‘Fraudsters thrive in fragmentation’: how government agencies are tackling fraud in the digital age

Image by freepik

Public sector authorities want to reduce fraud against the public purse. Ian Hall reports on an international discussion on the biggest opportunities and barriers

Momentum is building to modernise fraud prevention, improve detection within and across programmes and ensure public funds reach the people and services they are intended to support. 

Initiatives include new agencies, strategies, policies and greater use of technology. But fraudsters targeting government programmes are also becoming increasingly sophisticated.

Global Government Forum and Global Government Finance organised an international webinar titled ‘How can government innovators best tackle fraud against the public purse?’ to explore trends, common ground and differences across jurisdictions.

The discussion featured public sector panellists from the United States, Canada, Singapore, and from knowledge partner SAS.

Data manipulation

SAS Italy fraud and anti-money laundering (AML) expert, Fabio Menis, kicked things off by highlighting that financial “abuses, waste and errors” should be discussed alongside fraud. All are “draining resources from the public sector”, he pointed out.

“Any kind of scheme can be traced back to data manipulation,” he said.

Then focus needs to be on understanding if the ‘manipulation’ was deliberate – in short, planned criminality – or an accident.

Examples of fraud from his own country include the targeting of funds from Italy’s National Recovery and Resilience Plan – the government’s strategy for spending the financial resources received from the European Union’s €750bn (US$£872bn) post-Covid economic stimulus.

The big challenge public sector authorities face with tackling fraud, he said, is limited resources: counter-fraud units are “always under the ideal sizing” needed to do the job.

Fraudsters ‘lying in wait’

Fara Damelin is inspector-general of the US Federal Communications Commission (FCC) – an independent office responsible for preventing and detecting fraud, waste and abuse related to FCC’s programmes. (The FCC is the federal agency responsible for implementing and enforcing communications law and regulations).

She agreed with Menis’s opening observation that any focus on fraud should be broadened to what she described as the “larger pot” of what US authorities refer to as ‘improper payments’, which she said “could include payment by mistake”.

The webinar took place on 16 April, less than a fortnight ahead of the publication of a US Government Accountability Office (GAO) report to Congressional committees whose headline finding was that federal agencies estimated improper payments during fiscal year 2025 rose to almost $186bn – an increase of about $24bn on the previous year.

“Every dollar that gets diverted, even mistakenly, not just by fraud – but fraud is a big one – to individuals who should not be getting that money is money that’s not going to people in need,” she pointed out.

“A lot of these fraudsters, a lot of these rings, they’re lying in wait,” she continued. “When government funding goes out, they’re ready to get into it, and they’re going to go to every place they can that allows them in at the ‘front end’.”

Read more: GAO highlights 97 new recommendations to cut US federal government costs or boost revenues

‘Zero-trust environment’ required?

Damelin, like Menis, highlighted the importance of data. Specifically, the opportunity but also the challenge to “verify at the very onset” of funding programmes that potential beneficiaries are “eligible” and “legitimate”.

“We’ve got synthetic identity theft [the invention of a completely fictitious persona], we’ve got people stealing names, addresses, social security numbers, we’ve got fabricated documents,” she said. “So, what is the type of monitoring we could do against verifiable source documents to protect these programmes before a single dollar goes out? They [criminals] are just going to try it everywhere. They’re not in one programme at a time, they’re in multiple programmes, seeing where they can get in.”

Governments are often inclined to trust citizens. But such are the levels of fraud, is it time for a re-think? “I may sound mean when I say this, but a ‘zero-trust environment’, from a government programme standpoint, is probably the way to go, meaning that we don’t trust the information, we just verify it,” said Damelin. “I think that, in today’s world, we really have to look at that. And, in order to be effective, we need to share data, we need to compare data, we have to have access to data, and we need to take the time to verify at the front end.”

Governments typically moved quickly during the Covid era to get money out. But with speed came leakage.

“The waiver of internal controls during emergencies has done a disservice to the people who need the money in the end because the extra day or two or three it takes – and now it’s probably even quicker with this data, with what’s available in terms of our technology – is going to protect that money for those people who need it most,” Damelin said.

Whistleblowing is of “critical” importance. “Let’s encourage every type of good information that comes in to protect these programmes,” Damelin urged.

