Headlines across the country demonstrate there has been exponential growth in benefits theft by people who are “cloning and skimming” Electronic Benefits Transfer (EBT) cards, leaving thousands of families with drained accounts and limited recourse in getting their benefits back. Thankfully, Congress included short-term reimbursement for EBT theft victims in the most recent omnibus package. This prompted the Food and Nutrition Services (FNS) to require states to submit plans by the end of February 2023 outlining their measures to provide reimbursements of stolen benefits, track data, and increase security to protect EBT beneficiaries. The Digital Benefits Network (DBN) at the Beeck Center for Social Impact + Innovation facilitated a virtual conversation last month to discuss and address the needed upgrades to the technology and systems that support benefits delivery through EBT.
Beeck Center Fellow Ariel Kennan moderated a discussion with Ashley Burnside, a senior policy analyst with the Income and Work Supports team at the Center for Law and Social Policy (CLASP) and Amelia O’Rourke-Owens, an engagement & policy fellow in the Office of Community Affairs at the Consumer Financial Protection Bureau (CFPB) to give insights into the current situation and threat to EBT benefits, its impacts to consumers, and the measures states can take to improve EBT security for beneficiaries.
For relevant government information, press coverage, and recommendations mentioned on the call, check out this resource document.
Burnside provided an overview of the impacts to consumers caused by EBT theft and how the recent federal Omnibus bill seeks to alleviate those burdens. She emphasized that the burden of preventing EBT benefits theft should not fall on recipients and it is the responsibility of states to address this issue and ensure that recipients’ data and information are protected by allocating funds to make their EBT systems more technologically advanced and secure. To reduce theft and limit the negative impacts for benefits recipients, Burnside recommended that states:
- Create informational resources about the risks of skimming, and ensure that resources are written in plain language and include pictures of what skimming devices look like.
- Articulate the steps that victims of skimming should take, including how to get reimbursed for stolen benefits.
- Raise awareness of common phishing practices in their state.
- Educate recipients on best practices to protect their accounts, like creating complex pin numbers.
- Ensure agency communications do not blame, shame, or stigmatize recipients for falling victim to theft.
- Reimburse stolen benefits beyond the scope of the omnibus bill. For example, if a recipient had three months of benefits stolen, federal funds only reimburse the amounts for up to two months; states can leverage their own funds to cover the remaining amounts.
- Process reimbursements simply and efficiently to limit the burden on recipients to prove their benefits were stolen, especially notifying recipients of any timeframes they must report thefts by.
O’Rourke-Owens defined and explained the various forms of EBT theft and consumer banking technology impacting EBT security. Key terms include:
- Card skimming: when a card’s data is stolen from a point of sale device; this typically happens with magnetic strip cards.
- Card cloning: duplicating card information into a blank or other stolen card. Oftentimes, cloned cards are filled with data obtained through card skimming.
- EBT fraud: facilitated through methods such as spear phishing, which is typically done through hyper-targeted calls, emails, or text scams in which clients share personal information that enable an account takeover.
She highlighted that much of the theft is perpetuated by technologically-savvy organizations
continuing to evolve and scale their practices and infrastructure, and She also shared a training opportunity CFPB for state governments to integrate data and technology into casework (email IGA@cfpb.gov for more info). She stressed that states can leverage their existing infrastructure and data to identify EBT theft patterns and larger problems in user and vendor fraud. Patterns can look like identifying alarming transactions and card use behavior, out of state transactions, extremely high benefit spending within hours of disbursement, and full depletion of benefits in one transaction.
Further, O’Rourke-Owens shared consumer card technologies that could be applied to EBT including:
- Practices such as banning simple PIN numbers.
- EMV, or chip security cards to align with industry standards. Chip cards are more secure against skimming because they are more protective in in-person transactions. Many merchants have adopted this technology and it is preventative especially in a single point of sale transaction.
- Card Verification Value, or CVV. This is a combination of numbers specific to one card that can be found on the back of it. It is used to add a level of security in online transactions.
Over the coming months, the DBN will continue to track this issue, share resources, and create opportunities for idea-sharing and dialogue across sectors. If you would like to discuss your own experience with EBT administration or policy, or share pressing questions to help shape future DBN conversations on this topic, you can get in touch with us directly at firstname.lastname@example.org. You can also stay up to date with our research and other projects by subscribing to the DBN today.