Financial Fraud by Kids? No, by Impersonators

If you look at the evidence, it may appear that financial fraud is being committed by kids. But that’s not accurate; it’s being committed by fraudsters who are impersonating kids, according to the National News.

“”Fraudsters are targeting children’s identities because they can exploit the information for an extended period,” said Rob Woods, director of fraud and identity for LexisNexis Risk Solutions….

“With criminals well aware of the likelihood of the child’s identity theft going undetected, Mr Woods said LexisNexis is seeing criminals opening bank accounts, applying for loans and even committing other financial crimes with the fake identity.”

So perhaps you had better check Junior’s credit rating.

Identity/biometric CMOs, Are You Silent?

(Silence image Google Gemini)

If you’re a Chief Marketing Officer at an identity/biometric company, maybe your company has exercised its right to remain silent.

Saying nothing to its prospects or clients.

You know this isn’t good.

As it turns out, I have a solution that guarantees that your company will say something meaningful.

But I’m not going to bother to share it today.

What’s the rush?

I can wait until next week.

Or next year.

What could go wrong?

Hey, it doesn’t feel good when Bredemarket doesn’t share helpful information with YOU.

Now ask how your prospects feel when YOU don’t share helpful information with them…and your competitors do.

Stay tuned.

Adherence Does NOT Require 100% Compliance

(Green and red medicine bottle image from Google Gemini)

As many of you know, I spend the majority of my time in identity/biometrics, where in some cases a 99% accuracy rate is considered woefully inadequate. Imagine if your bank had a million customers and 10,000 of them couldn’t login…or 10,000 fraudsters COULD log in. The bank would throw a fit with its biometric vendor.

So perhaps my experience resulted in…um, bias when I wrote the following in my recent post on adherence and identity:

“Let’s say you are told to take 4 pills a day for 7 days, and the pharmacy gives you a prescription for 28 pills. A week later all the pills are gone.

“Does this demonstrate patient adherence to health instructions?”

Perhaps you spotted the implicit assumption that taking 28 of 28 pills (100%} constitutes adherence, while taking 27 of 28 pills (96.4%} constitutes NON-adherence.

Tain’t so, Sherlock, as Philip Morisky pointed out in a comment on my LinkedIn post on adherence and identity. He said, in part:

“…the threshold at 80% means that even if you do not have access to the medication for 6 out of 30 days, you are still considered adherent.”

Morisky presumably knows what he’s talking about, since he works for a company called…adherence. And Philip’s father, Dr. Donald Morisky, developed the Morisky Medication Adherence Scale (MMAS) for medication self-reporting.

But what of this 80% threshold? 

It’s commonly cited…like the statement that 30% of crime scene latent prints come from palms

But the 80% adherence threshold is not universally accepted, as this National Library of Medicine study notes.

“Based on Haynes’s early empirical definition of sufficient adherence to antihypertensive medications as taking ≥80% of medication, many researchers used this threshold to distinguish adherent from non-adherent patients. However, we propose that different diseases, medications and patient’s characteristics influence the cut-off point of the adherence rate above which the clinical outcome is satisfactory (thereafter medication adherence threshold).”

This particular study concluded that…more research is needed.

“…we cannot reject or confirm the validity of the historical 80% threshold. Nevertheless, the 80% threshold was clearly questioned as a general standard.”

Despite the questions about the 80% threshold, Philip Morisky’s basic point remains: you don’t have to take 100% of your medications to be considered adherent from a health perspective.

But I still maintain that for critically important medications, the IDENTITY of the person taking them needs to be known at a level very close to 100%.

Hospital Patient Facial Recognition

(Hospitalized wildebeest facial recognition image from Google Gemini)

It’s no secret that I detest the practice of identifying a patient by their name and birthdate. A fraudster can easily acquire this knowledge and impersonate a patient.

The people that I hang around with promote biometrics as a better solution to authentication of a hospital patient whose identity was previously verified. Of course, this crowd promotes biometrics as the solution to EVERYTHING. My former Motorola coworker Edward Chen has established a company called Biometrics4ALL.

