1 / 54

Your Role in Helping FSA Prevent Identity Fraud

Understand how to prevent identity fraud, report suspicious activities, and protect sensitive information. Learn about fraud definitions, roles of special agents, and IT investigations.

hildae
Download Presentation

Your Role in Helping FSA Prevent Identity Fraud

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Session 30 Your Role in Helping FSA Prevent Identity Fraud Steven Anderson, Christopher Cooper, Kathleen Styles, and Dr. Linda Wilbanks| Nov. 2012 U.S. Department of Education 2012 Fall Conference

  2. OIG Components • Audit Services • Investigation Services • Evaluation, Inspection, and Management Services • Information Technology Audits and Computer Crime Investigations

  3. Benjamin Franklin “There is no kind of dishonesty into which otherwise good people more easily and frequently fall than that of defrauding the government.”

  4. FRAUD DEFINED • An intentional distortion of the truth in an attempt to obtain something of value. Does not have to result in monetary loss. • Layman’s terms: Lying, cheating, and/or stealing.

  5. ED/OIG Special Agents are Federal Law Enforcement Officers • Special Agents receive training in: • Interviewing/Interrogation • Criminal Law • Civil Law • Program and Contract Fraud • Firearms/Defensive Tactics • Search and Arrest Warrants

  6. 6

  7. IT Audits and Computer Crime Investigations ITACCI centralizes the OIG information technology operational assessment, analysis, and law enforcement capabilities. ITACCI is comprised of three separate divisions, each with a distinct mission. This centralized concept ensures maximum coordination and cooperation both internally and externally.

  8. TCD Mission • Conduct criminal investigations of computer security incidents • On-site technical support and laboratory forensic analysis of digital evidence • Proactive investigative analytics to identify fraudulent, criminal and cyber trends in ED’s programs and systems

  9. TCD Structure TCD centralizes the OIG digital investigations and our support missions for the traditional OIG services. Comprised of three separate units, each with a distinct mission, that support the other units. Staffing: Special Agents (1811) IT Computer Specialists (2210) Investigative Analysts (1805)

  10. The Threat • Actors State Sponsored Organized Cyber Crime Organizations Russian Mafia Traditional Mafia Professional Hackers Spammers Inside Threat Disgruntled Employees • Tools Botnets Keylogger Targeted Viruses Used to create quick one-time-use botnets Also used when specifically targeting a single site or organization The usual Internet attack tools Metasploit, etc.

  11. Examples of What to Report • Compromise of Systems Privileges • Compromise of Information Protected by Law • Unauthorized Access of IT Systems or Data • Exceeding Authorized Access • Denial of Service of Major IT Resources • Malicious Destruction or Modification of data/information

  12. Is Your System a Victim? • Yes? Maybe? Not Sure? • Immediate Reporting is Necessary! • Have the facts • Why you think there is an issue • Date/Time of the Incident • System Information • Location • Type and Purpose of the System • Point of Contact • Actions All Ready Taken

  13. TCD’s Response • Will Work Through the SSO to Preserve the Data and Contain the Incident • May interview end-user • May run several tools to collect live data from the system • Conduct an Analysis of the System, Live Data, Network/Firewall Logs, and other data pertinent to the incident

  14. Social Engineering Social Engineering is the art of prying information out of someone else to obtain access or gain important details about a particular system through the use of deception.

  15. Protecting Others From Identity Theft • Properly handle documents • Shred sensitive information • Use key identifiers instead of the SSN • Password protect sensitive information • Audit access • Review access privileges • Verify who you are talking to

  16. Obtain or take over financial accounts Take out loans for large purchases Open new lines of credit Sign lease agreements Establish services with utility companies Write fraudulent checks Purchase goods and services on the Internet Common Identity Theft Practices

  17. Avoiding Identity Theft Don’t carry your SSN card with you! • Request a drivers license number • Shred sensitive information • Only carry what you use • Photo copy all cards in your wallet • Select hard to guess PINs and passwords • Don’t leave mail sitting in an unprotected box • Don’t give out private information over the phone • Order your credit reports • Use caution when providing ANY sensitive information

