Student financial aid scams are rampant in the U.S. I’ve been a security analyst for over 20 years and have seen this problem grow by leaps and bounds over the past five years.
Educational institutions are giving out student loans and grants, and the recipients aren’t even attending school. Instead they’re spending the money any which way, while the schools have no idea they’re being ripped off.
With a database, the Education Department flags applicants who’ve applied for federal Pell grants-applicants with an “unusual enrollment history,” such as having received financial aid for at least three schools in only 12 months.
The Department forwards these suspect names to educational institutions; the schools then request that applicants provide documents including prior transcripts. What the school then gets from the applicant determines if a loan or grant is denied.
This flagging procedure has caught 126,000 applicants who sought aid for the 2013-2014 school year.
It’s so easy to scam schools because most federal aid does not require a credit check, and how the money is spent is not tightly restricted.
A school receives the money from the government and spends some on tuition. The remainder is sent as a check to the recipients to spend on books and even living expenses while (supposedly) the recipient attends classes.
Community colleges are especially vulnerable due to their open enrollment and low tuition. The lower the tuition, the more money that’s left over to be sent to the con artist.
The proliferation of this scam can be attributed to the Internet because online applications can result in receiving aid-without the applicant ever being within a mile of the campus.
Application Red Flags
The American Association of Community Colleges (AACC) names the following alerts that financial aid offices can check applications for.
- Large financial aid refunds or disbursements
- Attendance at several other colleges
- A large student loan balance but no degree
Unfortunately, these red flags won’t flutter much if the applicant is a first-time scammer.
Data Red Flags (according to the AACC)
- Several registrations coming from similar locations out of state
- Several uses of the same PO box, physical address or IP address
- Multiple uses of the same computer and/or bank account
- The emergency contact is the same person for multiple registrants.
- Certain courses getting a fast increase in number of enrollees
- Frequent communication from similar individuals or locations
Every applicant should be identity-proofed, which is easier said than done. Verification is one element of identity proofing.
To combat this fraud, Finaid.org notes:
1. Families must sign a waiver allowing the financial aid office to obtain tax returns straight from the IRS. Some people have submitted fraudulent tax return copies during verification. Getting them directly from the IRS prevents falsification. Another route is to require families to provide copies of their 1099 and W-2 forms, especially when income figures seem suspect.
2. Request copies of the applicant’s four most recent bank statements; inspect them for unusual transfers and unreported income.
3. Conduct 100 percent verification.
4. For parents claiming to be enrolled in college, require a proof of registration plus copy of the paid tuition bill. Confirm registration with the school. And if a parent with a PhD or master’s degree is returning to school for an associate’s degree, be highly suspect.
5. In cases of divorce or separation, ask for the divorce decree or proof of legal separation, plus street address for each parent.
6. Compare to each other two consecutive income tax returns to detect any movement of assets to hide them.
There’s more that can be done for identity proofing: biometric software. Biometric Signature ID (BSI) has designed a “Missing Link” patented software-only biometric.
This is the most potent form of ID verification on today’s market, and additional hardware is not required. It measures:
- Unique way someone moves the mouse
- Unique way the user moves fingers or stylus upon logging in
- Length, direction angle, speed, stroke height, etc. of keyboard use
The password is created with BioSig-ID. Measurement of the above can positively identify the user, regardless of what device they log into. This technology makes it impossible for a fraudster to impersonate the user.
With these unique patterns, BSI software can distinguish the user from everyone else.