But the need to identify patients is real. Are you about to remove Jane’s appendix? You’d better make sure that’s Jane on the operating table. And yes, that mistake has happened. (The hospital was very sorry.)

Of the various biometric modalities, face seems the most promising for the health use case, particularly for hospital patients.

  • Fingerprints require you or a medical professional to move your finger(s) to a contact or contactless reader. 
  • Hand geometry is even more difficult.
  • For iris or retinal scans, your eyes have to be open.
  • For voice, you have to be awake. And coherent—I’m not sure if a person can be identified by a moan of pain.
  • DNA takes at least 90 minutes.
  • Gait? Um…no.

Unlike the other modalities, the patient doesn’t have to do anything for facial recognition. Even if asleep or sedated, a medical professional can capture an image of a patient’s face. There are some accuracy considerations; I don’t know how well the algorithms work with closed eyes or a wide open mouth. But it looks promising.

Imprivata agrees that facial recognition is a valuable patient identification method.

“By capturing and analyzing unique facial characteristics such as the distance between the eyes and the shape of the nose, this technology can generate a unique identifier for each patient. This identifier is then linked to the patient’s electronic health record (EHR), ensuring that medical staff access the correct records. This method significantly reduces the risk of misidentification and the occurrence of duplicate records, thereby enhancing patient safety.”

However, I can think of one instance in which patient facial recognition would be challenging.

Burn victims.

If the patient were enrolled before the injury, the combination of disfigurement and bandaging would limit the ability to compare the current face to the previously enrolled one.

But this can be overcome. After all, we figured out how to recognize the faces of people wearing masks.

Adherence and Identity

(Wildebeest patient image from Google Gemini)

Adherence

In healthcare, “adherence” refers to a patient who complies with the recommendations of a medical professional. For example, if a doctor tells a diabetic to lay off the Double Big Gulp soft drinks, the patient should comply. A National Library of Medicine study explains why this is important:

“Patient adherence is vital for the quality of health care outcomes and treatment efficacy, and reduces the economic burden on the healthcare system.”

So if you don’t practice adherence, you could experience adverse health care outcomes…like death.

You would think that would be persuasive enough, but we have to mention “the economic burden.” But it’s sadly true. If a patient is treated multiple times for the same preventable condition, that’s money down the drain. Or bedpan.

(Bedpan image from Google Gemini)

But there’s a big hole in adherence measurement.

Adherence measurement

Let’s say you are told to take 4 pills a day for 7 days, and the pharmacy gives you a prescription for 28 pills. A week later all the pills are gone.

Does this demonstrate patient adherence to health instructions?

Absolutely not.

Maybe you flushed all 28 pills down the toilet and didn’t ingest a single one.

Or maybe you have been giving some pills to your wildebeest.

(Medicated wildebeest image from Google Gemini)

In the ideal world, you would want to ensure that the medication was taken by the correct patient, not by a toilet or a wildebeest.

When adherence identity is important

I will grant that this is ridiculous for a vitamin.

But what about a chemotherapy drug? How will you know that the right patient is taking it and adhering to the medical plan?

Will you ask the patient for their name and date of birth, and consider your adherence monitoring job done?

Give me a…fracture.

Black Friday Fraud Reduction?

Black Friday fraud dipped in 2024? Maybe good news…maybe not.

Frank on Fraud shared a TransUnion report of a 30% decrease in fraud on Black Friday this year. (Links below.)

This in turn was shared and analyzed by Hilton McCall, who noted several theories as to why fraudsters apparently took Black Friday off.

“Tighter fraud prevention measures by merchants and platforms.”

That’s good news.

“Shifting fraud tactics targeting other high-value days like Cyber Monday.”

“A possible focus on new fraud methods, like account takeovers and loyalty point scams, rather than traditional purchase fraud.”

That’s bad news.

Remain vigilant—and if your firm offers a fraud-fighting solution, share your message.

