The accuracy of face-based identity verification technology is once again being called into question in the wake of a high-profile case of identity fraud. In the case, a New Jersey man was allegedly able to steal roughly $900,000 from the state of California by using fake driver’s licenses and a red wig to trick the state’s facial authentication system.
Eric Jaklitsch’s scheme specifically targeted California’s Employment Development Department (EDD), which is responsible for handling unemployment claims. He is believed to have filed at least 78 false claims with the department, roughly 68 of which were ultimately granted. Each case represents an instance of identity fraud, since Jaklitsch was using stolen personal information (including Social Security numbers) to file false claims in the names of his victims.
The nature of those claims changed each time, with Jaklitsch claiming to be everything from a fitness instructor to a zookeeper. In each case, he stated that he had lost his job due to COVID-19, and had therefore lost a salary that exceeded $100,000.
The problem, from a security perspective, is that California’s identity verification system never spotted the duplicates, the fake IDs, and the evident fraud, even though Jaklitsch used the same distinctive red wig for every single identity. Jaklitsch was using his own face on his fake IDs, so the fact that his selfies matched is not a problem in and of itself. However, his actions should still have raised more red flags considering that he used that same face regardless of the age and sex listed on the document. Jaklitsch was eventually arrested following a year-long investigation in December, after the FBI tracked his movements through the New Jersey ATMs where he used false debit cards to withdraw the money he obtained from California.
The EDD is partnered with ID.me for identity verification, and the fact that Jaklitsch was able to slip through the cracks will raise even more concerns about the integrity of automated identity technology. ID.me highlighted its ability to spot unemployment fraud during the pandemic, and was slated to become the official identity provider of the IRS. The IRS has since backed down from that arrangement in response to pushback from federal legislators, while ID.me has expanded its non-biometric identity verification program in an effort to regain the trust of the general public.
Source: Daily Mail
February 14, 2022 – by Eric Weiss