fraud

development, fraud, ID management, South Africa, technology, welfare

South Africa: Social grants spokesperson deems biometric technology “a worthy investment”

Analysis: State of the art technology behind SA’s social grants (The New Age)

The latest biometric technology used by the South African Social Security Agency (Sassa) to disburse social grants to about 16 million beneficiaries on a monthly basis is proving to be a worthy investment in making life easier for beneficiaries of social grants.

The number of beneficiaries of social grants in South Africa grew from 2 million in 1994 to about 16 million in February 2013. Of these an estimated 11 million are Child Support Grant beneficiaries.

Since March 2012, Sassa has been engaged in the process of mass enrolment of all beneficiaries using the latest biometric technology. This followed a major announcement by Minister of Social Development Bathabile Dlamini on behalf of the government. The technology includes finger and palm verification as well as voice recognition to ensure that the grant money is paid to the relevant beneficiary at all times.

I didn’t realize that the number of people Sassa has to keep up with had expanded eight-fold in less than twenty years. It’s probably a god idea to automate fraud detection in a disbursements organization that is growing as rapidly as that. Otherwise, it’s hard to see how a fraud detection system that depended upon old-school detective types could keep up. Creating the human capital and cultural climate for their success is a long and expensive process.

fraud, Health Care, identity theft, iris, palm

A look at biometrics and health care fraud

Iris Scans Seen Shrinking $7 Billion Medical Data Breach (Bloomberg)

Iris scanners aren’t just for airport border-control agents and spy movies anymore.

Clinics and hospitals around the world are acquiring technology that identifies people based on physical traits to improve patient safety and stamp out fraud. HCA Holdings Inc. (HCA) hospitals in London, as well as health-care providers across the U.S., are buying so-called biometric technologies.

There’s not an identity management problem hospitals don’t have.

exceptions, finger, fraud, ID, India, UID

India: UID applications without biometrics highly likely fraudulent

Sometimes it seems as though headline writers don’e even bother to read the articles.

India removes 384K Aadhaar biometric IDs (ZDNet) — Properly speaking, they weren’t biometric ID’s because they were created under the “biometric exceptions” provision that allowed for enrollments to be created without an acceptable biometric identifier. That provision was exploited by unscrupulous registrars who created fake enrollments for which they were paid.

The “biometric exception” was created out of necessity to account for those with unreadable fingerprints or for those who lacked fingers or hands altogether, however three quarters of the IDs generated under the biometric exception clause have been found to be fraudulent.

It is also interesting to note that if UID lacked a provision for the collection of a biometric identifier, it is unlikely that the large scale fraud would have been detected at all.

Brazil, fingerprint, fraud, ghost, hack, Health Care, time-and-attendance

Brazilian ghost doctors have rubber fingers

Note: all links in this post go to Portuguese language sources. Translations are a collaboration between Google and me.

My brother in São Paulo tipped me off to a rubber finger scandal in the Greater S.P. health service.

Doctor busted in SP for falsifying colleagues fingerprints with silicone (Floha de S. Paulo – Portuguese)

A doctor was arrested red-handed on Sunday, March 10 for using silicone fingers to fake the fingerprints use to mark the attendance of colleagues. She and the other doctors are employees of Samu Service (Emergency Medical Care) for Ferraz de Vasconcelos, in Greater São Paulo.

According to police, Thauane Nunes Ferreira, 28, registered the attendance of 11 doctors and 20 nurses. She told police she practiced the irregularity because she was coerced by her boss. 

Greater SPDoctors suspected of faking attendance are removed (Floha de S. Paulo – Portuguese)

Six Samu Service (Emergency Medical Care) doctors  in Ferraz de Vasconcelos, Greater São Paulo, paid R$ 4,800 [ed. $2,450 US] to the coordinator of the service in the city, Jorge Luiz Cury, in order to avoid working four 24-hours shifts per month for which they were paid, City Hall says. Police are investigating the case. The city pulled the servers allegedly involved in the fraud.

The day before yesterday [ed. see above], when the scheme was discovered, doctor Thauane Nunes Ferreira, 28, was arrested in the act of using mock fingers with silicone fingerprints to mark the attendance of six colleagues.

