Podcast | Securing Digital Identity in Federal Agencies: Socure’s Approach

Digital identity and identity theft have become a top priority for the federal government. The Biden administration has made it a key concern in the State of the Union and in its newly-released National Cybersecurity Strategy. But how is that affecting the situation “on the ground” in federal agencies? 

Socure’s SVP of Public Sector Matt Thompson and VP & Head of Public Sector Strategy Jordan Burris were excited to join John Gilroy’s Federal Tech Talk podcast to discuss the path forward for digital identity. Once a week, John interviews technology leaders about the latest trends and important stories that are important to federal CISOs, CTOs, and IT managers. 

It’s worth listening to the entire podcast, so be sure to queue it up on your podcast platform of choice! We have included some of the highlights below: 

Q: Why do you work for Socure? What’s your motivation?

Matt: I want to improve trustworthy access to digital services, whether that’s across government agencies or in the commercial space. We have a fundamental right to control our identity information and how it’s used. A lot of the digital identity verification solutions in the space don’t do a good job of protecting our identity. There’s an opportunity to help government agencies improve the way that people assert their identity to access benefits and services. On the flip side, we need to halt the manipulation of identity information by cybercriminals and identity fraudsters who commit synthetic identity fraud with benefit programs.

Jordan: Building off what Matt is talking about, for me it’s about confirming that everyone, regardless of race, socioeconomic background, etc. has the opportunity to engage in a digital identity ecosystem. Back in 2018, there was a push to find different ways to verify who people were online. Why? We found that, far too often, underserved populations were being left out of the process. During the pandemic, this problem hit the mainstream. Time and time again, you heard that people couldn’t get access to their benefits while fraudsters from nation-state actors and criminal rings were intercepting those benefits. Something had to change, so I joined Socure.

Q: The CISA’s Zero Trust Maturity Model 2.0 just got released, and the first pillar is identity. How does identity play into zero trust strategies?

Matt: There’s a reason that identity is the first pillar of the Zero Trust strategy. While that specifically focuses on the enterprise side and has a focus on authentication, at the end of the day, the government has a responsibility to extend their thinking around identity to meet citizens where they are. The Biden administration has made improving customer experience one of its top initiatives, and digital identity must be included in that effort. From my experience, a more trustworthy digital identity verification system is a top priority to restore Americans’ faith in their government. 

Q: I’ve done some research and the term “synthetic identity” keeps popping up. What is a synthetic identity?

Jordan: A synthetic identity is an identity that has been manufactured so they can pretend to be a real person. It plays on one of the legacy links in the chain that exist in identity today. We are still a society that is heavily dependent on the credit ecosystem to establish someone’s identity. The credit bureaus are the gatekeepers. Synthetic identities are created when you either have someone’s real personal information and then change a piece of the information (e.g. Social Security number) to assert a different identity. Other times, they completely fabricate a person that doesn’t exist using entirely fake personal information. This works because the credit bureaus keep a record of each time you assert your identity. You may not get approved, but if you keep coming back enough times with fake information, you’ll eventually pass through. 

The overreliance on the credit ecosystem has allowed synthetic identity to hit the mainstream because of the ease of access that fraudsters have to data that’s been breached over and over again. One of the most common synthetic identities is “Michael Smith”, the mid-30s, from Texas. He has a fairly average credit profile, but he’s completely fabricated.

Matt: What makes synthetic identity fraud unique is it’s victimless. There’s no actual person being harmed except the financial institution or the government. We are starting to see spikes in synthetic identity fraud across government agencies, so it’s an important thing for government leaders to understand. 

Q: There are 135 federal agencies and I would bet there are 135 different digital identity verification solutions out there. Maybe more. Where does Socure fit in?

Matt: You shouldn’t have to be re-verifying that you’re the same person and proving the same information repeatedly. However, there’s also no one-size-fits-all approach to digital identity verification. If you are just accessing weather information, you shouldn’t need the same level of vetting as filing your taxes. There are different levels of vetting – there need to be flexible identity solutions. We specifically solve if you are a real human being and if you are submitting the information. We do that more inclusively and more accurately than other digital identity verification solutions in the market.

Jordan: Fraudsters are getting more and more sophisticated. As we’ve deployed more authenticators, they’ve moved upstream and attacked earlier in the process. Now they can pretend to be someone and take their account before they can even get it. Perhaps I perform some type of recovery activity and steal it from them. If we get digital identity verification right, we can keep them out entirely. If we get it wrong, you can continue to see the stories where folks are being locked out of benefits or stolen.