John Lyons is an associate at AlterNation LLC a consulting firm specializing in making neighborhoods more safe (SafeGrowth), and terror/other crime threat risk assessment to critical infrastructure. Both services are based in science.
Science predicts diagnosing and billing providers in health care payment systems will cheat. If they think others are cheating, their cheating will go up. With automated systems, people cheat more. This is an inside-the-system problem. It is parasitic in nature, exploiting the trust required to make health care systems function. It doesn’t always meet the tests for fraud or corruption and mindlessly pursuing and investigations and prosecution route as the panacea of controls can destroy relationships with the very people who are the eyes and ears of misuse and abuse throughout the health care system.
Cheating should be a surprise to no one. Biologists and zoologists discover that everything in nature cheats a little bit, from bacteria in a petri dish to humans. To believe humans have free will to refrain from “cheating a little bit” is to defy science. It is less a question of if, than a question to what acceptable degree? Sometimes cheating a little bit is the gateway to more serious abuses. And, if you don’t treat people with empathy, dignity and respect, it is akin to pouring gasoline on a fire.
How do we know this?
Stanford’s, Robert Sapolsky, introduces evolutionary biology at levels we non-scientist, prevention types can begin to understand. Sapolsky’s message destroys the classical economics myth of man as a rational actor, always acting in his their own self interest, a mindset at the base of most controls systems. It no longer passes muster for anyone serious about controlling inside-the-system cheating.
Controlling inside-the-system cheating behaviour is complicated. One strategy applies the lessons of behavioural economics to nudge the right behaviours. The strategy introduced in this post is to understand and apply science on human behaviour to policies, business and monitoring systems.
I think it begins by developing a feel for one of three evolutionary building blocks of human behaviour: reciprocal cooperation (altruism). All living organisms forgo aggression at some point when cooperation produces more optimum results. In this situation each organism has the potential to harm one of the others but doesn’t do so because the overall impact of those actions would hurt the original organism.
Robert Axelrod used computers for game theory to explore reciprocal cooperation. Biologists and zoologists have affirmed the game theory models through observation in the natural world. Perhaps it is time to apply science to policy, guidelines, detection and harms reduction measures.
Julia Shaw is German/Canadian who received her PhD in Psychology from the University of British Columbia. Yea Julia – Go Thunderbirds!
Her concentration includes false memories. Dr. Shaw’s research includes how some law enforcement interviewing “tactics” derived from psuedoscience may lead people to recalling crimes that did not occur. She is a contributor to Scientific American and gives public lectures on psychology and memory. In 2016 she created a PBSNova documentary, “Memory Hackers”.
Dr. Shaw recently published an article in Psychology Today, “Why Some People Are Still Not Staying and Home”, in response to people not adhering to public health recommendations to maintain social distancing. The article points to the seemingly irrational actions of some during the COVID-19 crises and others reaction to it.
It is a valuable read.
The observations and insights in Dr. Shaw’s article carry beyond the COVID-19 crises. The article explains what can happen among citizens in times of fear and uncertainty as people interpret the actions of others. If we accidentally trust a person who is ill, we are playing with death. Dr. Shaw writes that the brain innately errs on the side of caution as means to survive. In the context of a pandemic, caution assumes that people are dangerous and selfish.
We scratch our heads and have an opinion, when we see people on the beaches in Florida ignoring the advice of scientists. Dr. Shaw points to Paul W. Andrew’s paper, in which he describes one of many heuristics biases, the “fundamental attribution error” (FAE).
In these times of fear and uncertainty, people often do two things:
Assume the worst in others
The discovery of heuristics biases, such as the fundamental attribution error, lends a lot more understanding to a host of mental shortcuts the brain takes. Some scientists posit these shortcuts evolved to save energy when the deliberate/effortful system of language, math and problem solving is activated. It is an energy hog.
Bruce Schneier is a security savant – at least in my opinion – who puts deep though into security and people. He has been writing a monthly security newsletter 1998, and has maintained a highly informative blog since 1998. He is the author of many books, ranging from cryptography engineering, to exploring trust and cooperation as the glue that holds societies together.
