The federal government has long struggled with technology and is far behind private industry in using data to prevent fraud and payment errors. The Computer Matching Act of 1988 is one of the biggest barriers to government using data and technology to safeguard taxpayer dollars from fraud and abuse.
Passed when personal computing was brand new, the Computer Matching Act reflected a fear that combining datasets would risk government overreach. This is important, but the Computer Matching Act’s overly broad approach also prevents monitoring federal payments the way your bank or credit card monitors your payments.
This law is a huge impediment to technology that could prevent fraudsters from exploiting programs meant to help Americans coping with situations ranging from disasters to retirement to economic shifts. It is also an obstacle to protecting Americans from identity theft.
In 2024, the absence of effective technology to safeguard payments resulted in an estimated $135 billion in overpayments, meaning the government paid out too much either accidentally or in response to a malicious actor. In 2023 that estimate was $175 billion.
The Computer Matching Act established a painful bureaucratic process in which agencies must draft agreements between agencies to compare data, establish Data Integrity Boards to assess cost-benefit analyses to justify matching activities, publish details about the analyses, and submit reports to the Senate.
All of this must be done once every 18 months just to perform basic analytical activities. Worse, data matching agreements have historically taken a long time to approve. When I was the director of an analytics center at the Department of the Treasury, one request to combine data sat for more than two years.
The inability to combine data across payment programs prevents basic safeguards, such as identifying when a fraudster applies for multiple benefits with the same personal information. Schemes like this were rampant during the pandemic and diverted $5.4 billion from a single loan program away from citizens needing help and into the hands of bot farms and illegal actors.
The Government Accountability Office’s solutions for these kinds of improper payments include requiring agencies to report on antifraud controls and assess risks. Yet these solutions — which GAO has been recommending for years — would largely be a waste of taxpayer dollars. New and more complex monitoring and reporting of a problem that is already so well documented will not solve the problem. It amounts to merely watching the theft happen, all the while increasing administrative costs.
We need real data-centric technology solutions, and these cannot be developed as long as a nearly four-decade-old law prohibiting comparing data is in place. I want the government to alert me if someone is using my name and Social Security number to apply for disaster assistance for a hurricane in Florida when I live in Pittsburgh. I want the government to alert me and stop someone from using my name to apply for unemployment payments when I am gainfully employed.
What happens if another economic crisis occurs and I need that temporary support, but a terrorist organization has already stolen those dollars, using up my eligibility and putting those dollars to a terrible purpose?
In the same way your credit card company combines your travel data with your purchases to detect that your account is being used at a gas station four time zones away, the federal government should monitor financial payments to prevent identities from being misused. The elimination of these bureaucratic approval processes would enable the same basic analytics in government that we already expect of financial services companies.
I recognize that many people have concerns about government overreach. For some, those fears have been heightened by the Department of Government Efficiency’s use of data. Many may feel this is not the right time to change legislation that could serve as a safeguard to overreach. And yet as Congress and the administration contemplate reducing budgets related to the social safety net, those dollars become even more critical to protect.
In addition, we need a modern view of the role the government plays in identity theft. Government programs are a source of vulnerability for our identities to be exploited, and yet there is no program to stop bad payments even though the federal government could do so, just like your bank. The Federal Trade Commission has a process for reporting identity theft and will help you to develop your own personal recovery plan, but this is fixing damage that should have been prevented and requires hours of your own work.
Reforming the Computer Matching Act could not only save billions, but it could protect Americans from ruinous identity theft that diverts their tax dollars from support they may need in a crisis. It’s time for the federal government to stop talking about fraud and start using data and technology to protect its citizens and our taxes from falling into the hands of bad actors, terrorists and others interested in making America more vulnerable.
As Congress works toward a budget and considers new legislation to reshape the government, an update to the Computer Matching Act should be on its to-do list.
Joah G. Iannotta, Ph.D., is the former acting deputy assistant commissioner for data at the U.S. Treasury. She is a former senior vice president at one of the nation’s largest banks, where she worked to use data to strengthen payment integrity.