Wednesday, 11 August 2010

Fraud–if only Government knew what Government knows….

The Government has announced yet another attack aimed at getting fraud out of the benefit system. But like all such pledges made over the past 15 or so years, will it succeed?

The use of external credit checking organisation is a worthwhile step forward – these organisations have the sorts of sophisticated databases and search engines that, despite continual recommendations by the IT industry, Government has consistently failed to put in place over the past two decades. (Within Radius we submitted numerous proposals to central government, and yet not one was picked up – the common reason being given that “there’s no money for fraud detection”).

At the time our strap-line was:

“If only local authorities knew what local authorities know”

It’s still the same today – within local authorities (and some Government departments), data is held in individual departmental silos – inaccessible to their own internal fraud teams, yet alone front-line staff dealing with benefit claims. Then each local authority is an island of information separated from its neighbouring (and all other) authorities – how many housing benefit claimants claim benefit in one local authority area whilst having a taxi driver licence in another (or even working for another authority?).

Meanwhile, central government has numerous lists of relevant names (e.g. the names of tens of thousands of immigration/asylum offenders and absconders who have exhausted the appeals process, and are not entitled to public funds), that, even if they were made available to local authorities and other departments, could not be used because of the lack of investment in counter-fraud computer systems.

The National Fraud Initiative (NFI) operates a data matching service for participating organisations, using data matching across a large number of databases to identify potentially fraudulent activity. In its last report, the NFI claims to have found £215M p.a. of fraud, perhaps a reasonable result in absolute terms, but a very small percentage of the National Fraud Authority’s figure of £7 billion p.a. of public sector fraud estimated to be in the system. The biggest gap in this initiative is that only one government agency took part – not a single central government department participated.

The next gap is within local authorities and other organisations using NFI – in 2008/09 only 269 prosecutions resulted from the NFI – and although 16,535 blue badges and 21,534 concessionary travel passes were cancelled, this is hardly tackling serious benefit fraud. NFI sends authorities lists of ‘potentially fraudulent activity’ – many (most?) authorities lack the funds/staff/time to investigate the people identified by NFI. As one councillor told me “there’s no money in fraud detection” whilst another told me “I don’t want to catch housing benefit fraudsters amongst my electorate – they clearly need the money to live, and if government is prepared to pay them, why should the council seek to stop them?”.

Also, as most Officers will say, it is a lot easier to detect fraud at the point it tries to enter the system, rather than after it is in the system. Carrying out an annual data matching exercise is too little too late – such data checking should be available at the time a claim is submitted – not up to 12 months later. Also, where authorities’ fraud teams are investigating individuals, or have a known fraudster, there are very few ways that the information on that individual can be shared with other authorities or organisations (worthwhile regional initiatives such as LTAF – London Team Against Fraud – have been starved of cash and doomed from the time of their birth).

So how to move forward?

The best way may be to have a unified benefits system under the control of a single body. If this were assisted by each claimant having a unique ‘entitlement’ number or card then so much the better (NINO’s would have helped, had there not been, reputedly, over half a million extra NINOs in existence). This may be the new government's aspiration, but I doubt that it will happen quickly, so in the meantime key initiatives should include:

  • local authorities must be encouraged (via much more generous financial subsidies/payments) to find and stop fraud both entering the system, and once it is in the system
  • the NFI must be expanded to include all government departments, and
  • the NFI’s systems should be re-engineered to allow for much more frequent data checks (to help stop fraud entering the system)
  • a secure, centralised database/network must be created to allow the fraud departments with local authorities and other public sector (and perhaps private sector) organisations to share information on confirmed and suspected fraudsters.

P.S. Many Councillors and Officers try to hide their lack of support for counter-fraud data matching behind the Data Protection and other Acts. I won’t try to examine the detail of the complex legal framework, nor add the caveats about informing citizens, but suffice it to say that data matching exercises are OK provided they are solely ‘for the purpose of assisting in the prevention and detection of fraud’.

Thursday, 5 August 2010

Wave goodbye to Google Wave

Only just over a year after its launch, Google has announced the end of its Google Wave initiative as a stand alone product.

As I noted in my Google Waves hello to Microsoft post last year, the initiative introduced an integrated set of tools around email and instant messaging that would make it a whole lot easier to manage internal collaboration that other tools then on the market. It has driven some changes in other suppliers’ offerings, with Microsoft’s Outlook 2010 introducing a small part of the same functionality (and I think more will come over the coming years).

However, Google apparently never overcame the security implications of Google Wave – one of the factors that has contributed to a very poor take up of the technology by corporate customers. To quote from the Google announcement:

“ …. Wave has not seen the user adoption we would have liked. We don’t plan to continue developing Wave as a standalone product, but we will maintain the site at least through the end of the year and extend the technology for use in other Google projects.”

So perhaps some of the technology will find its way into other Google products….

Monday, 2 August 2010

SaaS is the answer – not G-Cloud

Over the past couple of weeks, I’ve posed an interesting conundrum to a number of decision makers involved in purchasing software applications for local authorities. All discussions started off on the premise that ‘cloud’ computing is the way forward, and the question was:

If you were looking for a new back office application, assuming the 5-year cost of ownership is the same, which of the following would have the greatest impact on your decision:

  1. the application runs in G-Cloud?
  2. the application runs in a supplier-managed cloud?
  3. the application runs on the LA-managed cloud/data centre?
  4. the licence agreement is on a SaaS basis?

In all but one case, the answer was a pricing based on SaaS, where the LA pays based on usage – there was little concern about where the application was run, the focus was on price and matching that price to usage.

To me this was a surprise, firstly, because LA’s have historically disliked the ‘blank cheque’ approach of true SaaS agreements, where if usage increases so does the cost – they have typically liked to budget for a cost and know that that budgeted cost will not be increased, come what may. In discussions, most did not expect transaction volumes to increase, and wanted the flexibility of SaaS agreements to allow them to manage and move their transaction volumes as the years progressed.

This led to discussions on the types of SaaS agreements being offered. Most said that they did not regard SaaS agreements that stipulated a minimum level of commitment as true SaaS contracts. They regarded volume pricing as acceptable under SaaS (i.e. if volumes decline below certain levels, then per unit pricing increases), but only if they were not punitive. (However, perversely, one person believed that suppliers should have a maximum cap on total annual cost - whilst not having a minimum level of commitment on the LA).

I was also surprised by the lack of emphasis on, or questioning about security levels. Either the messages about overcoming the security hurdles are getting through, or there is a growing cynicism about IT departments over-stating the potential problems to support their own preferred solution. Not surprisingly, the one dissenting voice came from Social Services who put security top of his list, and would insist on the applications only running under the management of the LA.

Although my survey size was not large enough to draw firm conclusions, it would appear that suppliers will need to look harder at their own commercial terms, rather than just the technical hosting solution, if they are to win over new customers in the future.