Unemployment Fraud: A Growing Threat

2020 saw a number of changes in the level and type of fraud attacks. With the continuing stimulus programs in place, we’ve started to see these being targeted by fraudsters. Unfortunately, unemployment insurance has been a new favourite target. It has even been boasted about in rap music videos. In this blog, we’ll give an overview of what unemployment fraud is, trends we’ve seen in the U.S. in the past year, and what FIs can do to mitigate this type of fraud.

States will pay out unemployment insurance benefit payments to those who have lost their jobs. Yet, like anything else, this can be the subject of fraud and can be undermined in multiple ways. This can include synthetic or fictious identities, where a non-existent person makes the claim, as well as ID theft where a fraudster uses a genuine person’s identity to make the fraudulent claim. In the second case, this also has impacts on the genuine party, not just the state making the payments. There is an additional third way, which is a fraudulent claim by the actual person (i.e. they are still working while claiming unemployment), although we won’t focus on that today as it’s far less prevalent.  

Unemployment Fraud: 2020 U.S. Trends

As part of the COVID-19 stimulus response, the Pandemic Unemployment Assistance program was launched. As has been the case with Paycheck Protection Program (PPP) loans, the government wanted to get funds to people quickly to keep the economy moving and ensure people have quick access to funds. This means that checks and validations were not as good as they could have or should have been, which is understandable given the urgency to get people the funds they needed.

Starting in Washington state and soon spreading across the U.S., unemployment fraud became one of the biggest fraud types in 2020. The Inspector General of the Department of Labour told the House sub-Committee on June 2, 2020 that it estimates there has been $26 billion in unemployment fraud. Based on the most recent claim figures, this equates to 17 percent being fraudulent. This might even be higher, given that there could have been lower levels of fraud in Q1 before widespread unemployment fraud kicked off in earnest. This is a staggering amount. 

The process is essentially as follows: a fraudsters applies for an unemployment benefit using a genuine person’s social security number and other relevant information. They will then use a mule account to receive the funds and then move these funds again, potentially multiple times, to help launder the proceeds before the final cash out. In many cases this is helped through real-time payments and digital payment services, rather than just bank accounts.

One key element is that in many of the cases, the address on the bank accounts was in a different state than the state paying the unemployment claim. While this does not mean it’s fraudulent, it is unusual. The money is sent to the mule account by the state and the mule then transfers the funds (or withdraws them) and provides them to the mule herder.

There are a few enablers for this type of fraud. First, there’s the shear level of compromised data out there available for purchase on the dark web. This is not a problem specific to the U.S., but the level of data compromises over recent years is high and continues, whether from poorly maintained servers, malware or insiders. Couple this with the social engineering of firms and consumers and you have a perfect storm. Armed with this data, undertaking identity theft is easy.

It also appears that the systems and processes utilized by some of the states were not really up to the job, given the urgency to process historical high levels of claim volumes in minute time frames. In some instances, the fraud checking that was in place was actually after the payment was made, rather than before. Clearly this then relies on identifying the frauds quickly post-payment and there still being funds to claim back. Given the backlogs…this is unlikely.

Firms should always undertake fraud checks prior to releasing funds, unless the process is very low risk or there is a clear scheme or legal recourse to recover these funds.

Defining Fraud Mules

One of the key elements here is that of mules, as without mule accounts these frauds are difficult to accomplish. So the question that begs to be asked is, what is a mule or mule account? A mule is a person who, via their banking and payments services, receives fraudulent, stolen or illicit funds and moves them on, often for a cut. This is, by definition, money laundering.

The interesting thing about mules is that there are many different types, and many do not understand that they are mules at all. Some will believe they are undertaking a legitimate job or freelance role of ‘money transfer agent.’ Some will know or suspect they are doing something wrong, while others will have been coerced or tricked into doing so. 

The current situation of economic hardship makes it easier to recruit mules. People are more desperate, so they don’t tend to ask questions of others or themselves about prospective ‘jobs’. Additionally, people are willing to take more risks than they otherwise would. Social media has also helped mule recruiters target desperate people.

Surely this is an issue for the state governments and not the banks?

Well, certainly the states lose the money, but as stated above, the funds are transferred to mule accounts and at this point, it’s clear-cut money laundering, which is an issue for FIs. In addition, running accounts for mules costs banks money and these accounts often do not generate any income. So, mules lead to higher costs, higher reputational and regulatory risks for limited to no extra income in the grand scheme of things.

Given the size of the losses that states and the federal government will have to shoulder, it’s likely they will put pressure on FIs for their involvement in the frauds (i.e. what didn’t they do to prevent their accounts and services from being abused and laundering these large sums of money).

Reducing the Level of Unemployment Fraud and Mules: What Can We Do?

While FIs can’t stop the fraudulent applications for unemployment benefits, they can help with identifying the suspicious payments and the mule accounts receiving them. There are some key elements in detecting mules, which generally needs good Customer Life Cycle Risk Management (CLRM) in place.

Specifically, for unemployment fraud there are some key things to look for:

• Difference in state of claim, state where the bank account is held and the claimant state
• Unusually large amounts into accounts over the states’ usual payment maximum
• The names on payments do not match the account holder(s)

Further, we can investigate the payment types in more detail. In house analysis by NICE Actimize suggests the split is something along the lines of 40-50 percent ACH Received Credits, 35-45 percent Prepaid Card Loads and 5-10 percent deposited checks, so unemployment fraud is not just an ACH entry issue.

It’s also key to look at the account and its owner. Analytics can find changes that may indicate this is now a mule account or at a greater risk of becoming one:

• New device that is used on multiple other accounts (mule herder)
• Salary no longer being received (risk of falling for a job scam)
• Income and expenditure don’t meet what was stated at account opening
• Multiple inbound payments (received credits) from different states
• Multiple accounts receiving benefit payments for the same “customer”

Like all benefit frauds, these are not victimless crimes and the sheer level of attack creates its own issues. The states’ offices have backlogs, so genuine claimants must wait for funds to help feed their families, which means either overall taxes or the deficit will have to go up. Genuine parties may also find they have been victims of ID theft, and therefore can’t get the money they are due in a reasonable time frame.

Learn more about payments fraud here in our Business Email Compromise white paper.