Push for Two-Factor Authentication in Power of Attorney to Curb Fraud
Legal experts and technologists are calling for mandatory two-factor authentication in POA processes.
Why it matters: In-house counsel and compliance teams face rising risk from power of attorney fraud, which can expose organizations to costly litigation, reputational harm, and regulatory penalties. Recent abuse cases highlight the urgent need for stronger controls—like 2FA—that are standard in other sensitive sectors.
- Millions lost annually to POA-related financial abuse, often targeting elders and vulnerable adults.
- In April 2024, Orlando commissioner Regina Hill was charged with exploiting a senior’s POA to buy property and divert funds.
- The Uniform Power of Attorney Act allows banks to flag or refuse suspect POA transactions and mandates abuse reporting.
- Federal agencies, including the IRS, now mandate multi-factor authentication for access to sensitive data.
Power of attorney (POA) grants broad authority for agents to manage another’s assets, but this tool is often misused. Elder advocates cite POA fraud as a leading form of financial exploitation, especially among older adults (see Elder Justice data).
- In April 2024, Orlando city commissioner Regina Hill was charged with abusing her POA powers to purchase a $400,000 home and reroute over $100,000 from a 96-year-old woman’s accounts.
- Current law in many states is based on the Uniform Power of Attorney Act, which enables financial institutions to reject suspicious transactions and report suspected abuse. Yet, as legal technologist Priya Bansal notes: “Fraudsters exploit process gaps—digital authentication is needed to close them.”
- The IRS and other federal agencies have already adopted multi-factor authentication (MFA) to control access to confidential records, showing the effectiveness of these measures in deterring unauthorized activity.
Two-factor authentication (2FA)—which requires a second identity check, such as a code sent to the principal or biometric verification—has proven effective in other regulated environments. For POA transactions, advocates argue that requiring 2FA would prevent unauthorized asset transfers and demonstrate due diligence if abuse allegations arise.
No U.S. state has yet enacted specific legislation to require 2FA for POA execution, though California’s Assembly is considering a bill to study digital authentication in POA workflows, according to the National Center on Law & Elder Rights. With mounting attention from legal groups and regulators, broader mandates could follow.
As Bansal sums up: “Stronger authentication protects both the client and the firm. It’s overdue.”
By the numbers:
- $3B — Amount estimated lost annually to elder financial abuse, with POA misuse a key driver (Nolo/Elder Justice data)
- $400,000 — Value of real estate acquired in the Regina Hill POA fraud case, April 2024
Yes, but: Implementation could raise technical barriers for vulnerable clients less familiar with digital authentication.
What's next: The California Assembly is reviewing a bill on POA digital authentication; industry groups are calling for similar measures nationwide.