Hearing Wrap Up: Digital Identity Verification Helps Stop Fraud Before It Starts
WASHINGTON—Yesterday, the Subcommittee on Government Operations held a hearing on “Emerging Fraud Threats and the Evolving Fraud Landscape.” During the hearing, members examined the use and effectiveness of digital identity verification platforms to combat fraud threats and protect American taxpayers. Members also discussed how to identify, monitor, and prevent emerging fraud threats, as well as try to understand how these threats continue to change over time.
Key Takeaways:
The federal government often cannot keep up with hackers and fraudsters who are turning to increasingly sophisticated methods to break into online systems and steal taxpayer benefits.
- Jordan Burris, Vice President and Head of Public Sector at Socure, testified that “We are facing organized, increasingly sophisticated transnational fraud rings using [artificial intelligence] at industrial scale. One fraud ring we profiled created nearly 25,000 synthetic identities and launched more than 35,000 attacks in just 30 days. The adversary has changed. Our federal identity model, however, has not. And yet many in the government believe it will hold up to today or even tomorrow’s fraud threat. For decades, the government has treated matching a name, date of birth and social security number validated against government authoritative records as proof of identity. That approach is no longer sufficient.”
- Marisol Cruz Cain, Director of Information Technology and Cybersecurity at the U.S. Government Accountability Office (GAO), testified that “As you know, federal agencies use personally identifiable information to verify the identity of individuals who access accounts on government websites. An increase in sophisticated cyberattacks has led to a greater risk of that [personal identifiable information] being stolen and used to commit different types of fraud. Malicious actors can then use that information to fraudulently receive government benefits, commit tax or wage related fraud, or create new credit cards, or take over people’s accounts.”
- Dr. David Maimon, Head of Fraud Insights at SentiLink, testified that “The central lesson from my research is this fraud against government programs is no longer a series of isolated schemes. It is a durable, specialized criminal infrastructure, and it moves. The pandemic did not create this infrastructure, but it supercharged it. Criminals learned how to acquire stolen and synthetic identities, stand up shell companies open bank accounts and recruit money mules at scale. When pandemic relief programs ended, none of that capacity disappeared. It simply migrated. Today, my team is tracking that same infrastructure inside SNAP, Medicare, Medicaid, federal student aid, tax refunds, and [Small Business Administration] backed loans. A few examples illustrate how we are watching criminals combine stolen identities with AI-generated faces and deepfake video to defeat liveness checks at digital banks and tax preparers using nothing more exotic than face swapping software available to anyone.”
While identity verification is critical to preventing identity theft-based fraud, the federal government must do more to protect Americans’ identities when they apply for government programs.
- Ms. Cruz Cain also stated that “[General Services Administration] developed login.gov as a means to verify users’ identities who want to create an account to access federal websites. Accordingly, GSA has a significant responsibility for protecting users PII that they collect during that process. In 2024 and 2025, we reported on login.gov’s process for identity verification, its misalignment with federal guidelines for identity verification and fraud prevention measures. In our reports, we identified several weaknesses in GSA’s implementation of login.gov, including that the system did not meet the requirements to verify a person at the IAL2 level, and that was because the system never included a physical or biometric comparison to link a user to a specific real-life identity. As a result, we recommended that GSA take four actions to ensure that the PII is better protected and to lessen the risk of identity theft. To its credit, GSA has fully implemented three of those actions. Most importantly, they have completed their remote identity proofing pilot, ensuring that the system is compliant with NIST IAL2 standards.”
- Dr. Maimon also noted that “Much of today’s verification infrastructure and the policies behind them were built for an earlier threat, and procurement and roll making cycles that take years cannot keep pace with fraud. Tactics that shift in a month or less. Agencies need standing authority to test and deploy technologies to meet the current threats, not just at the next scheduled audit. None of this requires slowing down help for legitimate applicants. It requires distinguishing them from fraud earlier, using signals criminals cannot easily fabricate. The federal government already has some of the tools it needs. What is missing is the authority, the coordination, and the sustained investment to use those tools before the money moves, not after. Every dollar we protect from fraud is a dollar that stays available for the people Congress intended to help.”
Congressional investigations confirm that government agencies must be better equipped to detect and prevent fraud, and Congress should work to promote stronger security for government platforms.
- Mr. Buriss also stated that “[Reward] fraud prevention instead of recovery, where agencies are incentivized to stop fraud before taxpayer dollars ever leave the Treasury and finally treat identity verification as dynamic infrastructure that must be resourced to evolve continuously, not built once, certified once and left in place for a decade. To be clear, Congress does not need to prescribe a specific technology, but Congress can establish a new expectation that technology exists, and the evidence is clear now our policies and practices must catch up to the threat so Americans can trust their government in the AI era.”
