Security problems with the Employment Security Department should have been fixed last year
Washington’s Employment Security Department (ESD) would like you to think that COVID-19 caused all the problems with fraud and late benefit payments. The reality, however, is that the issues existed before COVID-19 and ESD did nothing to fix them.
The problems have persisted for at least a year despite $44 million put aside by the legislature to specifically fix ESD’s computer systems.
The security mechanism and identification procedures ESD has been using for the last few years are wholly inadequate to protect the security of the accounts and the privacy of the benefit claimants.
If a bank approached its customers and said the only requirement for accessing an account was a name, birth date and social security number, the bank would soon be out of business. No one would use the bank out of a justified fear that their money would be stolen. That is how the un-employment benefit system worked in Washington until recently.
In response to the $650 million stolen by the Nigerian fraud scheme, ESD added photo verification to verify claimant’s identity and reduce the amount of fraud. However, this verification is also flawed in its approach. Photos of identification documentation can be obtained or faked by unscrupulous individuals and uploaded. ESD Commissioner, Suzi LeVine pointed out last week they were already receiving fake and joke photographs into the system.
With data breaches at Equifax, Target, Washington State University and other high-profile cases, Washington residents personally identifiable information has been made public. It is probable that this information was used to breach the ESD systems since no second level of authentication was implemented in ESD systems.
Immediately, ESD needs to engage with either internal or external cyber-security experts to shut down the fraud that is occurring. A new streamlined, properly authenticated system need to be implemented to enable claims to be made efficiently and securely.
Verification of identity should be easy, quick, and secure. There is no reason in today’s technology focused world that this cannot be implemented by ESD. This is a problem that has been solved by many businesses already.
Puget Sound is home to two of the largest cloud hosting companies, Microsoft and Amazon who make cyber security their business. ESD should consider tapping into that expertise to build a world class, secure and properly authenticated, employment benefit system.
Regular audits of the unemployment trust fund and improvements in transparency, along with a secure, authenticated system are needed now to restore public trust in ESD.