Cogent Facial Image Matching Software for Welfare Fraud Detection

Overview

Ireland's Department of Social Protection (DSP) deployed cogent facial image matching software to detect identity fraud across its welfare benefits system. The system was operational by 2015 and was designed to identify individuals who had registered for welfare benefits under multiple false identities, enabling them to claim jobseeker's allowance, rent supplement and other social assistance payments multiple times. The software works by comparing a photograph of each new applicant captured during the welfare registration process against the entire database of photographs held by the Department of Social Protection. When a potential match is found — indicating that an applicant may already be registered under a different identity — the case is immediately flagged and referred to the Department's special investigation unit for prioritised review.

The system uses deep learning-based facial recognition technology. Modern facial image matching software capable of operating at scale against a national database — as described in the Department's implementation — relies on convolutional neural networks (CNNs) to encode facial features into high-dimensional vector representations and then perform similarity matching across millions of stored images. The vendor, Cogent Systems (now part of 3M's Identity Solutions division), is a well-known provider of biometric identification technologies to government agencies worldwide. The software performs one-to-many (1:N) matching, meaning each new registrant's photograph is compared against every existing photograph in the DSP database, rather than simply verifying a claimed identity against a single stored record. The original system cost EUR 213,000 when deployed in 2012. In 2018, Gemalto was contracted for EUR 383,000 to upgrade the facial verification software, as algorithm standards had improved substantially since the original deployment.

By September 2015, the system had referred 62 cases of suspected fraud to An Garda Siochana (Ireland's national police service) or the Department's own investigations unit. By February 2017, the number of fraud cases had risen to 155, with 22 cases finalized in court and 17 resulting in custodial sentences. A further 18 cases were under Director of Public Prosecutions proceedings and 100 remained under investigation. The most significant case involved an individual who used 12 false identities to fraudulently claim approximately 478,000 euros in welfare payments, including jobseeker's allowance, rent supplement and other benefits. This individual received a five-year custodial sentence at Dublin Circuit Court. Another notable case involved Adrian Vaduva, who used multiple identities to claim approximately EUR 280,000. Other cases finalised in court included an individual who received a two-year custodial sentence for fraudulently claiming 62,000 euros, another who received a three-year suspended sentence at Longford Circuit Court for obtaining 59,000 euros through use of multiple identities, and a further individual who received a three-year custodial sentence with 18 months suspended for using a false identity to obtain 17,000 euros in welfare benefits.

Total fraud overpayments assessed reached EUR 1,590,500, with EUR 461,470 in savings from ceased payments. The system saved more than EUR 4 million in total by 2018, with EUR 1.734 million saved in 2016 and EUR 894,000 in 2017. In the first half of 2018, 28 additional fraud cases were identified. These results were set against the context of Ireland's 19 billion euro annual welfare budget, with research indicating that fraud was involved in approximately 3 per cent of benefit payments.

The decision criticality of this system is high because a positive match from the facial recognition software triggers a formal fraud investigation, referral to the national police, and can result in criminal prosecution, imprisonment and recovery of overpayments. All matches identified by the software are sent to the Department's special investigation unit and prioritised for investigation, indicating a human-in-the-loop process where human investigators review and act on the system's automated flagging. Identity fraud cases are referred to An Garda Siochana under criminal justice legislation.

The system raises significant privacy and civil liberties concerns typical of mass biometric surveillance in social protection contexts. Every new welfare applicant's photograph is compared against the entire DSP database, constituting a form of mass biometric screening. The facial recognition system was linked to the Public Services Card photo database, with biometric templates held for approximately 70 per cent of Ireland's population, including more than 13,000 children.

On 12 June 2025, the Data Protection Commission (DPC) fined the DSP EUR 550,000 for GDPR violations in connection with the use of facial matching technology linked to the Public Services Card. The DPC found no valid lawful basis for the collection and processing of biometric data. The decision identified four categories of infringement: lawful basis deficiency (Articles 5(1)(a), 6(1), 9(1)), retention issues (Article 5(1)(e)), transparency failures (Articles 13(1)(c), 13(2)(a)), and gaps in the Data Protection Impact Assessment (Article 35(7)(b),(c)). The DSP was given a nine-month deadline to either cease biometric processing or identify a valid legal basis. This regulatory action makes this one of the most significant cases of AI governance failure in European social protection, demonstrating how a system that delivered measurable fraud detection results can nonetheless operate in fundamental breach of data protection law.

Classification

Programme Details

Facial recognition software deployed by Ireland's Department of Social Protection to compare applicant photographs against the entire DSP database during welfare registration, detecting individuals registered under multiple false identities.

Implementation Details

Risk & Oversight

Deployment & Outcomes

Sources

1. SRC-003-IRL-001 Biometric Update (2018) 'Gemalto to upgrade Irish welfare fraud detection facial recognition system', Biometric Update, September. Available at: https://www.biometricupdate.com/201809/gemalto-to-upgrade-irish-welfare-fraud-detection-facial-recognition-system (Accessed: 30 March 2026).
   https://www.biometricupdate.com/201809/gemalto-to-upgrade-irish-welfare-fraud-detection-facial-recognition-system
2. SRC-001-IRL-001 O'Brien, C. (2015) 'Facial recognition helps detect welfare benefits fraud', The Irish Times, 5 September. Available at: https://www.irishtimes.com/news/ireland/irish-news/facial-recognition-helps-detect-welfare-benefits-fraud-1.2340900 (Accessed: 27 March 2026).
   https://www.irishtimes.com/news/ireland/irish-news/facial-recognition-helps-detect-welfare-benefits-fraud-1.2340900
3. SRC-002-IRL-001 Kane, C. (2017) 'Facial recognition tool used to expose 155 cases of welfare fraud', The Irish Times, 14 February. Available at: https://www.irishtimes.com/news/crime-and-law/facial-recognition-tool-used-to-expose-155-cases-of-welfare-fraud-1.2967045 (Accessed: 30 March 2026).
   https://www.irishtimes.com/news/crime-and-law/facial-recognition-tool-used-to-expose-155-cases-of-welfare-fraud-1.2967045
4. SRC-004-IRL-001 Data Protection Commission (2025) 'DPC announces conclusion of investigation into use of facial matching technology in connection with the Public Services Card by the Department of Social Protection', Data Protection Commission, Ireland, 12 June. Available at: https://www.dataprotection.ie/en/news-media/press-releases/dpc-announces-conclusion-investigation-use-facial-matching-technology-connection-public-services (Accessed: 30 March 2026).
   https://www.dataprotection.ie/en/news-media/press-releases/dpc-announces-conclusion-investigation-use-facial-matching-technology-connection-public-services