Read more: Tump anti-fraud taskforce to focus on US federal benefit programmes

‘Volume, velocity and vector’

Wendy Saschenbrecker-Tang, external fraud risk management division director at the Canada Revenue Agency, highlighted three fraud trends: “volume, velocity and vector”.

“We’re dealing with a lot more transactions than we’ve ever seen before,” she said, on her first ‘V’. “We’re seeing billions of transactions through our online portals, returns, benefits we administer – the volume is not slowing down. Every time we have a new programme or new benefit, transaction volume goes higher.”

“Fraud moves really, really fast,” she said, on the second ‘V’. “Threat actors can stand up and execute schemes in minutes, hours – not weeks, months and years. As we’ve moved away from our paper-based roots, we’ve prioritised speed, faster decisions, faster services, faster digital platforms. It’s necessary, but then it could be a double-edged sword.”

“Many of our processes and controls were really originally designed in a paper world, and we couldn’t imagine the pace of today’s digital environment,” she continued. “As a result, we have legacy systems and controls can struggle to keep up.”

On the third ‘V’, fraud is increasingly complex. Criminals have a “whole array of different options available, many enabled by AI and other emerging tech, which really increases unauthorised access, identity theft and data breaches,” she said. “In the past, our interaction points were pretty straightforward: paper forms, in-person service counters. Today, we have more fragmented landscapes: we have online portals, digital service, call centres, third-party reps, agents, outsource vendors, even lobby groups and interest groups in the mix. That creates different access points, and with it, different kinds of risks.”

“We have to shift our mindset as well towards prevention, because once that money is gone, we aren’t getting it back,” she reflected. But there is also good news. “We’re gaining the expertise, we’re getting more and more data, and then we have the collective responsibility to work together. But we have to invest, we have to share our strategy so that we can not just protect dollars but also public trust.”

Read more from our sister title Global Government Finance: Canadian government steps up anti-fraud efforts including new financial crimes agency

A culture of speaking up

Rick Teng, compliance office head at Singapore Health Services (SingHealth), began by agreeing that criminals had been evolving their methods as technology itself evolves.

He described Singapore’s public services overall as “big on digital transformation” which, he said, increases opportunities to capitalise on data for “continuous auditing and monitoring” of risks.

“We are definitely big on the risk of revenue leakage,” he said. “We look at years and years of data, building transactions [records], looking at Big Data. Those are the things that definitely will reduce the gaps and also increase the likelihood of fraud detection.”

He was keen to make a cultural point, highlighting that Singapore has a “culture of speaking up”: SingHealth itself has an appropriately titled ‘Speak Up’ campaign to boost patient safety and protect staff from abuse.

“We also have a very strong whistle-blowing channel and programme in Singapore for public healthcare,” he continued.

“When you have a culture [in which] people are acting on [information], and triaging cases and investigating, and they know that fraudsters will definitely get caught and prosecuted – they know that fraudsters can’t get away, I think that in itself speaks for a lot,” he added.

Read more: AI to “dominate next four to five years” of fraud landscape: UK fraud minister

Investigating the data

Saschenbrecker-Tang highlighted the difference between tackling ‘first-party’ and ‘third-party’ fraud.

“First-party fraud is: you’re doing it on your own account. That person exists. We can deal with that,” she explained. “Third party is where the harder part is – where the threat actors are taking over – and you can’t even go back to the original person, because it wasn’t them who did it.”

It is also important to differentiate between one-off and “systemic” (or sustained) errors and/or fraudulent attempts, Teng said.

Analytics can “pick up outliers” and “if there’s malicious intent to manipulate data,” he said, adding that ‘forensic interviews’ should generate a “good account of events”.

Damelin highlighted an ‘FCC OIG advisory regarding deceased and duplicate lifeline subscribers between 2020 and 2025’. Published in January, it focused on benefits paid through the ‘Lifeline’ programme – which provides a monthly discount on phone or internet services to qualifying low-income households – to deceased individuals. Analysts cross-referenced recipients with the Death Master File (DMF), a database maintained by the Social Security Administration containing information on people who have died.

