Sen. Elizabeth Warren, D-Mass., is asking the Treasury Department to bolster fraud prevention efforts within a program for Social Security recipients following new information she received from Dallas-based Comerica Bank.
Comerica administers the federal Direct Express program, a prepaid debit card option for Social Security and Veterans Affairs benefit recipients who lack bank accounts.
The program's offerings include a now-suspended Cardless Benefit Access feature that customers could use if their cards are missing. But the American Banker reported in August 2018 the cardless feature had some security vulnerabilities that criminals were able to exploit to make fraudulent purchases.
In a letter to Treasury Secretary Steven Mnuchin, Warren highlighted information she received in October 2018 from Comerica Chairman and CEO Ralph Babb Jr. detailing the extent of the issue. The bank said there were 480 cases of fraud in the one year following the August 2017 introduction of the feature, according to Warren's letter. In all, there were nearly $460,000 in total confirmed fraudulent purchases, with an average of almost $1,000 for each affected individual, the letter said.
Warren also wrote that while Comerica did not suffer a cybersecurity breach, its protections "were not robust enough to prevent fraud when criminals obtained" personally identifiable information from other sources. A better-designed program, she wrote to Mnuchin, could reduce the risks of such fraud.
The company said in a statement that the cardless feature remains suspended while its investigation into the issue continues. All the beneficiaries who were affected were reimbursed, the company added.
"We are focused on any Direct Express cardholders affected by fraud and remain vigilant in efforts to prevent it," the company said. "The incidences of fraud in the program are very low when compared with other prepaid card programs and significantly lower than the paper check program that it replaced."