by Robert Davis
More Coloradans are opening their mailboxes to find US Bank ReliaCards or 1099-Gs that they don’t need, a sign that someone fraudulently used their name to file for unemployment.
In recent weeks, a freelance graphic designer and the CEO of a local aerospace company told Glendale Cherry Creek Chronicle that they were both victims of fraud. Luckily for them, the claims are amounting to an inconvenience. But, for many Coloradans waiting for or already receiving unemployment benefits, these fraudulent claims are wreaking havoc as tax season arrives.
Unemployment benefits are taxed as income, meaning taxpayers pay both state and federal taxes on the benefits. For fraud victims, this can result in paying multiple thousands of dollars in extra taxes while someone else reaps the benefits.
The freelance graphic designer described the hours of phone calls she’s made to both local and federal authorities concerning the fraud. Each time, she’s been met with the same response: “We might contact you with further questions.”
For the past month, it has been an exercise in futility to get someone to assist with the claim, or to even hear a human voice on the other end of the phone, she added.
“I truly can’t imagine what’s it would be like if I really needed these benefits,” she told the Chronicle.
What Happened?
On January 11, Colorado’s Department of Labor and Employment (CDLE) upgraded its unemployment software system to the MyUI+, whic
h combines regular state unemployment benefits with the PUA Online System used by claimants receiving federal Pandemic Unemployment Assistance (PUA).
The goal of the upgrade is to streamline responses to PUA claims, customers requesting payment via the phone line (CUBline), and providing virtual assistance, CDLE said during the launch.
Initially, when the system went online, it immediately flagged 20% of claims as fraud, prompting the state to seek guidance from the U.S. Department of Labor. In response, CDLE revised down a month of unemployment claims, revealing a batch of 31,237 fraudulent claims. CDLE said that a majority of the fraud is coming from overseas.
“When we deployed the new system Sunday morning at 6:30, we watched,” Cher Haavind, deputy director of the state Department of Labor, said in a statement. “We were all on a dashboard and we could see where people were hitting the system. They were coming from outside of the United States. They were coming from Nigeria. And they were, within five minutes of deploying the system, trying to access MyUI+.”
In December, USA Today published an exposé of a Nigerian engineer who paid $2 in Bitcoin to access a database of stolen Social Security Numbers and other personal information. In many states, that’s all the information one needs to start a claim. Websites such as FamilyTreeNow and TruthFinder offer additional information for a fee.
Others gained personal information through phishing expeditions. CDLE found a fake Twitter account under the handle @LaborColorado that was distributing an online form purporting to help Coloradans apply for unemployment. CDLE’s official Twitter handle is @ColoradoLabor.
Feeding Frenzy
CDLE said its unemployment software was due for an upgrade before the pandemic hit. Colorado’s system was running on a decades-old coding language known as COBOL. At least 12 other states run on similar aging language, including Alaska, Connecticut, California, Iowa, Kansas, and Rhode Island.
However, CDLE’s upgrade was delayed once the agency began receiving record numbers of claims during the spring. In 2019, CDLE handled nearly an average of 2,000 unemployment claims per week. Since mid-March, the agency has handled an average of 17,500 claims per week.
Meanwhile, a rapid update of the Colorado’s unemployment processes created layers of vulnerability within the system that officials are struggling to control. Governor Jared Polis added to the frenzy in March when he signed Executive Order D 2020 012, which requires the state labor office to begin paying claims within 10 days of receipt.
Once state officials began tracking fraud claims in June, they were left to navigate making timely payments, ensuring the security of their operating system, and rushing to find fluent coders to complete the upgrade.
Employers made mistakes, too. CDLE said employers are supposed to file a fraud report whenever an employee files for unemployment. But, if the employer checks “other” on the form, state labor officials assume the claim is from a job separation. In this case, the state is supposed to hold payment pending resolution. Polis’ 10-day order changed all that.
How Big Is The Impact?
State systems are not the only weak spot, CDLE contends. Another suspect is the federal PUA program, which expired at the end of December.
PUA was intended to help freelancers, gig workers, and others who lost their jobs because of the pandemic and don’t qualify for regular unemployment. The program provided $600 per week in benefits. However, the hasty rollout of the program made it a target for hackers and scammers.
Under PUA’s guidelines, state and local labor officials are responsible for administering the program. However, Colorado is currently not distributing PUA payments until it can secure its system. This means Coloradans relying on federal unemployment may go months without receiving payment.
Meanwhile, unemployment officers are still struggling to handle the increased workloads caused by the pandemic. An investigation by Colorado Public Radio found CDLE’s current wait time is over six weeks. As of mid-December, over 12,000 callback or appointment requests were in the queue. CDLE even began hiring customer service help from third-party staffing agencies in December, but the agency’s backlog seems endless.
Since mid-March, CDLE has paid out $2.5 billion in PUA claims and another $2.5 billion in regular unemployment insurance, according to CDLE data.
In September, CDLE estimated that three out of every four claims it received between July 18 and August 22 were fraudulent. Colorado officials were able to stop between $750 million and $1 billion leaving state coffers. Other states haven’t been so lucky.
In August, the U.S. Attorney’s Office for the Western District of Pennsylvania charged 33 individuals, including inmates at eight state and county jails and prisons in western Pennsylvania and their accomplices, with defrauding the PUA system of over $100 million total.
Later in December, U.S. Attorneys in California recovered another $2 million from a single actor. The scammer used the identity of a sitting U.S. Senator to file the claims.
Stopping The Gap
CDLE received updates rules from the U.S. Department of Labor concerning the administration of the PUA program on January 8. The new guidance reopened the program, reduced payments to $300 per week, and extended the eligible weeks of unemployment up to March 14, 2021.
Shortly thereafter, DOL officials released $100 million to states to shore up their unemployment systems and help them detect fraud.
Colorado spent a portion of the funds on a new partnership with ID.me, a biometrics company that will help the state verify unemployment claims so it can begin processing payments. Labor department Executive Director Joe Barela said the system will be used to verify the legitimacy of claims held up by weeks or months after being flagged as potentially fraudulent.
All new claims must perform identity verification through ID.me, with payouts released following a verification with facial recognition. The process is expected to be completed by January 27.
According to the company’s website, ID.me is currently used by over 22 million people and 350 partners, including federal and state agencies, health care organizations and financial institutions. It’s also in 14 other states, including Pennsylvania and California.
For Barela, the new funds and tools are a welcomed gift. However, they don’t mean Colorado is in the clear just yet.
“It’s important to note that we are walking a tightrope here,” Barela said in a statement. “We know that we want to get benefits out as quickly as possible to those who need unemployment insurance at this time. But we also want to put systems in place that protect our funds or benefits from going out the door to fraudulent claims.”