Friday, December 09, 2005

How Food Stamps Pay for Crack, and What to Do About It

Under the title of this article is a link to an article in CIO Insight on how Business Intelligence beat back food stamp fraud in Louisiana. Very interesting reading is also contained in the following report:

While this all is fascinating information on a common sense use of statistics in crime fighting, in the end it is a demonstration that a paradigm shift is required, and that bringing in the heavy (statistical) artillery is not a solution but a stopgap measure until better technology arrives.

Bank cards (and EBT cards are merely a manifestation of that phenomenon, riding the same infrastructure) are ridiculously unsafe as payment instruments, and it is a wonder the level of fraud is not higher than it is. So this is an example of inappropriate technology, and particularly developing countries, which today do not have a developed infrastructure to support this technology, should probably bypass it as obsolete, except for a few ATMs for foreign tourists. Mechanisms can and will be developed for secure transfers of money via cellphone and even on-line, and all of those have a lower infrastructure cost associated with them than private banking networks, except if they're already paid for (i.e. they are a sunk cost). Yet at the moment development of ATM networks in the developing world is still counted as progress, and little attention is paid to the fact that it is perhaps an exportation of over the hill technology, and little better than the recycling of used computers which end up in toxic dumps in the third world.

Back to EBT abuse. In terms of the study from Louisiana, while it appears fair and balanced, I would suggest that it gravely underestimates the problem in other ways, for lack of on the ground-level observation. In fact food stamp fraud is only one element in a crime wave, that unsurprisingly involves the usual culprit: drugs. To demonstrate this point, I offer following example, which from personal research I would suggest is very typical:

It starts with a struggling convenience store, which in many places means either every single one or every other one. One day the local crack dealer stops in and befriends the owner, suggesting that he sell crack paraphernalia. The profit margins are terrific, like 80, 90% and there is no risk since these items are sold under neutral names, and only become crack paraphernalia in the presence of crack cocaine. But wait a minute, it goes on, for once the local crack addicts get wind of where to buy the paraphernalia, they also go to the same store with their foodstamps, and engage the owner of the same struggling store in discounting of foodstamps, usually with 40-50% profit margins for the store, the "discount." But it doesn't stop there either, for the same desperate store owner is a great informal fence, particularly if the addicts can steal some merchandise, or other necessities, equipment, etc. and offer it for sale to the struggling store. This, roughly speaking is the pattern.

It does make it very clear why statistical methods are going to be very effective in catching the discounting of benefits, since there are obviously strong statistical correlations to both stores and users. But it also underscores the fact that if the fraud was $28 million in one state, there was probably an associated $100 million crime wave, of which the discounting of benefits was merely one of the pillars. The EBT fraud by the way manifests in multiple levels of crime, e.g. the real user illegally withdrawing cash, the store illegally issuing cash from foodstamps, or someone using a stolen EBT card (you only need to know the pin).

Moreover, in terms of the EBT fraud element, it is all fine and dandy that there are statistical methods to find it and fight it, which are surely more effective than prosecuting it at the store level, but it is still a dysfunctional stopgap measure to support an inappropriate technology, which is simply not fit for the purpose.

Simply put, strong authentication is the word, and the technologies that support it are increasing in number. Most of the conversation seems to be around the internet, some is around bank cards, but the emerging field is cellphone based payment gateways, and soon VOIP based payment gateways. Banks are doing some lame experiments with smart cards, and other derivative technologies, all of which cannot conclusively solve the problem, unless they involve strong authentication and encrypted transactions.
This is an area however where high security actually represents a business opportunity. Clearly if one small state has $28 million in annual fraud in EBT alone, nationwide the fraud is far larger, by simple extension in the billions. With Social Security due to go the EBT route sooner or later, the numbers will be staggering. Rather than fighting a rear guard action with tools that reduce the problem but don't solve it -- the intellectual acumen and prowess of the folks who came up with this solution notwithstanding -- perhaps a more rigorous solution would be in order. The time for secure transactions has surely arrived, and countries that have the least infrastructure may realize the transition faster than mature countries with a lot of sunk cost parked in paid-up infrastructure.

A similar paradigm shift is in the works on another side of banking. Just as the banks finally put the finishing touches on the Check21 process, strong authentication will finally end up making internet banking potentially more secure than any check based transactions, and the transition can start to get going for real. Again my point is that some of the worst failures of appropriate use of IT are here not there, and we have a whole digital divide to worry about in the developed world, since we often can't see the forest for the trees. Very often the sunk cost of inappropriate solutions stands in the way of progress, and with proper analysis the developing world might just learn from and bypass our mistakes. Some of the early cellphone payment gateways may be a little rickety, but the direction has been set, and efficient and secure banking and financial services may do more for development in the long run than a lot of other things. Moreover, if it's done right, it should pay for itself, and quickly, which is quite an innovation in development.

Copyright © 2005 Rogier F. van Vlissingen. All rights reserved.

1 comment:

DiaGnostic said...

I think payment security is a futile effort. There will always be a way to abuse it sooner or later. So you'll be stuck with ever improving already obsolete scheme. Besides if you would miraculously manage to make it foolproof, you'll put half the police force out of business and they are not gonna like it.
Better way would be not to charge for these services, that way nobody can steal?