Where they have been adopted, biometrics have made ghostbusting easier. In this case, with time-and-attendance biometrics deployed someone had to create and use 31 rubber fingers (pictured at both links above). That draws attention. Without biometrics, scaling up the time-and-attendance fraud while decreasing the risk of detection would have been much easier. If this allegedly corrupt boss was willing to go up to at least 31 rubber fingers, how many paper employees would he have tried?

According to Wikipedia, Ferraz de Vasconcelos, where the fraud took place, is second-poorest of Greater São Paulo’s 39 municipalities. Congratulations to all involved for stopping this instance of the corrupt stealing resources meant to provide health care to people far less fortunate than the doctors and administrators involved.

UPDATE:
[Via] Drudge and the BBC are now on the story. If you didn’t want to wade through the Portuguese pieces linked above, you may be interested in these.

UPDATE II:
Upon closer examination of the the photos of the fake fingers used, another thought comes to mind. It certainly appears as though the fake fingers were created with the participation of their owners, making them evidence for the prosecution that they were complicit in the fraud.  As it is, the fake fingers used in the fraud come from a variety of live finger models. In the two examples pictured below, the one on the left appears to belong to a male and the one on the right appears to belong to a female. If the counterfeiter wasn’t working from live models, there would be no reason to add a fingernail to the back of the fake finger.

Image edited from original photo at Folha de S. Paulo

Had the doctors’ prints been somehow lifted via subterfuge and placed onto a silicone finger without their knowledge, we might expect all of the fake fingers to look very similar as the finger counterfeiter might have used his own finger as a model and simply placed the doctors’ prints on it. Alternatively, as with The Old Gummi Bear Trick, the item bearing the fingerprints needn’t look much like a finger at all.

Without biometrics (and with a more careful set of individuals), it might have been very difficult to prove that the doctors involved weren’t just victims of identity theft by a corrupt official. With the evidence on hand (!) it should be a simple matter to determine if the fake fingers match those of the ghost doctors.

A larger question is whether this story argues for or against the adoption of biometric systems for time-and-attendance. Nobody should claim that biometrics or any other security or ID management measure is perfect and infallible. Nothing is infallible. In this case, however, it appears that having a biometric rather than a paper-based time-and-attendance system increased the costs and complexity of committing the fraud. It made executing its daily function (clocking in) more difficult to do without being noticed. And (at least in this case) it forced those complicit in the scheme to create pretty significant evidence of their involvement.

As a manager or law enforcement official, which case would you rather prosecute: one with rubber fingers or one with only a paper trail?

Note: This post has undergone a few revisions for the purposes of updating the post, correcting typographical or grammatical errors and to add clarity.

crime, driver license, fraud, ID

Real fake ID’s

Facial recognition system leads to thousands of fraud arrests

After kicking off facial recognition technology, the Department of Motor Vehicle says the state was arresting people by the thousands for possible identity fraud. They were even a bit surprised at the number of people trying to cheat the system.

“We’ve arrested 2,500. We’ve taken 5,000 to administrative hearings,” said Owen McShane from the DMV.

Read the whole thing for an education about how lax issuance of legitimate ID documents enables crime.

See also similar items from Washington and Texas.

DNA, fraud, ghost, Norway, welfare

Nomadic Norwegian ghost children!

ID scams may lead to DNA testing (Views and News from Norway)

Calls were being made this week for mandatory DNA-testing of children born at home in Norway, following several welfare fraud cases involving women who claimed benefits for children they never had. More than 70 children have been deleted from the state’s public register (Folkeregister) because they didn’t exist.

Newspaper Aftenposten reported this week that state welfare agency NAV had uncovered the scam carried out by Roma women in Norway. NAV revealed that the children had never been born and that their “parents” had received more than NOK 30 million (USD 5.5 m) in welfare benefits. Some of the children had existed on paper since 1995.

fraud, Indonesia, marriage, polygamy

Biometric ID and polygamy in Indonesia

Rampant polygamy leads to fraudulent e-IDs: Minister (Jakarta Post)

Their attempts to make more than one e-ID, could have been foiled although some of them tried to trick officials by producing different names, signatures, and birthplaces.

“Some tried to change their appearance, by donning fake beards for instance,” Gamawan said.

Some of the applicants, however, simply wanted to test the new system.