  18. Weak controls • Little or no oversight • Lax rules • Debt • Addictions • Status • Greed Opportunity Motivation Fraud Triangle Rationalization • Everyone does it • I was only borrowing the money • I was underpaid and deserve it

  19. Red Flags to Investigators Vices such as substance abuse and gambling Extravagant purchases or lifestyle Lack of documents (the ‘big flood’ destroyed…) Common Addresses (mailing, email, and IP) Pin number and password information the same Personal information that does not fit the norm Bank information that is the same

  20. Fraud Indicators • One person in control • No separation of duties • Lack of internal controls/ignoring controls • No prior audits • High turnover of personnel • Unexplained entries in records • Unusually large amounts of payments for cash • Inadequate or missing documentation • Altered records • Non-serial number transactions • Inventories and financial records not reconciled • Unauthorized transactions • Related Party Transaction • Repeat audit findings

  21. Sources of Allegations • OIG Hotline • ED Program Offices • School Employees and Officials • Guarantee Agencies • Citizens and Students • Competing Vendors/Schools • Other Federal Agencies • U.S. Attorney’s Offices • Other ED OIG Investigations • Federal Bureau of Investigation • State and Local Education Agencies

  22. Examples of Title IV Fraud Schemes • Leasing of eligibility • Loan theft/ forgeries • Fraud/Theft by School Employees • Default rate fraud • 90/10 rule • Financial statement falsification • ATB fraud • Falsified last date of attendance • Obstruction of a federal audit or program review • FAFSA fraud- enrollment • Falsification of entrance exams • Falsification of GEDs/HS Diplomas • Falsification of attendance • Falsification of grades • Failure to make refunds • Ghost students

  23. Link to OIG’s Distance Education Fraud Ring Investigative Program Advisory Report (IPAR) • http://www2.ed.gov/about/offices/list/oig/invtreports/l42l0001.pdf Information for Financial Aid Professionals (IFAP) website: • http://www.ifap.ed.gov/ifap/index.jsp Dear Colleague Letter GEN-11-17: • http://www.ifap.ed.gov/dpcletters/GEN1117.html Presentation on the IPAR provided at last year’s conference in Las Vegas.

  24. IPAR/Dear Colleague Letter On September 26, 2011, the Department’s IG issued a report about fraud rings operating on distance education programs offered by institutions participating in the Federal student aid programs. The IG’s report identified an increasing number of cases involving large, loosely affiliated groups of individuals (fraud rings) who conspire to defraud Title IV programs through distance education programs.  These fraud rings generally target institutions with low tuition in the context of distance education programs and involve a ringleader who:

  25. IPAR/Dear Colleague Letter • Obtains identifying information from straw students “individuals who willingly provide the information” • Completes multiple financial aid applications using the information collected • Applies for admission under the institution’s open admissions program, where little or no third-party documentation is required • Participates in the amount of online interaction necessary to establish participation in the academic program and secure disbursements under an institution’s procedures

  26. IPAR/Dear Colleague Letter Detecting fraud before funds have been disbursed is the best way to combat this crime.  We therefore seek the help of institutions and advise that you take the following additional actions to identify and prevent the kind of student aid fraud identified in the IG’s report: Implement automated protocols that monitor information in your student information data system to identify instances where a number of students –

  27. IPAR/Dear Colleague Letter • Use the same Internet Protocol (IP) address to complete and submit an admissions application • Use the same IP address to participate in the online academic program • Use the same e-mail address to submit an admissions application • Use the same e-mail address to participate in the online academic program • Appear to reside in a geographic location that is anomalous to the locations of most students in the program

  28. IPAR/Dear Colleague Letter Modify your disbursement rules for students participating exclusively in distance learning programs, which would immediately reduce the amount that fraud ring participants can receive.  Institutions have the authority to: • Delay disbursement of Title IV funds until the student has participated in the distance education program for a longer and more substantiated period of time (e.g., until an exam has been given, completed, and graded or a paper has been submitted) • Make more frequent disbursements of Title IV funds so that not all of the payment period’s award is disbursed at the beginning of the period