Mr. Schneier recently wrote a post on a move to ban facial recognition cameras and software in public places. He reflects on this and frames it withing the context of whole of modern surveillance in its many forms and aggregations to treat people differently.
Schneier’s thoughts are posted in their entirety. It is too comprehensive to summarized. Most directly related my interests at the ATRiM Group, is how significantly aggregation and brokerage of information increases the risks to critical infrastructure from dependency on identification and other documents to make business decisions. I think massive aggregation of data, the theft and brokerage of this information, and urbanization resulting in doing business with people we don’t personally know has created the perfect storm for predators.
Concerns about false personation and synthetic identity fraud range from security guards screening for physical access to nuclear facilities, to financial services companies opening new accounts and processing mortgage applications, to the issuing of health identification tokens which provide unlimited access to public health care:
In 2016 Canada spent 10.53 % of GDP on health care benefits and services. The United States spent 17.07% of GDP. Health care spending in Canada and the United States is ten times that of national defense. You might say, it is the largest cash dispensing sector of government. Health care is critical infrastructure (CI). It is an extraordinarily complex system with a large number of sub-parts (ecosystems). These sub-parts can be broken down to even smaller units.
In Chronic Condition: What Canada’s Health Care System Needs to Be Dragged Into the 21st Century, Jeffrey Simpson explored the options with a growing problem we have to grapple with, including cuts in non-health-care spending, tax increases, various types of privatization, and finding savings within health care itself.
Similarly, Canada’s efforts at controlling abuse and predatory fraud lag well behind contemporaries in other single payer systems in Europe and the United States. As a smaller part of the entire system explored by Simpson, the next generation of abuse and fraud controls does not have to limit itself to reductionist thinking. It will deep dive into the inter-relatedness between parts. It can learn from the lessons of the Cory Commission in Ontario to clearly separate the culture, language and practice of billing integrity and abuse controls from going after predatory fraud by enterprise criminals and gangs.
Efficient delivery of health care systems is built on a trust that diagnosing physicians and other health services providers will do the right thing. It is hard to imagine a system working in any other way. Within this context, controlling billing behavior is foremost a people challenge.
A new generation of controls considers innate behavioral traits, the role of affect (emotions) in judgment and decision making, and environmental conditions inducing unwanted behaviors. We know from science that everything in nature cheats a little bit to gain competitive advantage. When people think others are cheating, their cheating goes up. When people are reminded of their morality close to the time of the temptation, cheating goes down. Outlier (egregious – above the norms) cheating must be rationalized (the making of excuses), when mostly honest people are tempted to do bad things. The farther away from direct face to face exchange of cash, the easier it is for people to cheat (Ariely: Duke University). Finally, negative environmental conditions such as exhaustion, frustration, negative attitude and financial troubles can break down resistance to temptation.
Automated billing systems are efficient. But, they are mostly designed without considering unintended consequences. In absence of hard work to maintain mutual respect, communicating trust and introducing mindful billing integrity strategies, online billing systems are the perfect storm for bad behavior.
Predatory fraud is a horse of a different color. It requires a different approach than “inside the system” billing integrity. It is where the Rubicon is crossed to cold, calculated choices to attack health care payment systems for financial gain. These attacks are in two categories: “outside the system” and “inside the system”. They are in some cases separate, but can be inter-related.
Tough minded rhetoric and action on fraud , if not properly defined and managed, is counter-productive to building inside the system relationships and trust with physicians and other providers diagnosing and delivering health care. These are the people who witness misuse throughout the entire system, and whose cooperation is necessary – from fraudulent medical equipment invoices, to “pill mill” services and assistive devices/home oxygen, to rehabilitation services and hospitals. Secondly, there is little evidence to support draconian enforcement measures as effective stand-alone deterrents to abuse and fraud.