Gamawan said that those people were curious about whether the e-ID system was capable of preventing fraudulent practices.

“But they were unable to do so because the online e-ID registration system prevented them from using the same fingerprints more than once,” Gamawan said.

You never know what you’ll find when better ID management techniques are applied.

face, fraud, ghost, Ireland, welfare

Ireland busting welfare ghosts with face recognition

Troubled Facebook software to tackle dole fraud (Irish Examiner)

In its latest effort to weed out welfare cheats, the Department of Social Protection plan to begin using facial-matching software from the beginning of the new year. The software will use photographic identification supplied with all new claims to automatically detect any other claims made by that person.

The technology will also have the ability to compare the supplied image with images stored by other Government bodies such as photos taken for driving licences and passports. The department believes this will help to stamp out dole cheats’ ability to use forged or stolen identities to make multiple claims.

I guess you can tell from the headline that the Examiner doesn’t approve. Nevertheless, facial recognition is a pretty good way to catch some welfare cheats.

If the photos are already available, running them through a facial recognition engine to search for duplicates doesn’t require any new, specialized hardware or add any steps for the people that do the one-on-one work with prospective beneficiaries.

The system Ireland is rolling out is similar ones in use in the United States (i.e. New York) for preventing identity fraud through the issuance of multiple drivers licenses under multiple names to the same person.

fraud, ID, India, UID, welfare

India: UID exposing ghost welfare beneficiaries and what the numbers mean

Aadhar helps weed out fake ration cards in Andhra  (The Indian Express)

Linking the public distribution system to Aadhar has been unearthing a huge number of fake or duplicate ration cards and civil supplies officials are now counting their savings per ration shop. In some Andhra Pradesh districts where enrolment is high, officials have counted savings up to Rs 10-12 crore every month.

“In Hyderabad district we are seeing savings of Rs 40,000 per fair-price shop per month,” says commissioner of civil supplies Harpreet Singh. “In East Godavari, it is Rs 30,000. Since the online centralised data cannot be manipulated at shop level, only the intended beneficiaries are able to take rations. Both the Centre and the state, which give heavy subsidies, are saving.”

I haven’t done this in a while.

Of course, the numbers up there are big and it seems pretty bad but what does it mean?

First the money:
Rs 11 crore = 110,000,000 rupees = USD 2 million  (2,005,424.95 as of today)

Then what the money means in context:
India GDP – per capita (PPP): $3,700 (2011 est.)

Two million dollars represents the annual earnings of 542 average Indians being stolen from the welfare system in just this one type of scheme (fake cards at ration shops) every month in this one district alone.

To compare apples to apples (years to years), that’s the annual productive capacity of 6,504 Indians disappearing into the pockets of fraudsters in a single district every year.

There are 640 districts in India.

documents, face, fraud, New Zealand, passport

New Zealand investigates passport fraud with facial recognition

Checks reveal 65 false passports (The New Zealand Herald)

Of the 65 suspected false passports discovered by the DIA, 30 cases have been sent to the police national headquarters.

Of those, 21 were referred to relevant police districts for follow up. Five have been convicted, three are before the courts, two have been filed and 11 remain under investigation.

In the five cases prosecuted, eight people were convicted on a range of charges, with sentences ranging from conviction and discharge up to several months’ home detention.

When it comes to faking their passports, Kiwis don’t play.

development, fraud, India, time-and-attendance, welfare

India: Biometric machine for a better welfare system

This ‘speaking’ machine can curb misuse of ration (The Hindu)

Unlike smart cards, which can be pledged or could be handed over to another to get the benefits, biometric system prevents the misuse of ration card. Also, only genuine below poverty line card holder approaches the PDS shop as the well-to-do persons, who hitherto used to send their representatives/ agents to buy the products, hesitate to personally visit the shop, Mr. Gowda said.

This machine can help overcome the economic disadvantages of illiteracy collect better data on food disbursements, reduce the black market in welfare benefits, and can reduce the welfare benefits that accrue to those who do not qualify for particular programs.

But it’s not just the machine. There seems to be a system behind the hardware that can monitor the whole program in near real time.

Pretty cool deployment. I hope it works out.

This one reminds me of a system we developed to monitor teacher time-and-attendance for an aid project in West Africa.

