Oregon DMV Fraud Prevention Program Tom McClellan, DMV Administrator

 Background ◦ Program created in 2004 ◦ Collective efforts to prevent, detect and investigate incidents of DMV-related fraud ◦ Everyone at Oregon DMV plays a role

Goal: ◦ Prevent incidents of DMV-related fraud Objectives: ◦ Develop fraud related policies and procedures ◦ Increase understanding of how DMV processes may unintentionally contribute to fraud ◦ Improve fraud prevention, detection and investigation through manager and employee training ◦ Partner with law enforcement to investigate incidents of DMV-related fraud

 Proactive prevention and detection will guide planning, policy formation and service delivery  Impacts to customer service and operational efficiency will be considered when responding to fraud related risks  Policies and procedures will be comprehensive and comply with applicable state and federal laws/rules  Program will continue to change and adapt to new requirements as the nature of fraud activity evolves  Fraud Prevention Section will support and not replace DMV managers’ responsibilities

 Purpose: FPS facilitates and supports the agency’s Fraud Prevention Program  Staff: Manager, Program Coordinator, Office Assistant, Fraud Examiner, Investigators (non-sworn)  Staff Responsibilities: ◦ Evaluate Fraud Prevention Program effectiveness ◦ Conduct risk assessments - DMV work processes and systems ◦ Investigate incidents of DMV-related fraud ◦ Develop fraud-related policies for DMV Management Team approval ◦ Serve on implementation teams to identify fraud related impacts to new systems and work processes

Fraud Investigation TypesNumber of Investigations Facial Recognition System (FRS)319 * It’s Not Me100 Vehicle Title and Registration104 DL/ID Fraud59 Internal Fraud3 Multiple Categories10 “Other”3 Bribery1 CDL Fraud1 TOTAL : 600 * FRS Cases: 1,087 since September ‘08

 Policy Statement ◦ Comply with state and department policies and procedures ◦ Take appropriate administrative action against employees ◦ Involve law enforcement when appropriate  Purpose ◦ Provide guidance to managers in responding to internal fraud  Guidelines/Philosophy ◦ Share information with only those who have a need to know – discretion is a key principle ◦ Management decides what information is shared with employees at the conclusion of the investigation

 Early Stages of an Investigation ◦ Don’t talk to employees involved ◦ Keep the investigation quiet to avoid alerting suspected employees and to prevent damage to innocent employees ◦ Oregon Department of Justice and law enforcement may be contacted to conduct a criminal investigation, if appropriate  First Stage in Responding ◦ Notify supervisor (Section or Region Manager) ◦ Gather needed information and evaluate the situation ◦ Determine worse-case scenario ◦ Consult with DMV Human Resources Manager & Fraud Prevention Manager, if appropriate

 New Employee Orientation ◦ Fraud Prevention Program Brochure ◦ Data Breach Policy  Fraud Prevention Newsletter  FEWS Alerts  Management Team Meetings & Briefings

 Small Field Offices ◦ Scope:  Observe work processes  Review policies and procedures ◦ Risks/Recommendations:  Identified 39 risks and made 27 recommendations  Automate posting of knowledge test scores  Regularly rotate employees between field offices  Conduct unannounced audits by region managers  Install video cameras  Replace bank deposit bags

 Social Security Numbers ◦ Scope:  Employee use of SSN to complete customer transactions  Observe work processes  Review policies and procedures ◦ Risks/Recommendations:  Identified 17 risks and made 37 recommendations  Remove SSN field from forms when not required  Secure access to Microfilm Unit  Remove SSN from reports when not required  Display truncated version on computer screens (last four digits)

 Investigatory Tools ◦ FastData Skip Tracing Tool ◦ Oregon Judicial Information Network (OJIN) ◦ Facebook & Internet ◦ Law Enforcement Data System (LEDS) ◦ ACL Data Mining Software  Prevention & Detection Methods ◦ Establish a “perception of detection” ◦ Conduct unannounced field office audits ◦ Require separation of duties whenever practical

 Manager reports suspected breach ◦ Intranet-based form is available  After verifying an actual breach, DMV Record Services notifies all affected customers in writing ◦ Recommend customers monitor financial accounts and obtain copy of credit report ◦ Customer may place freeze on credit files ◦ Special DMV phone number is provided to customers impacted by data breach

 Skimming Schemes ◦ Late Title Presentation Fees ◦ Replacement License Fees  Driver License Fraud Scheme ◦ Collusion with external parties to provide driver licenses to undocumented immigrants

 FRS Investigations ◦ Case files delivered to DOJ investigators weekly  Federal investigations – SSA & U.S. Department of State  Internal/external fraud investigations ◦ Good response to requests for assistance  DMV/LE Coordinating Committee ◦ Quarterly meetings to discuss topics of mutual interest

 Evaluate DMV Fraud Prevention Program ◦ Assess progress toward program objectives ◦ Address issues identified ◦ Consider recommendations to improve