“Subscribers who were signed up after they were dead looks like fraud. Subscribers who weren’t removed one or two months after they passed away may be improper payment. It took some time for the data to catch up,” she pointed out. “Those are the types of distinctions we look for – fraud versus improper payments. All of it shouldn’t have gone out, but the question is: how much of it was intentional and then, even for the improper payments, can we match up our data sources faster, so we can get people off the rolls faster?”.

International concerns

Fraud is increasingly international. To what extent, then, are countries’ approaches undermined by insufficient action beyond their own borders?

“As we’ve made our services digital, there is no need to walk into a local tax services office – you can be anywhere in the world, and that is exactly some of the data analytics that we’re looking at,” said Saschenbrecker-Tang on the importance of international considerations.

“Does it make sense that a person is filing taxes from Country A, and then Country B, and then Country C, all in the span of 30 seconds?,” she asked rhetorically. “That does not make sense – it raises that alarm bell. But then there could also be a legitimate [reason].”

Often authorities focus on scrutinising datasets from a domestic or organisatinonal perspective, with less attention typically paid to escalating initiatives to Interpol or other international organisations, she said.

Partly related is the challenge of not falling foul of national data privacy laws. “I think this is something that needs to still be done and we haven’t fully evolved to a point where we can say:  ‘yes, we got it’,” said Saschenbrecker-Tang.

Damelin referred to “a lot more work to do” on ensuring that entities and individuals receiving federal government funds “are here in the United States”. Metadata analysis, “including IP addresses from where applications are going”, is therefore important.

“We have a lot more work to do on that front, but that’s definitely a topic high in mind,” she said.

Data-sharing considerations

SAS’s Menis felt that international co-operation had progressed “a lot” over the past “15 to 20” years, at least at a pan-European level. “The weakness is data sharing,” he said, picking up the earlier point about data protection rules.

“Data sharing implies large-sized infrastructures, which are costly, and, of course, somebody has to put resources in that,” he pointed out. “Realisation is complex. The first question, for example, is ‘where do I place that infrastructure?’ and every country is reluctant in sharing data, sending data across borders, for example, even if we are the European Union.”

In the US, the Pandemic Response Accountability Committee (PRAC) has been important, Damelin said, later highlighting PRAC’s ‘Blueprint for Enhanced Program Integrity’.

“They [PRAC] got all the data, they had data-sharing agreements, and then we were able to tap into their data to protect our funds after the fact,” she said. “Well, now we can actually do it ‘before the fact’.”

“We’re developing risk models,” she continued. “These are data-informed, data-based risk models using several sets of really important data that we didn’t have before to use our very limited resources and focus those on the highest areas of risk in both our audits and our investigations.

“We’re also using every tool in our toolbox, administrative remedies, recommendations to the agency at the front end to protect awards at the award level; administrative remedies – we have something called government-wide suspension and debarment in the United States, where you can put somebody on a centralised list and they cannot get money from any government agencies.”

“That type of sharing information about bad actors is really important beyond just the prosecutions,” she continued. “We’re considering widely and broadly how we can protect all of our programmes at one time with this information, and then the use of data, getting at the synthetic identity theft. It is a significant terrible problem and some of the victims are children, elderly, deceased individuals… individuals and their families may not know for years that their identity was stolen.”

Read more: UK government use of data analytics to tackle fraud ‘underdeveloped’: MPs

On stacks and skillsets

“Like all technology, usually we look at a stack,” said Teng. “Even in fighting fraud, it’s always a stack of things. Your internal controls, your policy is definitely the foundation because […] fraudsters will thrive in fragmentation. Then, deployment of technology.”

“What I see […] is that we do have great data scientists, but do they know the business well?,” he asked. “They might have the strongest analytical skillsets but they may not have the business knowledge. Without the marriage of them both, you won’t be able to call the right outliers, you may end up with a lot of false positives. And when this is presented to management, people will lose trust. They will say, ‘OK this model doesn’t work’.”

He also highlighted the importance of using ‘big data’ over an extended period.

“We are getting multiple years of building data, transactions, accounts payable, and all that. That, in itself, will be very powerful,” he said.

“Then the very last part is: how do you visualise it? We do also use data visualisation tools because data scientists do need to story-tell as well. You need to be able to put up the right storyboard for senior management because management support is definitely needed.”