A Formula for Effective Controls
Think of your organization as a complex system, made up of many inter-related parts. A change to one part may have unintended consequences on another. Secondly, align subject matter expertise into billing integrity and internal investigations/counter-fraud groups as separate entities, both in reality and publicly perceived:
Inside the System Controls: Behavioral Insights teams nudge desired behaviors. Environmental threat risk assessment identifies conditions which provide rationalizations (excuses) for cheating when people are tempted to do bad things, and others which push away the “eyes and ears”- these trusted providers – from cooperation om reducing misuse throughout the health care system. Billing integrity employees are the nice folks. Their role is to bring clarity to the billing processes, to make things as least complicated as possible, and to help trusted billing providers stay out of trouble. In some cases it may involve civil recoveries from unwillingness to cooperate. If, in the course of meeting these responsibilities, egregious abuse is suspected, it is elevated for internal inquires by an “arms length” body. It is suggested that the term “investigator” be limited to those who apply the extraordinary powers of search and seizure under acts and regulations.
Outside the System Controls: Countering fraud on the other hand is a nasty business. Data science teams design place/time sensitive algorithms for early detection of hot spots (geographic) and patterns (situational) that point to egregious behavior. Investigation determines if concerns meet the test of civil tort and/or criminal behavior. Situational crime prevention teams identify the egregious abuse/fraud attractors contributing to hot spots and patterns. They partner with billing integrity and other stakeholders to implement egregious abuse and fraud harms controls, often with multiple interventions to reduce the activity. Prosecution and civil recoveries are just some of the interventions applied to reducing outlier behaviors. As a result of this experience, fraud-specific ‘red flags’ are referred back to the billing integrity group for inclusion in their monitoring algorithms.
A final thought. Hyperbole from attitudinal surveys about the level of egregious abuse and fraud is on wobbly legs. Decision makers used to making business decisions based on numbers ‘feel’ in-authenticity. Abuse and predatory fraud controls system should be based on quantification consistent with science, and implemented in a way that makes sound business sense, rather than for security theater.
My recommendation to start is sound policy and guidelines combined with a learn by doing culture – “eating the elephant a bite at a time” – in a situational health care fraud prevention approach that documents situation specific problems, undertakes initiatives and quantifies results of projects in a way that financially justifies resources for tackling abuse and fraud.
Note: An inaugural health care specific Situational Problem Solving Guides and a Situational Health Care Fraud Prevention Matrix with harms reduction strategies in five categories has been developed based on best known situational crime prevention practice. The model is a problem-solving approach for the health care sector detailed in Part 4 of Malcolm Sparrow’s book: “A License to Steal: How fraud bleeds America’s health care system” . Dr. Sparrow is a professor at at the J.F. Kennedy School of Government, Harvard University.
This article posits a dynamic approach to security for critical infrastructure (CI). It adheres to recent science, pressing the edges on how we think about security.
Critical infrastructures are ‘complex systems’. The human threats to CI manifest in two broad categories. Exogenous [outside the system] threats include acts of terror and other crime attacks by predators. Endogenous [inside the system] threats include technical vulnerabilities arising from human error, occupational fraud, internal theft, corruption, workplace sabotage and workplace violence.
These two broad areas can be inter-related as is the case with corruption.
About Complex Systems
“All complex systems, whether they are biological ecosystems like the human body, natural ecosystems like a rain forest, social ecosystems like an open-air market, or socio-technical ecosystems like the global financial system, or the Internet are deeply interlinked. Individual units within these ecosystems are interdependent, each doing its part and relying on the other units to do their part as well. This is neither rare nor difficult, and complex ecosystems abound.
Bruce Schneier, Liars and Outliers (2012)
Transformative Security Practice
“Transformative security practice” (TSP) is new language for defining transformation of security to ‘learning cultures’ (Ref: Senge, Peter. The Fifth Discipline: The art and practice of the learning organization. 1994).
A security learning culture is generative. It is a shift of mindset from ‘business as usual’ to one of wonder, discovery and continuous improvement. It is a new way to think about how organizations perceive and practice security. It is adaptive, putting technology in the hands of the right people, doing the right things, at the right time.
TSP challenges security to move beyond the limitations of reductionist (cause and effect) solutions. It accepts and embraces chaos that comes with humanity. It applies ‘system’s thinking‘ to explore the inter-relatedness between parts in the organization, and how changes to these parts influence the whole.
With TSP, we learn how to motivate employees in playing a vital role in security as primary over technology. We recognize the influence and impact of beliefs, mental models, heuristics bias (mental shortcuts) and affect (emotions) on security.
