U.S. federal prosecutors say a former U.S. Army civilian employee and four accomplices stole money from current and former military members and opened accounts in their names to facilitate the crimes, Military Times reports. Prosecutors allege that former civilian medical records technician Fredrick Brown photographed the medical files of service members stationed at the Yongsan Garrison in South Korea. Those records included Social Security numbers and military IDs.
With that information, prosecutors say Brown and his alleged accomplices set up fake accounts in the U.S. Department of Defense and Department of Veterans Affairs (VA) benefits systems and routed money from those accounts into other bank accounts. The group members, now under arrest, also allegedly accessed and stole money from service members' bank accounts.
Members of the U.S. military are twice as likely as other people to be victims of fraud, including identity theft, according to a 2017 AARP study,
Under Fire: Military Veterans and Consumer Fraud in the United States (PDF). The AARP website also details the wide range of fraud schemes perpetrated on veterans, including phishing, imposter scams, and investment and loan schemes.
What can internal auditors and military organizations learn from this story to better prevent and detect identity theft targeting military service members?
- First and foremost, access to the personal information of service members needs to be tightly restricted, while permitting efficient use for legitimate reasons. The fact that the accused individuals had access to medical files and the scheme appears to have been going on since 2014 suggests a need for greater security measures. For example, supervisors and security cameras could have monitored employee activity better during working hours — taking thousands of pictures of medical files takes time and effort that should have been noticed sooner.
More frequent rotation of employees who handle sensitive personal information is another possible measure. Likewise, more stringent employee background checks and regular monitoring updates, especially for jobs handling sensitive information, may have helped deter the alleged fraud.
- All organizations, including the military, need to review and tighten access to employees' personal information such as Social Security numbers. For example, for decades, the U.S. military used Social Security numbers as personal identifiers, which were shared all over the world as service members filled out forms, checked in on base, and showed their military ID cards.
In recent years, the military has reduced or eliminated the use of Social Security numbers wherever possible. The U.S. federal government has been removing Social Security numbers from ID cards since 2008, but they are not scheduled to be fully removed from the cards' bar codes, QR codes, and magnetic strips until 2022.
- Bank and credit card alerts could help military personnel protect their personal information from identify thieves, particularly when service members are involved in a lengthy deployment. When service members are not able to check their bank and credit card accounts regularly, fraudsters have time to do a lot of damage before anyone notices.
Deployed military personnel can help prevent identity theft by placing an active duty report on a credit report through a credit reporting company such as Equifax, Experian, and TransUnion. These alerts last for one year but are renewable. The credit reporting company is required to contact the other credit reporting companies about the alerts.
In addition, veterans may be eligible for free credit monitoring through the VA. The VA also has an identity protection program called
More Than a Number that provides veterans and their beneficiaries with information about how to protect themselves. Banks may offer similar programs.