gov, which takes into account LexisNexis, as well as a couple of other providers of data to be the front end for identity verification. The government has a challenge. People are accustomed to a frictionless experience when they work with Amazon or Walmart or Target or somebody online. And they’re expecting that same sort of frictionless process when they work with the government. The old way of asking what your mother’s maiden name was and or something like that, especially in an emergency, like we experienced with the CARES Act, is probably a little bit too clunky. So then I think they have to start looking at digital identities as well, verifying that people are acting in a way that they normally act and not acting like a bot would act. Using big data across a shared global network, we can identify high risk users accessing systems by looking at behavior that deviates from the norm or from from trusted digital identities that we’ve seen through millions of other consumer interactions.
Tom Temin: And a lot of agencies deal with the unbanked, as they’re called. They don’t have bank accounts, so they don’t have credit cards. And so they still have to get checks whereas many of the programs come through electronic benefit cards and so forth or direct transfer to bank accounts. How do the unbanked which may not be much of a data footprint come into this so that they can be verified also?
Matt Harcourt: We throw that unbanked into into two buckets. There are the people who are unbanked because they’re incredibly wealthy and they don’t have any sort of credit and they’re unbanked because they’re usually poor and they don’t have credit as well. We are not a credit agency. We don’t – while we do get data from some of the credit bureaus, we look at a bunch of other different sources of data utility connections we look at. We look at legal information around bankruptcy or civil court records. We look at hunting and fishing licenses to get data around that DEA controlled substance lists, and then derogatory information as well, departments of corrections lists, criminal courts, arrest logs, things like that we’re pulling identities from as well. So it’s not just looking at that credit data. You miss those super wealthy people and poor people as well, often.
Tom Temin: And agencies are beginning to think about the idea of continuous verification such as already being done for security clearances, because some of the programs like food stamps or TANF and these different programs are ongoing. They’re not one-time checks. And so you want to make sure people remain eligible. How does that all work?
Matt Harcourt: We play in that continuous evaluation on the security piece, the only thing that I would draw a line to is dual participation for benefits which would fall closest to that. So making sure that somebody is not living on the state line between Virginia and Maryland and getting benefits in both of those states, or making making sure that people aren’t dipping into multiple programs that they shouldn’t be dipping into. That’s the only type of continuous monitoring we’re doing on something like this.
Tom Temin: And for an agency to incorporate LexisNexis, or one of the data services, what does it cost? Just order of magnitude, is it millions a year, tens of millions, tens of thousands?
Matt Harcourt: Much less than millions in most cases. Most of the time, it’s based off of how many licenses they wish to purchase, or the number of bodies that they’re putting through that program, but our pricing is on a kind of a sliding scale based off a usage.
Tom Temin: So the price per drink in other words?
Matt Harcourt: We can do it price per drink, or we can do a buy a bunch and set a limit on it. We can do it either way.
Tom Temin: Matt Harcourt is vice president of Strategic Alliances at LexisNexis Risk Solutions. Thanks so much for joining me.
Matt Harcourt: Tom, I really appreciate it. I enjoyed it.
Tom Temin: We’ll post this interview at www.FederalNewsNetwork.com/FederalDrive. Hear the Federal Drive on your schedule. Subscribe at Apple Podcasts or Podcastone.