A Generative Approach to Security
Security is dealing with new realities including acts of terror, transnational enterprise crime, and a post-industrial age uncertainty that is increasing stress and anxiety in the work force predicted in 1970 (Toffler, A., Future Shock).
TSP takes a behavioral and prevention science approach to security. In factors both the feelings of security and the reality of security (Schneier: Psychology of Security). TSP applies science from multiple disciplines including psychology, neuroscience, social physics, behavioral economics and evolutionary biology to mention a few.
Finally, there are three specific attributes identified for bringing about enduring change:
new skills and capabilities
new awareness and sensibilities, and
new attitudes and beliefs.
TSP promotes deep cycle learning. It encourages lateral thinking to resolve security problems. It centers around Senge’s five disciplines for creating a security learning culture : i) personal mastery, ii) mental models, iii) shared vision, iv) team learning, and v) systems thinking delivered in practitioner-based, problem-solving ways.
The property and casualty insurance industry experiences staged accident injury claims by local gangs. At the zenith, transnational organized crime bilks payment systems at more complex levels. In both cases it can involve physicians in public plans receiving kickbacks for diagnoses leading to the bilking of private insurance plans.
In a case study, Ontario privacy legislation was reviewed for conditions and limitations on public and private health care exchanges of personal information for cooperating in investigations.
The Ontario Personal Health Information Act, 2004 defers to the Ontario Freedom of Information and Protection of Privacy Act (FIPPA) for these conditions. FIPPA does not prohibit inter-agency sharing of personal information for investigative purposes. What it does do, is provide for how this information is to be shared.
Part III, Section 42 of FIPPA states: “An institution shall not disclose personal information in its custody or under its control, then details exceptions.
These exceptions allow institutions to disclose personal information to a law enforcement agency, if: the disclosure is to i) aid in an investigation undertaken by the institution, or an agency, with a view to a law enforcement proceeding, or (ii) there is a reasonable basis to believe that an offence may have been committed and the disclosure is to enable the institution or the agency to determine whether to conduct such an investigation.
The challenge in combating organized crime activity occurs when private insurers generally report potential crimes to the municipal police department where the offences have occurred, resulting in severe limitations on getting at organized crime groups. They are not concerned about their soldiers being arrested, convicted and incarcerated. There are always more soldiers.
One way to coordinate public/private sector effort is through a centralized strategic and tactical health crimes analysis body coordinating and launching multi-agency intelligence probes and investigations. The public police can use the extraordinary powers of search and seizure for conducting complex investigations and obtaining additional information, including public and private insurers, police and other sources.
A precedent for an integrated health agency/police cooperation approach has already been established in Ontario. During the Harris administration, the Ministry of Health and Long-Term Care disbanded its internal investigations unit and contracted with the Ontario Provincial Police, Anti-Rackets Branch to conduct criminal and regulatory investigations on behalf of the Ministry.
What would preclude private insurers co-contracting with the Ontario Provincial Police, Anti-Rackets Branch to provide the public and private health care insurers with a strategic and tactical crimes analytical service? When recognizing an organized crime/gang pattern, an “Anti-Rackets tactical intelligence and investigations team picks up responsibility for coordination investigations. An alternative for strategic intelligence option might be Criminal Intelligence Services Ontario.
The unanswered question is whether the Ontario government and private insurers have the appetite to go after transnational organized crime and regional gang activity gaming the public and private health care plans.
Uniform public are among the first to arrive at the scene of social disturbances, violent crimes and catastrophic events. They must make time-sensitive judgments on their personal and the public’s safety, sometimes in fraction of a second, without the benefit of conversation.
Mood influences perception of events. Like everyone, the uniform police officer’s brain is processing sensory information below conscious awareness. The brain draws on beliefs, mental models and prior emotions-laden memories to make immediate sense of the world.
Add another complexity to the uniform police officer’s job. They must control their emotions, even in trauma inducing situations, all while rational thought of the people they are engaging has been high-jacked by emotions. There aren’t many movie stereotype police out there…always rational hero’s. In high risk situations they face the a Perfect Storm…emotions dealing with emotions.
