The PF is investigating a fraud of more than BRL 450 million in benefit payments September 18, 2022 | 1:00 p.m
PF uncovers scheme and evades nearly R$500 million in INSS fraud
Federal police have identified suspected fraud that could reach R$ 486 million in benefit payments, such as isolation aid, aimed at protecting relatives who, with the arrest of the insured, could be left without income and, in the case of young people, drop out of school to would work.
The anomaly detection operation also relied on the work of the INSS (National Social Security Institute) and Febrabana (Brazilian Bank Federation). The intelligence sectors of the financial institutions that make these payments have found evidence of irregularities in the transfers.
According to the PF, the alleged frauds were committed by accessing the passwords of 29 INSS servers. The main suspicion is that the codes have been hacked. Also according to the police officers who participated in the action, by accessing the agency’s system, the criminals were able to reactivate the benefits and change the bank account information so that the payment could be made.
Investigators told Folha that, among the evidence found so far, in a large number of cases it was possible to identify that the bank account holders were not the same beneficiaries.
Another pattern observed is that the reactivations were carried out in fees that were close to five years old, with amounts that never exceeded R$ 100 thousand – which, in theory, would be to avoid attracting the attention of control bodies, such as Coaf (Council for control of financial operations).
“The federal police have discovered, using massive data analysis tools, the existence of thousands of false reactivations of welfare benefits. In this way, the most urgent measure to prevent the evasion of public money was the activation of financial institutions, which made it possible to block the payment of millions of reals in false benefits”, said Cléo Mazzotti, the main coordinator for the fight against farm crime. in the Federal Police..
The biggest concern of the police was to stop the payments as soon as possible. This is because the experience of investigations of this type shows that it is difficult to recover the money once the transfer has been made. In some situations, it is possible to find the authors, but funds are rarely returned.
The investigation began in June of this year, and since then payment blocks have started.
More than 13,000 benefits that would be paid out – among them prison benefits – are being targeted by the investigation. compensation is paid to dependents of workers who have at least two years of urban activity recognized by INSS and do not receive compensation from the agency, among other requirements.
According to the INSS, a deeper analysis will conclude, within that amount of R$ 486 million, which benefits would be paid irregularly and which were regular. Therefore, the agency does not yet have information on how much can be compensated.
PF is now investigating whether the action was orchestrated, whether it came from the same group and is trying to find the authors of the alleged fraud.
In the wake of measures to combat deviations, INSS concluded the distribution of tokens in early September to improve the security of the agency’s server access to user data and the system that authorizes the granting of benefits.
Access is now protected by three mechanisms: each server’s personal password, two-step verification (a code sent to the server’s cell phone) and a token (a type of pen drive that must be inserted into the computer to unlock the INSS system).
The tokens cost BRL 1.34 million and must be renewed in three years.
“Historically, INSS is a target of fraud, it is a target of all kinds of problems. In recent years, we have started to intensify our partnership with other bodies. Fraud has become more and more sophisticated, and the world is investing more and more in security. So the public sector cannot be left out of this,” said Director of Information Technology at INSS, João Rodrigues da Silva Filho.
The process of buying tokens started last year, as an INSS project. The purchase was made at the beginning of 2022, and now in September, the system of all the agency’s servers (about 20,000) began to require the device.
This new phase started as a test for a more limited group of servers, but after six months it was accepted by the whole body.
Tokens were even distributed to servers of INSS agencies across the country. According to Filh, the device has become necessary even to access the user’s history and process.
“The amount invested in security is very small compared to the risk of fraud,” said the director.
INSS works together with other authorities to avoid losses in the payment of benefits. In addition to PF, there are working groups with the Ministry of Social Security and Labour, GSI (Office for Institutional Security) and Dataprev.
Banks, for example, cross-check information to find out whether the benefit to be paid will be deposited into an account with the same CPF or a family member. Otherwise, there is an indication of fraud.
Another measure that INSS envisages is the replacement of the computer network, one that has faster access and that gives greater autonomy to the agency. Currently, in case of any suspicion of improper access to server data and passwords, INSS cannot immediately block access — sometimes it depends on Dataprev.
In addition, the INSS wants to invest more in training courses and public officials’ awareness of the risks of fraud in order to prevent circumvention of the system.
Camila Mattoso and Thiago Resende, Folhapress