  29. Who Commits Fraud Involving Education Funds? • School Employees, Officials, Owners, Financial Managers, and Instructors • Lenders and lender servicers • Guarantee Agencies • Award Recipients • Grantees and Contractors • ED Employees • Others

  30. How You Can Help • Ensure that staff receive necessary training • Review documents thoroughly • Question documents/Verify authenticity • Request additional information from the vendors or administration • Compare information on different documents • Contact ED-OIG • A Guide to Grant Oversight and Best Practices for Combating Grant Fraud http://www.usdoj.gov/oig/special/s0902a/ final.pdf

  31. Don’t Try To Investigate Suspicious Activity Yourself! You may have the missing piece of the puzzle we need!

  32. Who is Responsible for Reporting Fraud? • Everyone who deals with DoED funding has a responsibility to help control fraud.

  33. 34 CFR § 668.16 Standards of Administrative Capability The Secretary considers an institution to have administrative capability if the institution: g)…Refers to the Office of Inspector General…any credible information indicating that an applicant for Title IV, HEA program assistance may have engaged in fraud or other criminal misconduct in connection with his or her application Reporting obligation further applies to fraud on the part of employees, third party servicers or other agents of the institution.

  34. Why Report Fraud? • Ethical responsibility • To deter others from committing fraud and abuse • To protect the integrity of the Federal, State, and Local programs • To avoid being part of the fraudulent/criminal activities

  35. Criminal Liability • 18 U.S.C. § 2, Aiding and Abetting Whoever commits an offense against the United States or aids, abets, counsels, commands, induces or procures its commission, is punishable as a principal. • 18 U.S.C. § 4, Misprision of a Felony Whoever, having knowledge of the actual commission of a felony cognizable by a court of the United States, conceals and does not as soon as possible make known the same to some judge or other person in civil or military authority under the United States, shall be fined under this title or imprisoned not more than three years, or both.

  36. 1-800-MIS-USED Inspector General’s Hotline http://www2.ed.gov/about/offices/list/oig/hotline.html

  37. OIG Investigation Services Contact Sheet

  38. Privacy at ED – Who Does What • Establishment of CPO position, 2011 • FSA has a privacy advocate too • Privacy and security – what’s the difference? • The Inspector General’s Office focuses on fraud and criminal activity

  39. What Does a CPO do?

  40. College and Universities -- Targets • Current student and alumni information • Data widely distributed across campus • Hackers seek diverse information • The dawn of “Big Data” just makes this easier Remember: breaches can be the result of negligence and poor data management, as well as criminal activity.

  41. Breach Reporting Do you need to report your breaches? To whom? • Your Participation Agreement “strongly encourages” breach reporting to FSA • FPCO (Family Policy Compliance Office) encourages reporting to FPCO • The majority of states have laws on SSN and breach reporting

  42. What Is ED Doing to Help? The Privacy Technical Assistance Center (PTAC) offers: • Resources • Technical Assistance • Site Visits

  43. Available PTAC Resources You can find a variety of resources on the PTAC website, including: • Checklist: Data Breach Response • Checklist: Data Governance • Issue Brief: Data Security and Management Training: Best Practice Considerations • Technical Brief # 2: Data Stewardship: Managing Personally Identifiable Information in Student Education Records www.ed.ptac.gov

  44. FSA Information Security Group Dr. Linda Wilbanks • Ensure the security of FSA data at rest and in transport • Ensure the security of the FSA networks • If a breach or intrusion occurs • Determine point of entry and ensure it is closed • Determine if/what data lost • Report FSA data compromises to the DoED • Work to estimate the risk to data owners Monitor and identify trends

  45. Threats Student Co-worker Insider threat Foreign actor

  46. Threat - Intrusions • Worms • Trojans • Viruses • Penetrations CORE

  47. Threat – Preventive Measures • Firewalls • Control entry • Monitor traffic • Scan and fix (Patch) new vulnerabilities • Two-factor authentication CORE

  48. Incidents by Type and # Records BreachedFederal Government 2009-2010

  49. User Vulnerabilities • Personal devices • Not patched • Internet connections – social media • Not scanned for virus, etc. • Thumb drives – FREE!! • Not really, always have file attached for promotion • Never know what else is on thumb drive • Easily lost

More Related