How well a uniform officer manages their emotions. How self-aware of and control their mood. How self-aware they are and working on their implicit biases, has profound implications on public safety, problem solving, and the information gathered (sensory and words) has implications on decisions by the courts at civil and criminal proceedings.
Most police services spend 75 – 80% of their budget on people. If one owns a manufacturing plant and this amount of capital is in equipment, would you be taking care of this equipment?
Selecting officers for their emotional intelligence (EI) qualities, helping them determine there strengths and weaknesses in six identified emotional styles, and implementing training on EI practice, serves not only communities well, but also the quality of life for the officer and their families.
The media abounds with stories about the theft and unlawful use of personal identifiers. The question from a security perspective is why this is such a problem? The answer is simple enough. Committing crimes with someone else’s personal identifiers is are easy to do, the rewards are high in relation to the risks, and the certainty of getting caught in the act is low.
Digging deeper, governments implement policy and guidelines believing they are making the system more secure from personation and identity fraud. The question is rarely asked if protocols actually work in high reward for the risk situations. It is always easy to catch the low hanging fruit and too easy to assume that this activity is proof the system is keeping out really bad actors.
What screening processes successfully do is put people to more effort in obtaining government identification. This may reduce some threats where the potential reward is not worth the effort, or the potential attacker doesn’t have the understanding or resources. This is not the case with terrorist cells and organized criminal predators. There are other high stakes environments, such as someone in desperate need of medical treatment.
Every government issuer of identification makes security trade-offs. They balance a tension between increasing diligence, the costs and the delivery of customer-centered services. No voter wants to go to extraordinary effort or personal inconvenience to obtain a government identification.
The root of most government identification is a proof of status record. By far and away the the largest number of proof-of-status records are registrations of birth – inside the country and registrations of births of the offspring of citizens born outside the country. There is no biometrics physically captured at birth, linking the individual to the birth record. Birth certificates falling into the wrong hands are the keys to the insidious identification kingdom.
Government issuers of passports and a wide variety of other identification tokens, such as driver’s licences and social insurance numbers, request the applicant present a “proof of status” document. Some government agencies conduct data exchanges with the record holder. This process does not “authenticate” or “verify” a proof of status document. The data exchange affirms that there is a record retained by the issuer with similar personal identifiers and registration numbers provided. The identification handler doesn’t know if they are dealing with a fraudulent acquired or forged document. They would no know if it is a stolen/loaned document in the wrong hands. Because births and deaths are not registered nationally, the system is the most vulnerable to false personaton where there is a birth in one jurisdiction and a death in another.
Immigration proof of status identification these days, for the most part, incorporate a secured photo image. The challenge here from tests; humans don’t do much better than pure chance at making a positive association, and no-more-so than when there are changes of appearance (glasses, beards, hair styles etc.). There is even less success when the presenter is from a different race.
When asking for proof the residency, know what you are getting. These documents do not affirm residency. At best they affirm where mail is delivered. No one has physically checked to see if people live where they say they live. There are lots of examples when people maintain an address in one place and live somewhere else to qualify for something they are not entitled to.
Finally, sworn affidavits have their place. They don’t mean the information sworn by affidavit is true, only the that information is sworn to be true. It may have a preventative quality when the person swearing the affidavit is aware of the criminal implications from perjury.
If your organization does name checks against police records, be aware of the security trade-offs made.
Police forces conduct name checks against police records as a paid public service. Names, dates of birth and sex are compared against local records, the records of other police services where former addresses in these jurisdictions are provided, and the personal identifiers attached to the national criminal history files retained federally.
When you receive the results from the police check indicating there is no record, bear in mind of what you are actually being informed: The person is not know to police under the identify particulars provided. Nothing more.
If you work with youths and strive to mitigate potential threats posed by pedophiles, you must be aware of what a name record check is not telling you. The same with an employer conducting a hiring interview, or anyone else screening people for previous criminal activity.
A police name check does not affirm the applicant wasn’t investigated, arrested, convicted or otherwise came to the attention of police under a different identity. Even then, methinks only the dullest of applicants known to police in another jurisdiction will disclose former addresses in these jurisdictions. Add to this, some police forces no longer require people apply in person. They can do so electronically, which increases the threat. It his harder to lie and cheat while face to face.
