How AI will exacerbate fraud against the government

Federal investigators have their hands full trying to spot all of the fraud schemes that cost the government billions of dollars every year.

Federal investigators have their hands full trying to spot all of the fraud schemes that cost the government billions of dollars every year. AI-powered fraud, utilizing images, has all kinds of potential for mischief. For more on that and how to stop it, Federal News Network’s Eric White spoke to the vice president and head of public sector strategy at Socure, Jordan Burris on the Federal Drive with Tom Temin.

Interview Transcript: 

Jordan Burris In recent years, what we’ve seen is the continued rise in prevalence of sophisticated attacks to what would be our nation’s, you know, identity infrastructure in particular. Right. And so, you know, I recognize that a lot of the actions by the administration or even the Congress are those that they’ve been talking about for quite a bit. Assignment. I’m for one, glad to see them starting to take action in this space.

Eric White What are some of these schemes, I guess, that are AI powered? Is there, you know, any human engineering involved whatsoever or, you know, is it just a lot of code just going after other lines of code?

Jordan Burris Right. So, I would love to say that we were at a place where it’s like the Terminator and AI is just thinking for itself, but generally these are things that have been put into motion, based on the actions of individuals at the end of the day. Right. So, what we’re seeing is that, you know, AI is being used at scale to think, think about it, to accelerate activities that otherwise would be once manual and tedious. This could be everything from generating fake personas and identities to creating what would be images that allow for impersonation. In particular, this could be, you know, taking and finding ways to scramble, create PII and submit those on websites in order to, to intercept government, benefits, for example, especially those who are using weaker controls, in particular. And so, think of it as more of a tool. And unfortunately, when it comes to, you know, nation state actors or the criminal organizations, they’re using this now more than ever to scale, what they had been doing historically.

Eric White Yeah. Is this a system failure or is there some human error involved as well? Because, you know, personally, I can usually tell when I’m not talking to a real person.

Jordan Burris You know, it’s always very interesting. And so, when, when we made the decision as a society to kind of embrace digital as a, you know, predominant channel for interacting. Right. And we did this as consumers in particular. Right. Because it was it was easier and more seamless for us. We kind of did away with some of that interaction that used to take place in person. All right. So, you would always have to show up either at your, your bank or go engage with some of your local grocery store, even in some cases to participate in good and service. There was no different in government in particular. Now I, for one, am not advocating to say that, hey, let’s go back to things being very manual because I would never actually get anything done. I’m absolutely terrible in some cases, running errands around my house. But when we did away with that, we kind of still relied on some of those processes as they had been constructed at that moment in time. Right. This reliance on whether it be government issue documents that they’ve been, provided the reliance on, you know, holding on to things such as our Social Security numbers and pretending that for some reason, they’ve never been compromised or revealed in a data breach in some way, shape or form and or other elements of our PII. And as such, a lot of the we’ll take preventative measures that have been put in place historically have not evolved. Right. And that has left us more susceptible. Now, I always say to go back and look at the pandemic as a thing, but as a turning point or turning moment for what happens with the digital ecosystem. That is kind of where you saw a lot of these controls start to break down or became more prevalent and understood the challenge that was going to be had. Right. And this is what’s led to billions of dollars and fraud today across a number of sectors to include that of the sector as well.

Eric White We’re speaking with Jordan Burris. He is the head of public sector strategy for Socure. And so, let’s talk controls what can be done to stop these new schemes that are popping up. Is it going to require an evolution of those controls that are already in place, or is some new technology going to have to be implemented?

Jordan Burris So first and foremost, I think there’s like a mindset shift that is required. Everyone that comes to this conversation, right? A lot of what the government has done, or others have done is take a, I’m going to say, an approach to this problem, right? Because the thought was always that, hey, if we, you know, got the funds out quickly or if we, you know, made sure that the, the users on the other end of the screen ultimately got their benefit in the event we got it wrong in any way, shape or form, right, that we could claw that money back. Well, that continues to prove out over time. It’s not easy to get this money back. Actually, a number, you know, larger amounts of funding that have been issued to individuals, you know, the government regularly reports on how, you know, even though they’re increasing what would be law enforcement activities in order to recover it. They’re only able to get by at a fraction of. Of those funds. And so, we’re shifting that mindset to away from Chase. Then it’s about taking preventative measures to see what we can do upfront. Now part of the discussion has been if we layer in too much security and we do too many things upfront, unfortunately we are going to put undue burden on the public when it comes to interacting and engaging with any digital system. Right? How many times do you really want to be asked to take a picture of your driver’s license in order to prove you are right, or take some other type of step, or to show up in person, or have a phone call in call to a call center, right? That becomes too burdensome. The reality is, it doesn’t even have to be that way, right? I would say that’s even in some cases, a legacy mindset shift that’s taking place no different than when we were talking about migrating technology platforms from being on premise and moving them to the cloud. We actually had to rethink what it meant to restructure our technology solutions. We have to rethink what prevention may mean at scale, and how you could actually be able to assess the risk of an individual doing so passively, and only introducing some of these more burdensome checks or friction points when absolutely necessary, to validating who they are. Right. And so that that becomes kind of the new discipline, the new art, if you will, that comes with, you know, being able to prove out individuals’ identities. And it’s something that you know, much of what the administration is, you know, starting to call for is understanding. We need to be taking some of these more preventative measures right out of the gate.

Eric White Yeah, I can only identify the pictures with bicycles in them so many times, Jordan, that after a while I get a little flustered. You know, and also, it’s a zero-sum game for the hackers themselves now, right? Because these tools have made it not only cheaper, but, as you mentioned, less costly in time. So even if they’re only able to get a fraction of what they take in a ransomware scheme or something like that, it’s all it’s all profit, right?

Jordan Burris Absolutely. And the interesting piece about them is that they’re, of course, using it to funnel back into their, their criminal enterprises in order to continue to scale their offerings in particular. Right. And no, they’re not doing this alone. They’re sharing insights with each other. Right. They’re discussing what happens and how certain solutions and systems, services that are being delivered, how they’re porous and effectively, how every single person who wants to partake in that type of scheme can actually engage with it in order to intercept benefits in particular. Right? So, they’re highly networked. They’re getting more and more sophisticated over time. To your point, the cost is going down and their ability to execute these attacks. And so more so now than ever, we need to be thinking about what could we be layering upfront in order to basically fight back, right? Fight back with the same tools that are being used to circumvent our existing online services.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories