> The DfE told the Guardian that once a possible match has been identified, the beneficiary may be asked to confirm that they are not the same deceased stranger every 12 months since the system, administered by Capita, does not log a disproved link.
Well there's your problem. Crapita, I mean.
And yet it's completely possible:
> After the Guardian queried the process, the DfE said it would make an exception and decouple McGrath’s name from the deceased’s so that she would not be contacted about it again.
"After enough public backlash we've fixed the problem for this one person. We hope everyone stops bothering us so we can continue to not fix the problem because denying benefits is profitable to us."
> letters make no mention of a deadline or the fact that their payments will cease if they do not respond within 28 days. A spokesperson said this was “to avoid causing upset”
This is the most stereotypically British thing I’ve heard this year
It's also a blatant lie, the system is broken and the government allows social services to be so bad because it wants to spend as little money on them as possible.
Every year my grand parents have to take a photo of themselves holding a recent newspaper with date clearly visible to whoever is managing their pension.
After the internet and apps plaged the world, now they have to download an app then tilt node and wink to the camera to prove that they are alive. ("If you cannot use a phone, ask your children")
I have mixed feeling about this, it's hard to say this is not degenerating, and no one's happy with doing this, but seems like there's no better idea that scales.
What about a public registry of deaths that can notify parties with justified interest (pension providers, maybe insurances and banks) about such events? That should work for domestic cases at least. Tracking deaths for people living abroad in their retirement is more tricky I admit.
Maybe such a registry doesn't exist in the UK to begin with? Since it also doesn't have a residence registry.
Edit: my bad, it actually works too well and then they do a bad job at matching records. I should have read TFA first...
That assumes all deaths are logged. There are strong financial incentives for relatives to hide a death from the government if it means getting a check every month
It's quite hard to hide a death in the UK. In hospital all deaths are certified, outside of hospital you have the interesting problem of how to deal with the corpse. And in addition to the death register there are also tax filings (including Council Tax, which is a hefty sum and paid monthly), utilities, and other services that require ID.
The media do print occasional Capitalist Gothic stories of people who kept a corpse in their house. But that's incredibly rare and - for obvious reasons - a high price to pay for a monthly cheque.
The government loves spending money on themselves.
So the government thinks it's perfectly reasonable to have 50 FTE spend 5 years on preventing a single false claim. Ideally through the commisioner's brother's company, not directly. This is a necessity!
The usefulness of a death register depends on how well people are identified.
In the US, the pervasiveness of social security numbers as id makes the social security death register very useful. Sure, there may be some deaths unreported, and some reported under the wrong SSN for various reasons, but most of the time it works.
I don't think the UK has a similar enumeration of people, and then you've got data problems. Names drift over time. Name and birthdate aren't unique. People may forget their birthdate non-fradulently and use another one; people reporting the death may not have the right birthdate and guess, etc.
What? The parent seems to argue that it's good enough that "most of the time" it's the correct SSN that's declared dead. No big deal that occasionally the wrong SSN is blamed. How can that be good enough? The point of all these systems is that they can go wrong. And since we are dealing with people who, you know, have other things to do than fixing other people's mistakes, then these systems must make it easy to correct the problems. And should minimize the consequences. And probably compensate for them.
What does that even mean "annoy the "false positives"" in this case? You mean just leave them dead?
With "false positives" I mean people mistakenly identified as deceased. Anyways, since there is an SSN, such problems happen less often to begin with. And once it is resolved, then it should stay resolved as the record is associated with the SSN.
Even in the present UK case, the actual problem was the incompetent way how the "false positive" was resolved, not the fact that it occurred in the first place
It is fun that this is even a problem in some parts of the world. In Denmark we absolutely know when people are dead and pension payments to deceased people is a non-issue.
> In other words, it happens, and you are none the wiser.
in other words, you assume... don't forget culture and upbringing is one hell of a drug.
perhaps they are fully aware, and the minimal amount of abuse is the price they're willing to pay to avoid "discrepancies" like the one from the article.
How much do you think live selfies where you have to wink cost? How much effort do you think that is for people? People who have to "ask their children" for help*? Maybe 1% of the cost of the program? if fraud is already less than 1% or even near it. seems like a great deal to me.
*: if you're the kind of person that believes "ask your children for help", so you can prove to us you're not guilty, is reasonable. You're what's wrong with the world, please resign.*
while social responsibility is one of the main reasons why this does not happen there are several: we have a central people registry of all people eligible to pension. so if a dead person is registered at a hospital, it automatically propagates to all systems (without the issues mentioned in the article).
the amount of registration and control happening to Danish people (with their consent) is inconceivable to the US mentality.
your can not probate an estate without registering a person as deceased.
But I am actually curious on how people steal deceased people's pensions? what happens when it is realized that the person is dead? (eg. by turning 180 years old).
in Denmark all pensions would have been paid out to the pensioners bank account. if somebody withdraw or transferred from that account, they would be caught an prosecuted.
because of this, I guess most people doing this would get caught.
Um, yes? When did we become such a shitty society that we can't employ a couple people in the government to go check on elderly pensioners once every 5 years or so?
The problem here is that the outsourced company doesn't want to spend a couple dollars to employ an actual person to either take a call or go check on people.
These kinds of things are supposed to be the duty of government precisely because they are unprofitable.
There's still a million ways it can fail. The person can be on vacation, the address could be a P.O. Box, the person could be in a hospital, their phone could be dead, etc. Handling all the edge cases would make such a simple system immediately complex.
> Handling all the edge cases would make such a simple system immediately complex.
That's the difference between a Proof of Concept and a production system. I'm hard pressed to think of anything I've ever developed that did not have this property.
It's sad that you dont realize that many old people dont know how to make the most basic stuff on smartphones or computers. And dont have someone to help them.
Try hosting a class for pensioneers where teaching how to send a photo via email is a gigantic achievement.
Seriously how are so many programmers unglued from reality - that old people dont know how to do stuff, even if someone teaches them. And lots have nobody to teach them.
Then the government pays less by violating the law.
Why would they consider this to be a problem? They defunded the courts, especially for cases like this. And even if convicted, it won't affect anyone personally. Except of course through promotion if they can make it happen as often as possible.
It's really simple. You just require that the death certificate is used to close down a pension[1]. Sure people can continue to fraudulently claim a pension but at some point it's unsustainable and they'd be forced to fess up and they will be suitably prosecuted.
> ... asked to confirm that they are not the same deceased stranger every 12 months since the system, administered by Capita, does not log a disproved link.
This is a bug in their system. Rather than fixing it, they prefer repeatedly and unashamedly asking old people whether they are dead.
To be fair, there have been several stories (normally "world's oldest person!!!" type) where relatives have been claiming pensions and benefits for sometimes decades after the actual person died.
Whether the number of those stories and the amount of money involved is worth the hassle to the people not defrauding governments is left as an exercise to the reader...
More like, "some people try to commit fraud, so banks are required to implement AML/KYC processes to make the attack more difficult". Repeatedly asserting one is not dead is, if you think about it, more or less analogous to the documentation requirements for managing a large account at an investment bank.
Is it the best solution? Likely not. But the problem is real and does demand a solution of some form.
> Is it the best solution? Likely not. But the problem is real and does demand a solution of some form.
From the original article: "According to the Department for Education (DfE), which oversees Teachers’ Pensions, death register entries may be matched to scheme members even if personal details differ. The DfE told the Guardian that once a possible match has been identified, the beneficiary may be asked to confirm that they are not the same deceased stranger every 12 months since the system, administered by Capita, does not log a disproved link."
The problem is with the approach in attempting to reduce fraud.
Once a false positive from an incomplete match from the death register is proven false - when the pension recipient tells you they are still alive - you don't need to check up on that same incomplete match every 12 months, because you already know it's false.
Demanding "a solution of some form" completely misunderstands the problem and is the same approach that gave us the Post Office scandal.
> same approach that gave us the Post Office scandal.
I don't follow? This is just a data quality problem. Should it be fixed? Obviously. But everyone deals with bad data. You can't fix that, you just optimize around it.
The Post Office scandal was emphatically NOT about a data quality problem. It was that they were criminally prosecuting people to cover up their data quality problem. Again, everyone has bad data.
Isn't this really a process problem (i.e. a missed requirement), so that after the first instance of a queried match (for whatever reason), the unrelated death record (which will have some kind of unique document identifier or can have one derived from the information on it and date of issue) can be excluded from being matched against the subject user? (As realistically you could have 2 people with same name and DOB, it seems like the issue here is not data quality.)
It sounds like nobody created a requirement in the design stage for the ability to say "I've checked this, it's not the same person, don't flag this same death entry again". That's maybe not something envisaged at requirements time, but the need for it now becomes apparent.
AML/KYC regulations are, well, as the name suggests, anti-money laundering regulations, they aren't about the customers defrauding the bank. The bank presumably doesn't need to have regulations to incent it to keep its customers from defrauding the bank itself.
Not only that, AML/KYC regulations are extraordinarily ineffective. It appears that some people thought they were a good idea and passed them without ever following up to see if the benefit is worth the cost, and the answer turns out to be a resounding no.
This is worse than that. At least in theory if you spend resources prosecuting fraud, you could prevent more fraud than you prosecute through deterrence.
But that doesn't apply here because the reason KYC/AML is so ineffective -- literally 99.9% ineffective -- is that it's so easy to transfer value in some other way. And in turn to claim that even if you're using a traditional bank.
Money laundering is fundamentally very simple. They open a business that could plausibly generate that amount of profit and then claim the money was the proceeds of that business instead of the illegal one. The bank has no better way to know this is happening than the government, and the only people who do are in on it. So the rules are totally ineffective and because they're totally ineffective, they don't provide a deterrent.
But it's even worse than that. Most government waste is actually somebody's profit or salary, so then they lobby to keep it, but if it's a lot of waste then competing sociopaths lobby to cut it so they can get the tax money, which provides at least some financial pressure to limit the excesses of any given program.
The primary cost of AML/KYC rules isn't tax dollars. They fall on the general public through invasion of privacy, bureaucratic overhead, transaction costs and impaired competition between financial institutions. The general public is a diffuse group without organized lobbyists and without a thorough understanding of how much this is costing them. It also falls disproportionately on people who are already disadvantaged and have even less political influence than average. So there is no one supplying strong political pressure to get rid of it despite the high costs and near-zero effectiveness -- it's basically down to the people who have figured out how stupid this is to make it go away on their behalf.
This is a stupid take. Partly because of the use of acronyms for key terms, but also from the "constantly bothering a person is okay because it makes good security easier for us". There are plenty of good solutions that don't require you to heckle old ladies, and regular queries are generally bad security policy anyways. Regular boilerplate check-ins just breed complacency, after the 30th one do you think the person checking in is going to make sure the voice they are talking to on the other side is the right person? People get lax doing busy-work they know could and should be done by a computer. You ever had a job where you had to change passwords every 90 days? Opposite of security.
> This is a stupid take. Partly because of the use of acronyms for key terms
I thought that was clear enough in context. But: "Anti-Money Laundering" and "Know your Customer". They come up a lot in discussions here. Also, FWIW: if you're unclear about what someone meant, calling them stupid is a really terrible way to educate yourself.
I honestly have to ask if you read the article. The only reason this is happening is because of how their system works, not because of any laws. When they detect that someone with a similar, but different, set of identity information dies they reach out to see if that person is the same as the one paying out the pension to. The problem is that once they confirm it is not the person, they keep asking anyways.
This woman had to confirm three times in one month, and then still had her pension stop.
That is indeed exactly how much of the world works. We have the irs because some people would refuse to pay their fair share of just asked to. We have speed limits because some people will force too fast otherwise.
That is throwing the baby out with the bath water. The amount of fraud doesn't justify creating such burden on users. The problem is there is a market failure in the form of misaligned interests (the provider's best interest is to make the process as difficult as possible, not only to curb fraud, but also to avoid paying actual customers). This can only be fixed with government oversight and steep fines (so steep that they are more expensive than doing right by their customers).
To be equally fair, "Crapita" (as private eye calls them) is an incompetent joke that scores government contracts through corruption and then pays the bare minimum (below minimum wage in one case) to the providers of its services. There are lots of examples like the one a above.
I think had relatives in Poland in the 1980s who were collecting social security for a dead person.
The U.S. has a database of social security numbers of the deceased which is quite interesting for a few reasons. It is closely guarded because social security numbers are assigned sequentially by geographic region so if you know someone’s SSN you can get their date of birth or vice versa.
If you manage to get in that database you are really in trouble because every financial institution has a copy of that list and there is no procedure to get you off. It is quite literally a “financial death sentence.”
> because social security numbers are assigned sequentially by geographic region so if you know someone’s SSN you can get their date of birth or vice versa.
This has been false for decades. (early '90s, I think?)
If it stopped being true in 1990, then it remains true for anybody over the age of 34, which is not exactly a small chunk of the population. (Though yes it's a good thing they stopped doing sequential numbers)
My sisters were born after 1990, and they have random ssn's ... especially compared to my brother and I who were born before 1990 (we were all born in the same city). I think the scheme implemented in 2011 is a more random one than the previous scheme or maybe it wasn't implemented everywhere before 2011, and took 20 years to implement (which is also believable).
SSNs are no longer distributed in that fashion. They are randomly assigned since 2011. But they also weren't sequential. They were divided up by regions and doled out to more local areas.
> social security numbers are assigned sequentially by geographic region so if you know someone’s SSN you can get their date of birth or vice versa.
Note that enumeration at birth is a recent policy change. Before enumeration at birth, people would not get assigned a number until they (or their parents) asked for one. So while there is a sequential numbering (before that changed) and its tied to geography, the sequence and geography is connected to time and place of assignment, not time and place of birth.
For example, my parents got SSNs for me and my siblings all at once, sometime in the 80s, I beleive as it became required to claim dependents on tax returns. I don't think our SSNs are sequential, but they're close; however my siblings and I have different birth years and could have been born in different states than where we were enumerated.
Sorry, I am missing something. Are you saying that the people that are dying every day, in the developed world, is uncounted by a big margin? What is that margin?
You’re asking for the concrete number of people who are dead, but the folks in the system don’t know it?
And where there is a financial incentive for recipients to hide this fact?
That’s about as (actually) knowable as how many folks in LA are drug dealers.
We know some are, clearly, since they’ve been caught. But that is not going to be even close to correct in real terms, because they are of course going to work very hard to not get caught.
States “ According to the Social Security Administration’s Inspector General, in 2013 just over 1,500 deceased individuals in all age ranges were still receiving benefits. They account for only $15 million in improper benefit payments.”
And “According to the Social Security Administration, all improper payments, including payments to the deceased and the very old, are estimated at about $3 billion per year.”
That is in the US. And the SSA is really aggressive in trying to track down these issues. Most other pensions don’t have their resources or the type of political pressure they get.
I’ve personally overheard enough discussions among old folks to know that isn’t even the tip of the iceberg though, anymore than arresting Bob for possessing coke is ‘stopping drug trafficking’.
The main issue I see is that we are discussing in HN complex subjects like sending spaceships, AI, chip making, and arguing about something that if not fixed is because of bureaucracy first. For example, don't you think that the issue with the woman in the article could be easily solved with the UK resources put in health? I understand that probably you cannot solve 100% of cases but it is aberrant that the issue is not solved when perfectly can be.
It’s small enough of an edge case (and having it broken probably usually saves them money because some won’t be able to fight it) that fixing it hasn’t been prioritized by management, and the system to stop payments saves them enough money from fraud they aren’t getting rid of it.
Frustrating, but I’m sure we’ve all been there in some form as software engineers.
The article is attempting to publicly shame them enough that they fix it, which might work. Most organizations are allergic to bad press.
The behavior you are engaging in is known as "moving the goalposts." It involves changing the criteria or rules during an argument or discussion, ("in the developed world" -> "for European and American countries") making the original point or argument difficult or impossible to address satisfactorily.
That blog post doesn't actually talk about Japan except for in a passing quote, which itself (as best I can tell) specifically refers to economic growth and very well might be apocryphal in the first place.[0]
“Massive scale” is a distraction because society is even more massive. For example, if you’re talking about school pensions you have a school system with employees and that means you could do things like have someone check ID in person, and perhaps require a non-relative witness if there’s any question. Doctors offices could similarly be enlisted to certify that person X is the patient they’ve been seeing.
The problem with this is simply that it’s not absolutely free, and the people promising savings through outsourcing need it to be free to make their promises happen. Cutting budgets everywhere removes the slack you need to deal with things like this.
You'd think if they are able to reliable set up a contribution scheme that works at scale that they could set up a system to ensure they only pay out to individuals that are still alive.
The possibility of impersonation isn't limited to pension pay-outs but many other things as well. A once-per-year on-site visit would work and would just be a cost-of-business item, and that cost could be lowered substantially by collaborating with other entities who take an interest in such information (banks, governments etc).
They send pension checks out to specific addresses and accounts at exactly the same scale. Does it seem unreasonable to add 'attempt to call the pensioner' into the 'maybe they are deceased' part of the verification protocol?
True, and colloquially much of the longevity attributed to countries like Japan may have some basis in this type of fraud. However, every bill comes due eventually and you typically need to present a death certificate in most countries or answer one of these proof of life surveys.
I mean, in a broader sense it isn't a bug. the government outsourced it to Capita explicitly so there's a responsibility gap into which people can fall and lose their money. it's not like these services suck and are hostile to normal people by accident - if the Powers That Be wanted it to not suck then they wouldn't structure systems like this.
There is no gap, or rather it is artificial and created on purpose. The government is accountable (not responsible, there is a difference) for the entire process to work without any gaps.
It's more that it is proof that you are who you say you are. I just recently had to order birth certificates from my state. They ask for at least 1 of many different types of proof.
For newborns, hospitals release a 'statement of facts' that allow you to order the birth certificate. YMMV.
Swiss pensions for foreigners are also only paid if the recipient proves they are alive once a year. My father had to sent proof of being alive for decades.
To be fair, it is much harder to verify this automatically if the recipient lives in another country.
That's also different, as it's a known and deliberate process that -- I suspect -- has both a set expectation that the recipient will check in and an explicit reminder before payment is stopped.
It is reasonably easy for the pension provider in the case at hand to tell when someone dies. A bit too easy, some might say.
> vetting procedure that regularly checks pension beneficiaries against the death register to prevent ineligible payments. According to the Department for Education (DfE), which oversees Teachers’ Pensions, death register entries may be matched to scheme members even if personal details differ.
> She had fallen victim to a vetting procedure that regularly checks pension beneficiaries against the death register to prevent ineligible payments...
the beneficiary may be asked to confirm that they are not the same deceased stranger every 12 months since the system, administered by Capita, does not log a disproved link.
As a consultant, I would be willing to provide a simple fix to this problem for a modest fee. I won't say what it is yet, but I am confident it would work.
Thankfully I have since moved on to greener pastures. Oddest thing about Capita is that they are able to recruit a lot of smart, competent young people, but then put them to work on maintaining the most awful systems.
> the beneficiary may be asked to confirm that they are not the same deceased stranger every 12 months since the system, administered by Capita, does not log a disproved link
... and there it is. Crapita, the source of all woes, decided to do a just-good-enough job rather than a good job.
Come on. Even DVLA can handle the case where 2 (or more) people have the same first and last name, and middle initial, and date of birth, when issuing driving licences. They don't mix those up.
Barclays closed my mother’s bank accounts because they thought she had died. It was a “clerical error” ie someone had received a death certificate and processed it with about as much rigour as a 2 year old could muster.
They sorted it within 5 days though and paid out compensation and sent her a hamper as an apology. Hopefully they fired the moron who kicked off the process too.
At the end of the day this shit happens but this should trigger a full review and pause all destructive outcomes immediately as mitigation. But being Capita I doubt it will happen.
It’s not a simple mistake. It’s a critically damaging mistake to someone. Any process around such an event requires considerably more competence than what was demonstrated.
In this case their investigation said that the date of birth and last name were matched but the first names were not. This was flagged through by someone who didn’t do their job.
Thats just negligence of duty. I would expect to be minimally fired if I fucked up and hurt someone.
The incompetence here is that a single human being reading this document could make a mistake that would do exactly that.
The human is guaranteed to make a mistake, just as you are.
God forbid your mistake is only the serious matter of embarrassing an elderly person and needing to have your company apologize and make restitution and not putting software on an aircraft that causes it to fly nose first into the ground killing everyone on board.
Would you like me to draw a picture of how the person shouldn't be fired, the entire system should change?
As you say things happens, so who are you going to fire? It mostly is just a bad coincidences that make these things happens, it mostly is not the guy committing the error who is at fault. I do not want to live in a society where you treat the administrative clerks like you imply.
Bad things should happen at most once. That is the point. To do that you need a culture of improvement which is not evident anywhere I’ve worked in the finance sector.
After the post office scandal you'd think that entities like these would think long and hard about their responsibilities towards the people they interact with.
Registering at birth is somewhat trivial outside some edge cases. How do you resign the SSN at death predictably and accurately? Then, do you trust access to this database from 3rd parties? It's turtles all the way down.
> The DfE told the Guardian that once a possible match has been identified, the beneficiary may be asked to confirm that they are not the same deceased stranger every 12 months since the system, administered by Capita, does not log a disproved link.
I love how an obvious bug that should have led to a rejection of the delivery of the system - or an emergency fix as per the support requirements these large contracts always come with - has instead transformed into official DfE policy.
That's just so typical of the newfangled digital bureaucracy: it's far easier to change the workflow than it is to fix the software.
> it's far easier to change the workflow than it is to fix the software
This is just something software seems to do. There's a mature and fully-fledged industry in modifying entire workflows to fit software which is implicitly viewed as something that simply is the way it is.
Jira and SAP are some obvious big ones, almost with their own priesthoods, but at all levels, "capabilities drive requirements, regardless of what the systems engineering textbooks say".
And let's not forget that the entire capital-C Content industry is completely subservient to the vagaries of "The Algorithms" that are not just considered ineffable by the supplicants, but were in fact specifically designed to be that way.
I think you will find that with many other types of technology, due to scale and interoperability effects.
For example, when the automobile breakthrough happened, manufacturers quickly converged to an "average" design that was cheap to manufacture in large numbers, captured the main strengths of the technology, and happened to suit the average small city, rural or suburban lifestyle where most of the potential customers lived.
Now, this machine was not suitable for a small mountain village. Nor was it suitable for dense urban environments. You could design automobiles specifically for those markets - for example, a much more compact closed two seater, that would save fuel, road and parking space. But you couldn't produce it at a scale that could make it profitable against the dominant design, and the clients would face difficulty, risk and even ridicule when using the dominant "big car" infrastructure.
So what we got instead was a redesign of the city to suit the dominant technology variant, with what we can confidently say today were disastrous results. Just like your Jira consultants, starting from the 60s an entire cottage industry appeared advising cities on how to correctly plan road infrastructure of sufficient "capacity", how to set minimum parking requirements, etc.
If you happen to fall right on the average case of a technology, you gain almost magical benefits and substantial competitive advantages. So your competitors will try to emulate your success even if they don't fit the same pattern. If the interoperability and scale effects are strong, and customization is difficult, we should expect a similar pattern to emerge. And with software, you have both insane scale effects (every copy sold after the first costs zero dollars to make), and strong lock-in effects (file formats and protocols, inherent complexity which leads to a limited talent pool - both your employees and suppliers aren't willing to waste time and effort into a custom technological dead-end for which you are the only potential client etc.).
It's a pretty sweet deal: we can't be responsible for something that the software does, since we are not programmers; meanwhile, the software provider has a thick contract that says he can't be held legally or financially responsible, so he's happy to take the political hit, it's not like it would prevent them from getting another contract in the future. It's like being the Ticketmaster of administrative accountability.
(at least) the UK government outsources things so there are gaps between "notional policy" ("people get paid pensions until they die") and "implemented policy" (Capita fuck up yet another thing) can differ and both sides get to assert it's not their fault.
GDPR has a provision to correct information stored by organisations. It may get interesting once they believe you are dead though because GDPR only applies to living people. :/
Technology doesn't use us, we use technology. Then we make some other we do stupid things.
Too many times someone introduces technology to dilute responsibility for me to believe that such outcomes are typically unintentional. Technology totally does what people intend it to do, except the average person is on the receiving side of the whip.
Well there's your problem. Crapita, I mean.
And yet it's completely possible:
> After the Guardian queried the process, the DfE said it would make an exception and decouple McGrath’s name from the deceased’s so that she would not be contacted about it again.
Even if that was entirely manual...