Failing to recognize security trade-offs and complacency are the real threats. Nothing replaces vigilance – “eyes on the street” – whether observant parents, coaches and trainers in sports organizations, neighbors watching each other’s back yard, or employees reporting when they have concerns about a colleague. To do otherwise makes us less secure.
Most people are who they say they are. Just ask them and they will tell you.
The real question for critical infrastructure is whether demanding a driver’s license to determine if someone is who they say they are makes the organization more safe from terrorists and intelligent criminal predators?
The driver’s licence is an identity token. Its primary purpose is to affirm the bearer is granted the privilege to operate a motor vehicle. If someone claims to be Mickey Mouse, lives where they say the live, and pays any accrued fines and renews the licence in accordance with the rules, the driver’s licence identification token has served it’s original purpose.
A driver’s licence (DL) my be sufficient for some sectors, especially where the consequences of a security breach are not potentially catastrophic. This is not the case for critical infrastructure. This was precisely the case with the 911 attacks on the World Trade Center and the Pentagon.
Reaction in US to 911 was to create REAL ID of 2005 to elevate the state-issued driver’s licenses to a de facto national ID card. Security guru Bruce Schneier writes this is a lousy security trade-off. Accepting a driver’s license as proof someone is who they say they are, is to accept the Department of Motor Vehicle’s Branch front line clerks – in customer service environments – are not being duped with fraudulently acquired, counterfeit, forged, stolen or shared proof of status documents. In 2008 United States General Accounting Office auditors where not reject once presenting counterfeit proof of status documents and out-of-state driver’s licences.
This is not to mention incidents of corruption of front line employees and their supervisors, who don’t have all that much a stake when tempted to do bad things. Here are some examples:
A Chattanooga grand jury returned a two count indictment against a State of Tennessee Department of Motor Vehicles employee for conspiring to unlawfully issue driver’s licenses.
Police arrested at least seven employees at the state license bureau in Delray Beach. They accepted bribes in exchange for putting drivers licenses in the hands of more than 1,500 persons who shouldn’t have them
A Texas Department of Public Safety employee is arrested in Houston as the result of an undercover sting operation for taking bribes and issuing driver’s licenses
A formerConcord, New Hampshire Department of Motor Vehicles employee plead guilty to taking bribes.This employee is alleged to have exchanged up to 70 driver’s licenses for $500, without asking for proper documentation
A former Stevens Point, Wisconsin DMV employee was indicted for erroneously issuing driver’s licenses to about 70 people. The employee allegedly accepted bribes in exchange for inputting false information into the DMV’s computer system
The driver’s licence is, none-the-less, a valuable tool for critical infrastructure in a secondary role. Interviewee’s presenting DL’s should be able to volunteer information consistent with the transactions recorded in the driver’s license abstract retained by the DL issuer.
Since the mid 1990s much media attention is drawn to “identity theft” and what consumers can do to prevent victimization. It is rare that a clear distinction is drawn between theft (the supply) and unlawful use (the demand) for personal information. A lack of clarity at times creates confusion and underachieving counter strategies. Although the problems intersect, the prevention strategies for each are not the same and, generally, the responsibilities for reducing the threats of each fall to different people.
What we do know: As long as the effort is worth the potential gain, and the malfeasors don’t feel vigilance or certainty of getting caught in the act each and every time the attack, this problem is unlikely to go away.
Police learn the folly of perfunctory acceptance of identification at face value early in their career. They experience firsthand the difficulty of detecting the new generation of counterfeit documents. They frequently encounter fraudulently obtained government identification. They routinely seize stolen and false documents during money laundering, drug trafficking, human trafficking, stock market manipulation, mortgage fraud and transnational organized crime investigations. They discover those avoiding detection or arrest don’t reside at the address on their driver’s license. Try arresting someone from a photograph and it doesn’t take long to realize how difficult it can be to make a positive association – much less a small image on an identification card. People routinely doing photo to bearer comparisons intuitively get this. Maybe this is why you don’t feel vigilance at the ticket agent counter or security when boarding an aircraft.
Finally, experienced police don’t focus on the ID. They focus on the presenter. They begin every interview with total belief in what they are being told. They know that their person of interest’s reality – whether to be truthful or deceptive – is found in the context of the language they speak in response to questions. Police will also watch for changes in nonverbal behavior. They trust their training, experience and instincts when something doesn’t make sense, or doesn’t feel quite right. Then they drill down to verify or refute concerns they might have.
This article for critical infrastructure risk managers, prevention and security specialists offers some key threats to think about in the design of identification harms prevention, with some suggestions for upping your identification security game.
Rule # 1: Don’t get trapped by security hyperbole
Be mindful that:
Secure document manufacturers routinely upgrade security features in identification blanks. These blanks are enhanced with tamper-proof features added when they are validated with personal identifiers and registration numbers. Yet, even document examiners struggle to detect a new generation of counterfeits at first blush. They often have to use advanced technical aids
Thanks to the internet, unlawfully acquired legitimate personal identifiers and social security numbers are hacked, purchased and resold on an international scale. They are added to the counterfeit blanks. The result, know data verification checks don’t “authenticate” the document as some posit. What they do is affirm the issuer has a record, based on the information provided. Nothing more.
Some identification issuers are either unaware or misspeak about the residual threats posed by the security trade-offs they make. Therefore, good security from dependency on identification must be layered to avoid a single point of failure
Proof of address documentation doesn’t affirm someone resides at an address. Nobody physically checks. At best you know where the presenter receives some mail
People swearing under oath to something being true doesn’t make it true, only that they are swearing it to be true
Scientific studies show people aren’t much better than pure chance at positively associating a photo ID with the document bearer than they seen physically in the past, and even worse if the person is from a different race
Outlier attacks on privileges (i.e. driver’s license), benefits (i.e. medical care) and services (i.e. mortgages) are insidious. They can go on for months and even years without being detected
Rule # 2: Know what each type of identification is telling you and, more importantly, what it isn’t telling you.
In deciding which forms of identification to request, consider three characteristics which form a human identity (attributed, biographical, bio-metrical). Know what each tells you:
Identification documents (ID) point you to a record of personal identifiers retained by government as proof of status in the country of issue. This is the bed rock of any identification management system.
There are two categories of attributed identity.
Status by “right of birth”: Records retained regionally on persons born inside the country, or federally retained records of children born to citizens outside the country. In most jurisdictions these birth records include a long form containing additional legislated information for registering a birth. These records are not linked inter-provincially (Cda) or inter-state (US).
Status by “law or privilege”: Immigration and citizenship records retained by the federal government in Canada and the U.S. Today’s immigration and citizenship records include a biometric (i.e. photograph, fingerprints).
You should be able to trace every other legitimate government form of identification back to a record of status. These include travel documents issued by national governments and some United Nations designated agencies, and identification tokens (i.e. driver’s license, medical health card, social security number).
Accepting travel documents and identification tokens as proof someone is who they say they means accepting the security trade-offs made by the issuer. This may be an appropriate risk to accept in some case such as consumer fraud, but more risky when a security compromise might have catastrophic consequences (i.e. terrorist/anarchist access to transportation, water treatment plants, nuclear facilities etc).
A biographical identity is a transaction-based record accumulating over time. It is the details of someone’s interaction with the record holder. Examples include tax files, credit ratings records and a driver’s license abstract. These records are powerful aids in the hands of skilled interviewers.
Biometric verification is any means by which a person can be uniquely, physically identified by with a biological trait. Unique identifiers include fingerprints, hand geometry, retina and iris patterns, voice waves, DNA, and signatures. The most common form of proof of status, birth certificates, aren’t linked to a biometric.
There are prevention strategies from the security trade-offs made by identification issuers which help mitigate threats posed by fraudulently acquired, counterfeit/forged and stolen/loaned identification:
Increase the feeling of risk at the point-of-service with a message of vigilance
Apply behavioral insights to the application process
Improve detection with education and training on non verbal “red flag” patterns of human behavior
Hire people who are emotionally intelligent, improve frontline judgment and decision making
Work from a well thought out information gathering plan
Implement policy and guidelines for escalating front-line concerns for more in-depth review
Encourage a continuous learning environment with timely feedback to front-line judgments and decisions on escalated events