Digital identity verification has emerged as one of the top programs for state and federal government agencies as more services move online. Scoop News Group spoke with Karl Hellmann, Deputy CIO at the Department of Labor, and Jordan Burris, VP of Public Sector Strategy at Socure, about the importance of digital identity and security for benefits programs, particularly in unemployment insurance.
Their remarks were also transcribed and edited below:
Q: How has the Department of Labor gone about assessing its needs for greater identity management controls across the Department of Labor? Where does identity management stack up among your top cybersecurity priorities?
Hellmann: Identity fraud management stacks up as a very high priority for us, especially for our external and internal customers. Being able to ensure who has access to our data and that people who need our services are able to get to them without being disconnected or without fraudulent action being taken is vital to the Department of Labor’s mission.
Q: Jordan, given the various tools available, what distinguishes today’s modern identity proofing platforms, and what are the challenges that agencies are still facing to modernize?
Burris: When it comes to solutions that should be evaluated from an identity proofing standpoint, we always had to have a mindset of staying ahead of what’s coming. Focusing on cybersecurity, we’re looking at nation states and criminal enterprises conducting nefarious activities. When I’m looking at identity proofing solutions, it needs to be multi-layered. You need to learn how to use personally identifiable information (PII) documents to verify someone, but are you missing other aspects of their digital footprint? Are you looking at the device being used, IP address, email address, or even the geolocation of the individual? If you’re able to look across all of them at the same time, you can increase accuracy and prevent nation states from compromising our digital services.
Next, you need to see if your identity verification solution is dynamic. Can the solution keep pace with the threats that are being posed by these nation states and these enterprises? How quickly can you implement those changes? Does it take seconds or minutes, or would it take days or weeks? Ideally it would be more nimble when it comes to identity fraud.
The next issue is seamlessness. Do you have a solution that creates jarring friction, or does it work passively behind the scenes? Pushing for a seamless experience allows us to embody what the White House has been stressing around customer experience. Lastly, solutions need to consider transparency and equity. You need to make sure solutions aren’t a black box where you can’t see what’s going on. And you need to solve for systemic gaps that exist in our identity infrastructure that leave people out of the process. Any solution that is truly next-gen should look at the opportunity to close those gaps.
Q: How do modern identity proofing platforms increase the speed of delivery and accuracy of public benefits and services, especially for the Department of Labor? Can you give us an example of where modernizing your identity fraud management systems is really translated into faster or more effective service?
Hellmann: The Department of Labor’s core mission is supporting workers, whether it’s job-seekers, retirees, or current workers. We need to make sure they have the ability to do what they need to do. Within the Department, we have approximately 115 systems that have a single-sign-on capability that requires identity proofing.
I want to talk about one program specifically which falls under unemployment insurance. In today’s world, being able to access unemployment insurance and making sure that states can identify the correct people is critical. We have a variety of identity fraud management activities, both digital and non-digital, to ensure the public has equitable and accessible access.
Q: What are some of the tactics you’re seeing from criminal organizations to defraud government agencies? How do modern identity fraud management platforms address that?
Burris: We need to meet and match the attacks we’re seeing from fraudsters…they are embracing new technology to intercept benefits. They’re not hesitant to use generative AI and other tools to pretend to be someone else. Information is also being shared on the dark web and used to attack other benefit programs like SNAP and against the commercial sector.
We need to fight fire with fire and deploy best-in-breed technologies to combat them and fight back. You also need to take a network approach. Can you take collective learnings across other agencies who are experiencing similar circumstances?
Q: Karl, what lessons would you share with other government agencies about implementing a modern identity fraud management platform? And how have those lessons helped improve the Department of Labor’s broader security posture?
Hellmann: We’ve been in this business for a long time, and we do have a lot of legacy platforms. Our most successful approach is to modernize legacy platforms on an incremental basis. We don’t try to go from legacy to the tip of the spear, we build a solid foundation and incorporate security into every layer. Build security in application controls, API calls, platform integration, external-facing presence, and continue to work through those one step at a time.