Finally, he referred to technology costs, including licensing. “It can become cheaper,” he said. “But it is still expensive to implement, if you are not using open source.”

Human and machine intelligence in the fight against fraud

“The core of our work is really about identifying risk, assessing it and implementing the right mitigations,” said Saschenbrecker-Tang.

“It often starts with fraud risk assessments,” she continued. “You have to be proactive in the preventative space but then it’s just as relevant in the reactive side, when we’re responding to active schemes and incidents.”

“We rely on a really broad variety of techniques in addition to technology,” she said, explaining that work spans “traditional” fraud risk assessments through to “end-to-end, tip-to-tail process mapping.”

She said the Canada Revenue Agency also took an approach to prevent fraud that she described as “probably unique”: fraud ‘red teaming’, whereby system vulnerabilities are tested by mimicking criminals’ methods.

“Of course, adding on to the analytics and the AI, we are really using it to help us go through those massive amounts of volume of digital activity because we need to identify the signals, the anomalies, emerging trends,” she said. “But technology alone isn’t enough. We need that human expertise to really validate those results, interpret what we’re seeing, and then decide when to raise the alarm.”

A mix of humans and machines is necessary.

“There’s so much [data] coming in – what is ultimately the most important?”, she asked. “We have to base it on a past experience, like actual fraud schemes that we see, what are risk factors, and most importantly, human judgement – knowledge of the programmes. All of this is necessary to really drive an effective fraud prevention and response.”

Degrees of risk

“The larger your data footprint is, the better your detection method will be,” Menis pointed out. “But you can’t wait to have all the data you wish to activate a detection process.”

Resources are always scarce. But agencies have to capitalise on whatever data and information they can get their hands on.

“We go from simple techniques like: ‘I’m just verifying if Fabio Menis is already included in a blacklist’ – it’s an easy way that gets quick and good results,” he said. “Then I can have a set of deterministic rules giving a score to an entity if certain conditions are going to happen. We have implementations with 15 to 20 indicators at the beginning, going to 60 to 70 indicators after the second or third degrees, and then you have the issue of optimising those indicators.”

“We have network analysis,” he continued. “So if, for example, a bank account is shared between two people, and they shouldn’t [be sharing it], this could be a risk element. Again, this is not a fraud, but it’s an element of risk.”

He picked up Tang’s observations, emphasising the importance – but, apparently, the relative scarcity – of data scientists who also “understand business”; and also the importance of data visualisation. “if we try to [work out] where to go to dinner from an Excel spreadsheet, it’s hard – but if we put flags on a map, it will be immediately clear which is the closest restaurant: this is an example I use a lot,” he said.

He also touched on open-source technology, pointing out that they bring integration costs, require IT skills, and need maintenance. “The risk is to build something very complex on a certain stack and to have it obsolete after 12 months,” he warned.

Read more from our sister title Global Government Forum: UK Government publishes new fraud strategy as cases hit record level

New tools amid growing fraud threat

As the discussion drew to a close, the panel were asked about the extent to which digital ID could help.

Menis was cautious, opining that some schemes were themselves likely to be “cracked”.

Damelin was more upbeat, stating that “we can’t have people self-certify with no outside verification” and that “any new tool that’s going to help us get at that is going to get at some of the significant problems”.

Saschenbrecker-Tang and Teng were also positive, with the former highlighting that Canada’s digital ecosystem increasingly relies on Verifiable Credentials, which are tamper-proof cryptographically secure digital versions of physical documents; and the latter pointing out that Singapore is among the world’s pioneers in terms of government-led digital ID provision, with a well-established ‘Singpass’ scheme. “Touch wood, so far, it has not been cracked yet [and] has served us well,” he said.

Rays of light, then, in the battle. But resource constraints and siloed data infrastructure continue to make the public sector vulnerable as fraudsters evolve their methods at pace.

The ‘How can government innovators best tackle fraud against the public purse?’ webinar took place on 16 April 2026. It was hosted by Global Government Forum and Global Government Finance with support from knowledge partner SAS. Watch the webinar on demand here.

This writeup of the webinar was originally published by our sister title Global Government Finance. Sign up to the Global Government Finance newsletter here.