AFIS, audit, database, DHS, fraud, ID, US

Biometrics Uncover 825,000 ID Inconsistencies in DHS Database

Fingerprint Records Reveal 825,000 Immigrants With Multiple Names (Mashable)

Many of the situations involved women who legally altered their names. “We found that nearly 400,000 records for women have different last names for the same first name, date of birth and [fingerprint identification number],” he wrote. “These instances are likely women who changed their names after a marriage.”

During the study, auditors examined records covering 1998 through 2011.

Most of the time, US-VISIT personnel try to resolve cases in which people who appear to be one and the same have different information listed in records, the auditors found. The researchers are not specifically targeting scams, Deffer explained. Accidental typos, the fact that various immigration-related agencies use incompatible data formats and other keying mistakes are factors they look for when probing mismatches. During the course of typical procedures, US-VISIT has picked up on only two instances of fraud, agency officials reported to the IG.

The enormity of the conflicting data, however, may obscure actual fraud. “These inconsistencies can make it difficult to distinguish between data entry errors and individuals potentially committing identity fraud,” he wrote.

As they grow and age databases can get really junked-up. Biometrics, in this case fingerprint biometrics, can be extremely helpful in maintaining their integrity. The database involved here is the on maintained by the US Department of Homeland Security US-VISIT program. It contains (wait for it) information, including a fingerprint, on all visitors to the US. The fingerprint has been the linchpin of the audit that discovered 825,000 database errors because it is the only  piece of truly unique and durable, personal information stored.

Before automated fingerprint ID systems (AFIS), combinations of data were used to reduce ID error rates to some reasonable approximation of zero. While names, birth dates, and other descriptors aren’t unique, multiplying them together works pretty well for a while. Working against this system are legal name changes and human typographical errors in data entry which have the database effect of creating a whole new person,  which runs counter to the reasons for keeping such a database in the first place.

See Biometric “Fix” Identity which takes on this issue from the angle of intentional fraud.

ARMM, elections, fraud, management, Philippines, Sierra Leone, voter

ARMM, Philippines: Lack of Legal Framework Undermines Biometric Voter Exercise

Doubts raised ARMM can purge voters’ list (Yahoo – Philippines)

In another case of how good management and good technology need to be in the same place at the same time in order to make a real difference, an apparent legal oversight means that the process of disqualifying fraudulent voter registrations in the Autonomous Region for Muslim Mindanao is to be so time consuming that it may be impossible to complete before the scheduled elections.

As far as I can tell, the laws governing the biometric voter registration in the ARMM don’t make any provision for rejecting multiple registrations. There also isn’t any mention of it being against the law to register multiple times. Given its electoral history it’s difficult to assume that local authorities can have been surprised by any of this.

The situation in the Autonomous Region for Muslim Mindanao stands in stark contrast to Sierra Leone. See Woman Sentenced for Double Voter Registration.

border, documents, fraud, passport, UK

Technology Helps Reduce Number of Fake UK Passports

Fewer fake passports being found by UK’s border force (BBC)

The number of forged passports detected at ports and airports across the UK has almost halved in the past five years.

A Freedom of Information request by the BBC showed that border officials spotted 1,858 forgeries last year compared to 3,300 in 2007.

The UK’s border force said this was partly down to improved security measures and fraud checks.

Those improved security measures now include more sophisticated technology such as biometrics. Of course, there are some who assert that fewer detections result from less looking but professional security outfits usually know their business better than that.

Detections dropped 44%. Does anyone assert that they did 44% less looking? Of course not.

fraud, government, ID, ID management, law enforcement

ID Isn’t Perfect. How Perfect Can (or Should) It Be?

One in Six Sex Offenders Lives Digital Double Life (KCEN-TV)

Still, she said it’s important that states move to biometric identifiers, such as fingerprints, to maintain more accurate records of offenders and their whereabouts.

“Criminals are constantly thinking of ways to beat the system,” she said. “The system is never going to be perfect.”

Rebovich is hoping the study will spur new methods for checking up on sex offenders, including techniques that would seem familiar to those who work in financial fraud. In a model developed by Utica and ID Analytics, offenders could be given a score, similar to a credit score, which would rate the likelihood that identity manipulation was occurring.

The article covers a lot more ground than it is fair to copy and paste. It also begs important questions.

