One of the largest fraud schemes that’s impacted employers during the age of COVID is unemployment insurance fraud. Often, these schemes occur as part of a larger employer identity theft scheme that can have costly consequences for both companies and employees.
In a recent presentation at the American Payroll Association’s 2022 Virtual Congress and Expo, Thomas Crowley, the director of government affairs at ADP, and Stephanie Salavejus, CPP, the vice president and COO of PenSoft, discussed the rise of unemployment fraud schemes and the steps being taken to stop them – including the use of better authentication procedures.
Here’s what you and your Finance team need to know.
Increase in false unemployment claims
Unemployment insurance fraud schemes have been on the rise due to COVID-related relief payments. Traditionally, they take several forms. Most commonly, scammers will create fake companies or impersonate real companies, saying that they haven’t filed wage reports in a few years. Then, they’ll file fraudulent reports – and false unemployment insurance claims from “employees” follow soon after.
Often, the scammers will use the names and Social Security numbers of real employees at your company. So, you may get notification that a claim’s been filed for unemployment payments on their behalf.
This can get more complicated for companies that actually have experienced layoffs or furloughs due to the pandemic. It can be time consuming for your Finance team to uncover fake unemployment claims while also validating legitimate ones. It’s also tough for affected employees, who may have to jump through hoops to confirm their identity to state unemployment insurance agencies.
Much of the info scammers use for these schemes comes from data breaches, which are increasingly common at companies of all types. With this explosion of unauthorized access, authentication needs to be on the minds of company leaders, including CFOs, Salavejus said.
Additional authentication requirements
Right now, security procedures are changing to decrease the likelihood of unemployment fraud and business identity theft, especially with payroll service providers and software developers. Before working with employers, they’re adding in steps such as validating a company’s federal Employer Identification Number (EIN) right away. And tax agencies are also tightening their security requirements before they accept returns.
These added steps can make Finance processes a bit more burdensome for your team, particularly if extra signatures and verification are involved. But they’re essential to protect the sensitive info your team deals with every day.
Properly authenticating the identity of the key players on your team that deal with tax filing needs to be at the top of your priority list. Not only can the proper authentication prevent issues with unemployment insurance, but it can also stop other kinds of business identity theft.
Authentication can take various forms. Traditionally, it’s done with a password. But there’s various technology both tax agencies and software providers are using to verify the identity of authorized representatives from companies, including cryptographic keys and biometric technology.
And while it may create more red tape for employers, it’ll soon be the norm for Finance pros. So, it’s smart to stay aware of recent developments and know what tax agencies will expect from employers.
While you may not be required to authenticate the identity of all professionals in Finance just yet, it’s soon likely that every individual who has any role in reporting to IRS, including the person who signs off on your Form 941, will be required to go through an authentication process before doing so.
IRS is already requiring e-Services users to validate their identities using multifactor authentication via ID.me. IRS and state tax agencies are also working on:
- improved authentication and validation of the info submitted on tax returns
- better information sharing to root out and prevent fraud, and
- more advanced methods to assess security threats and develop strategies to address them.
Importance of training
Finance needs to be prepared for these developments. And it starts with the right training.
Training your team on current fraud threats and authentication methods is crucial. This helps prevent data breaches and keeps everyone on the same page with current security protocols. Make sure everyone in Finance is educated on the security requirements they must follow, and their specific role in preventing compromise of key data.
For the best results, security measures can’t be siloed, Salavejus said. Boosting data security must be a companywide effort, with company leaders and IT at the helm of any training and educational initiatives.
Areas to improve right now
Many elements will go into authenticating users’ identity in the future. Software developers, payroll service providers and tax agencies will use IP addresses, browsers and geotracking physical locations to determine whether any unauthorized parties are using your info to commit fraud.
To be compatible with this technology, your in-house systems and computers will have to meet specific security and authentication criteria to access online accounts for various agencies. That means you’ll need to invest in the IT infrastructure to make that happen. You might want to consider what security upgrades your hardware and systems may need when creating future IT budgets.
As further protection against fraud, you’ll also have to look at your agreements with third parties that have access to confidential employee data, making sure there are strict provisions in place to keep this info secure and limit the vendor’s access to only the data that’s necessary.
Record retention oversight will be important as well. Make sure you aren’t keeping employees’ records on file for too long – otherwise, it’s a significant security risk. With that in mind, make sure that any records or documentation you’re storing on site is secure, and that you’re disposing of old records regularly after retention requirements have passed.
Ultimately, Salavejus said, it’s on employers to “authenticate, authorize and know who has access to information, [and] move beyond basic password protection for protecting data and databases, [since it’s] no longer secure enough.”
Your authentication and security procedures must be in a “constant state of continuous improvement,” said Salavejus. This will help you keep unemployment fraud and other schemes at bay – and avoid costly damage control after the fact.