- At a March 2023 hearing, the Subcommittee on Government Operations found that Login.gov, previously marketed as “a single-sign-on solution for government websites,” falsely misled its federal agency customers claiming it met all required standards.
Member Highlights:
Subcommittee Chairman Pete Sessions (R-Texas) inquired about methods the government can use to vet people applying for benefits and ensure their identities match.
Subcommittee Chairman Sessions: “I brought up my circumstance of talking [about] Social Security, how they vetted me, how they talked to me about things that I would know about myself that not a lot of people would understand. Is this the kind of fair game that would be used to vet people on a regular basis? And how can we cross-get this type of information to where if you’re at SBA, you may or may not have that available to you? If you’re at Social Security, you probably could ask some detailed questions about working history, about doing other things. Do we need to expand or develop some way for agencies that take a new request from a person? It could be about, not [Veterans Affairs], because you could ask about those questions, but about someone who’s recently unemployed and asking about a depth of knowledge. How do we really help those agencies to make the determination, even when speaking to a person?”
Dr. Maimon: “This is a great question, Mr. Chairman and I agree with your statement. I think, let me go back to my career as a sociology in the Ohio State University, the first class in the degree we were taught about the difference between ‘gemeinschaft’ and ‘gesellschaft’—’community and society.’ The reason why I’m bringing this important distinction is that in the past, here in the United States or any other place, when you went into the bank or to the IRS and asked for opening a new bank account or a loan or getting some governmental benefits, the guy sitting across from you knew who you were. He knew your family. He knew where you worked. He knew your history, so to speak. And so they were able to assess the risk you pose to the organization more effectively. Now, you know, we’re at this point in a point of a society…What they will not be able to fake is the historical evidence. And that that goes as well to the AI solutions out there, right? I mean, AI will be able to give you an amazing picture of a person who does not exist, or AI will be able to take my face and bring it to life when I’m abroad, so to speak, and try and authenticate me when I’m trying to get unemployment benefits. But one thing that AI tools will not be able to do at this point is to create the historical signals around me or around anyone who is trying to identify themselves. And I think that is where the solution lies, being able to find solutions which will allow us to look at historical evidence around individuals, around their name, date of birth, addresses, telephone numbers, and make assessment with respect to whether they are who they say they are.”
Congressman Brian Jack (R-Ga.) asked about the types of fraud threats Americans may be facing that they are unaware of, as well as how AI is used to commit identity theft.
Congressman Jack: “Mr. Burris, my first question is for you. The public increasingly relies on the internet to access government services. And I’m just curious, from your perspective, what fraud threats might my constituents be facing that they’re not even aware of yet?”
Mr. Burris: “Representative, thank you for the question. When it comes to the fraud threats in the way that they’re evolving across the landscape, every single interaction, every single time that an individual is engaging both with their government and in their commercial life, there is the chance, the opportunity, that an adversary could be attempting to pose as them [or] could be attempting to enroll in an account. We see this across financial services where we work. We see this across various aspects of the gig economy where we work, and then, of course, with government organizations, the reality here is that all of the information, all the PII that exists for many folks within this room has been stolen by the adversary. And they are using that to attempt to become them, and therefore that they can access what would be either their bank accounts and help move money all across the economy.”
Congressman Jack: “You know, I’ve heard folks mention anecdotally that now with artificial intelligence, people are trying to impersonate, you know, a loved one by virtue of maybe their voice or their mannerisms, what have you. And using some of that information that may have been stolen. Have you seen that? And could you elaborate on that for us?”
Mr. Burris: “Yeah, absolutely. We are in a what I would consider a national crisis from where I’ve highlighted, and our team has highlighted. Socure, for a number of years now [has said] that the moment that we’re in is unlike any other in the sense that AI is being used as an accelerator for attacks that typically would take weeks to occur. Further, it’s also becoming more cost effective for the adversary to launch those attacks. These attacks could be everything from launching deepfakes, things where we’ve seen an 8,000 percent increase year over year. This can also be in terms of the velocity by which attacks are happening. This means the speed by which they are occurring. And in these instances, these moments we are seeing things that where attacks used to take weeks in order to be conducted, they have been broken down to under 48 hours. And this would mean that an adversary has launched an attack where they have stolen my information, or yours, or even worse, fabricated an identity attempt to open an account and or move money, take over an account that may have existed because they went through a call center and were pretending to be you, using your voice or something that was cloned, an image of yours, biometric, etcetera. And they’ve used all these patterns, and if, say, they were blocked in some way, shape or form, they then just adapt and iterate, and the cycle continues all over again.”
Click here to watch the hearing.
Legal Disclaimer:
EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