Frank on Fraud: https://frankonfraud.com/fraud-trends/fraudster-vacation-fraud-plunges-on-black-friday/

TransUnion: https://www.globenewswire.com/news-release/2024/12/05/2992306/0/en/New-TransUnion-Analysis-Finds-More-Than-4-of-U-S-Attempted-Ecommerce-Transactions-Between-Thanksgiving-and-Cyber-Monday-Suspected-to-be-Fraudulent.html

Hilton McCall: https://www.linkedin.com/posts/hilton-mccall_fraudprevention-blackfriday-cybersecurity-activity-7272611182727909376-lsyD

KYV: Know Your (Healthcare) Visitor

Who is accessing healthcare assets and data?

Healthcare identity verification and authentication is often substandard, as I noted in a prior Bredemarket blog post entitled “Medical Fraudsters: Birthday Party People.” In too many cases, all you need to know is a patient’s name and birthdate to obtain fraudulent access to the patient’s protected health information (PHI).

But healthcare providers need to identify more than just patients. Providers need to identify their own workers, as well as other healthcare workers.

Know Your Visitor

Healthcare providers also need to identify visitors. When a patient is in a hospital, a rehabilitation facility, or a similar place, loved ones often desire to visit them. (So do hated ones, but we won’t go there now.)

I was recently visiting a loved one in a facility that required identification of visitors. The usual identification method was to present a driver’s license at the desk. The staffer would then print out a paper badge showing the visitor’s name and the validity date.

Like this…

John Bederhoft?

So John “Bederhoft” (sic) enjoyed access that day. Whoops.

Oh, and I could have handed my badge to someone else after a shift change, and no one would have been the wiser.

Let’s apply “somewhat you why”

There’s a more critical question: WHY was John “Berdehoft” visiting (REDACTED PHI)? Was I a relative? A friend? A bill collector? 

My proposed sixth factor of identity verification/authentication, “somewhat you why,” would genuinely help here. 

Somewhat you why “applies a test of intent or reasonableness to any identification request.” 

Maybe I should have said “and” instead of “or.”

  • Visiting a relative shows intent AND reasonableness.
  • Visiting a debtor shows intent but (IMHO) does NOT show reasonableness.

Do you need to analyze healthcare identity issues for your healthcare product or service? Or create go-to-market content for the same? Or proposals?

Contact me at Bredemarket’s “CPA” page.

DNA Chain of Custody

(Part of the biometric product marketing expert series)

Gloves can play a big part in a variety of criminal investigations…including the ones that DON’T result in live coverage and international headlines.

The phrase of the day is “chain of custody,” because DNA evidence can be incredibly accurate…until it isn’t.

H/T CSIDDS for this story.

Sydney Criminal Lawyers shared the story of a police officer sent to prison for falsifying evidence.

“A property in Cairnlea, Melbourne, was identified as a safe house for…drugs, with police finding pieces of evidence — including a pair of gloves that had a man’s DNA on them. Despite only having the one source of DNA on the gloves, (former police detective Jye) Symes falsely reported that he found a woman’s DNA on the gloves.”

For the misconduct, Symes received “a full term of 3 years imprisonment with an 18-month non-parole period.”

Don’t mess with the evidence.

Google Does Not Comply With Google

Mystifying error message of the day.

I hadn’t cast from my phone to my TV in a while. 

When I tried to do so recently, I got an error from Google, saying in part that YouTube on TV’s request does not comply with Google’s “Use Secure Browsers” policy.

It’s worth noting:

  • The YouTube app on my phone is from Google.
  • The YouTube on TV app on my TV is from Google.

So if I read the message as stated, Google’s apps don’t meet Google’s standards.

(And for those who are curious, no my wi-fi network is not tied to my consulting e-mail account.)

I was in an impatient mood and didn’t feel like diagnosing the issue, so I didn’t.

“Plug and play” has a way to go in the wi-fi world. 

Survey Says

So Deloitte announced the results of a survey earlier this month.

“The fifth annual Deloitte “Connected Consumer” survey reveals that consumers have a positive perception of their technology experiences and are increasingly embracing GenAI. However, they are determined to seek balance in their digital lives and expect trust, accountability, and transparency from technology providers.”

Deloitte conducted the survey BEFORE the RIBridges hack.