Given that ID management perfection isn’t an option, what approximation of perfection is desirable?
What costs are worth bearing?

The Utica College Center for Identity Management and Information Protection is to be commended for their work.

If you’re here, you’ll probably want to read the whole thing.

See also:
Utica College Center for Identity Management and Information Protection
and Biometrics “Fix” Identity – Even if there is fraud in the identification process, biometrics can be used to fix a single identity upon an individual.

Arkansas, education, face, fraud, Mississippi, modality, schools, Tennessee, US, voice

US: Biometrics (Voice) to be Applied in the Wake of Teacher Certification Scam

Details of teacher certification scam uncovered (WMC-TV 5 Memphis, TN)

Ewing confirms one of his workers spotted odd behavior that triggered a 45-count indictment against Clarence Mumford and the de-certification of more than 50 teachers in Arkansas, Mississippi and Tennessee.

“The people who serve as our test center supervisors, monitors, and room proctors are our first defense against such things,” Ewing explained.

According to court documents, Mumford hired four co-conspirators to assume the identities of teachers and aspiring teachers who could not pass the PRAXIS teacher certification test.

A PRAXIS worker noticed one person taking the same test several times in one day.

But technology may be the reason it went undetected 15 years.

Investigators say Mumford manufactured fake drivers licenses with his test takers photos and the aspiring teachers’ information.

Ewing says the vast majority of teachers who take the tests are honest, but changes are in store, including biometric voice scanning.

How voice enrollments and matching will work isn’t spelled out. I would have thought that since ID photos were the problem, facial recognition might have helped. I mean, you have one guy with one face who took, and passed, the test like fifty times!

Action News 5 – Memphis, Tennessee

crime, database, documents, fraud, ID, interoperability

Biometrics “Fix” Identity

Even if there is fraud in the identification process, biometrics can be used to fix a single identity upon an individual.

An article in today’s Canberra Times about people smuggling brings home the point.

Despite some unauthorised arrivals’ lack of documents, biometric capability is critical. In a few cases, unauthorised boat arrivals will be identified from international databases, particularly through fingerprints. Even if people cannot be identified, the collection of biometric data on arrival provides a basis for anchoring the identity of an unauthorised arrival, so that the Australian community can be confident it is dealing with one person and that further identity-shifting is difficult. It also leaves open the possibility of identification in the future. [Emphasis mine]

One classic use of identity fraud among professional criminals is the use of multiple ID’s so as to keep a clean identity and a dirty identity. If possible, all the documents involved are “real” in that even the ID card related to the fabricated identity is issued by the legitimate authority.

When the the professional criminal with his family in the car is pulled over for running a stop sign in his neighborhood by a police man who goes to the same church, he presents his “real” ID. When he’s picked up in the course of his job, say 1,500 miles away, with a trunk full of weapons and narcotics, he gives the police the ID containing bogus information.

The arresting officers call the ID authority who created the false ID card. Sure enough, he’s in the database. No criminal record. Light sentence for a first offence and he can still go back to his life, get another ID, and go back to work, too.

The same pattern works well with fraud.

Pretty simple, right?

Well, yes — until biometrics.

Once ID issuing authorities institute biometric checks before issuing new ID documents, even a person who lies on their original ID application is stuck with only the one ID.* Further attempts to obtain additional ID’s can be detected and investigated. Later claims of a false identity (or lost ID) can be unraveled.

This is something that might have given pause to the person who supplied Mr. Coriander with fingerprints. If he thought the only time those fingerprints could be used for a UID number, he might not have found the joke as funny.

*This applies to discrete ID management system. If ID databases aren’t linked, it may be possible to maintain different identities in different databases.

counterfeit, fraud, passport, Taiwan, travel

Around 10 Taiwanese Passports Forged Annually

Foreign ministry calls attention to forged Taiwanese passports (Taiwan News)

Taiwan’s Ministry of Foreign Affairs drew attention Thursday to recent cases of foreign nationals attempting to enter Europe on forged Taiwanese passports. Most of the cases involved authentic Taiwanese biometric passports that had either the photograph or the chip containing personal information replaced, said James Lee, director-general of the ministry’s Department of European Affairs.

In the current state of affairs of biometric passports, everything is riding on the integrity of the chip.