The architecture that allowed Brandon Blackburn to check a box on a government website and gain access to a federal safety database covering 3.8 million commercial drivers was not an oversight. It was a design decision. Someone at FMCSA or a policymaker at some point in time decided that SAP self-certification was adequate, that a dropdown menu and four checkboxes constituted sufficient verification of clinical credentials, and that no cross-reference with a state licensing board or national credentialing organization was necessary before granting access to a system that employers, law enforcement, and state DMVs have queried 38 million times since 2020.
That decision is now being reversed.
On April 27, FMCSA announced new identity verification requirements for Clearinghouse users. FMCSA Administrator Derek Barrs said Safety is non-negotiable at FMCSA, and that means ensuring the systems we rely on are secure, accurate, and trustworthy. By strengthening identity verification, we are closing gaps that could be exploited by bad actors, protecting the integrity of the data, and reinforcing confidence across the entire commercial driver safety industry.’
Starting April 27, 2026, new registrants for the following Clearinghouse user roles must prove their identity using a secure web application: Employer Without a Portal Account, Consortium/Third-Party Administrator, Medical Review Officer, Substance Abuse Professional, and Assistants invited to register under another registered entity. After logging in via Login.gov, new registrants will select their user role and be prompted to complete an identity verification step before proceeding. Users scan a QR code on their mobile device and follow the link to the FMCSA Identity Verification mobile app. The new process is completed using IDEMIA, a company specializing in secure identity verification that the Department of Homeland Security currently uses at airports across the country.
This update closes the gap, ensuring that all types of Clearinghouse users must complete some form of identity verification. In a later phase, FMCSA will prompt existing Clearinghouse users to complete the identity verification process.
That last sentence is the most important one in the entire announcement. Existing users. The people already in the system. The accounts are already registered. That phase has not happened yet, and the Clearinghouse fraud network documented in the March 20 and March 25 FreightWaves investigations was not built by new registrants. It was built by people who got in before yesterday, when a checkbox was all it took.
Brandon Blackburn is a truck driver from North Wilkesboro, North Carolina. He was arrested in a Mississippi construction zone on August 20, 2025, while impaired, with cocaine in his possession, and falsifying his own federal logbook records. He was not a licensed physician, psychologist, social worker, or addiction counselor. He held none of the six qualifying credentials required by 49 CFR Section 40.281 for a person to legally function as a Substance Abuse Professional. He checked a box in the FMCSA Clearinghouse saying he was one, the system accepted his attestation, and he spent years charging CDL drivers $100 to $350 to fraudulently flip their federal Clearinghouse records from prohibited to not prohibited.
By his own estimate, he cleared more than 600 drivers. Law enforcement sources put the number closer to 1,000. The March 20 investigation documented the mechanics in detail, including Facebook posts, screenshots of private messages, payment confirmations, and federal Clearinghouse records showing the fraudulent entries. One in every 85 CDL drivers who completed the federal return-to-duty process during his operational window may have been cleared by a man who was himself a drug user operating a commercial vehicle.
The second investigation on March 25 documented that Blackburn was not operating alone. Wayne Hudson administered a private Facebook group called SAP Friendly Trucking Companies, with an estimated 5,000 to 7,000 members, and ran at roughly 10 times Blackburn’s volume, charging $500 for all 6 Clearinghouse steps with no drug test administered. Hudson publicly admitted clearing Blackburn’s prohibited status, called Blackburn a drug user in the same post, and operated what the investigation described as a self-replicating recruitment chain that converted its own customers into its next sales force. Operators Zeph Nealy, David Handy, operating under the alias Donny Darko using the same phone number on both accounts, and Marc Massie, through a Clearinghouse employer admin account registered to a company that does not appear in the FMCSA carrier registry, were also documented.
FMCSA knew this was happening before either investigation was published. This fix was already in the works. The agency’s own fraud alerts page carried a section specifically titled ‘Fraudulent SAPs Entering False Clearinghouse Violations’ describing the scheme in detail, directing victims to a help desk, and doing nothing to change the registration architecture that made the scheme possible. The warning was live. The door was open. The network ran for years.
Starting now, a person trying to register as a SAP in the Clearinghouse will need to verify who they actually are using a biometric identity check built by the same company that processes your identity at TSA checkpoints. Brandon Blackburn would not have made it through that process. Neither would Wayne Hudson, Zeph Nealy, David Handy, or Marc Massie.
That is the good news. Here is the complicated news.
The identity verification announced yesterday applies to new registrations. It does not retroactively audit the 6,305 SAP accounts already in the Clearinghouse. It does not scrub the entries already made by fraudulent operators. It does not address the drivers already cleared through the fake SAP network who are operating commercial vehicles today with federal records that say they completed a substance abuse recovery process they never went through. It does not tell the carriers who queried those records and hired those drivers that the data they relied on was fraudulent. The 38 million queries conducted since 2020, trusting that the Clearinghouse reflects real clinical events — none of that gets re-evaluated by yesterday’s announcement.
FMCSA’s statement says a later phase will extend identity verification to existing users. That phase needs to happen fast. The existing users are the problem. The new registrant fix is necessary and long overdue, but the fraud network documented in these investigations is already within the system and will remain there until the existing user audit is completed.
The other piece worth watching is what identity verification actually verifies. IDEMIA will confirm that a new SAP registrant is who they claim to be. It will not confirm that they hold the clinical credentials required by 49 CFR 40.281. A verified identity is not a credential check. Brandon Blackburn verified his identity every time he drove a truck. The question was never who he was. The question was whether he was qualified to function as a Substance Abuse Professional. He was not, and no biometric selfie would have caught that without a simultaneous cross-reference against the NAADAC directory, the IC&RC database, or state licensing records.
What closes that gap is credential verification at the point of SAP registration, not just identity verification. The two are separate steps, and only one of them was announced yesterday. FMCSA should add the second step before the existing user audit phase is complete. Cross-reference every SAP account against the national credential databases. Accounts that cannot be matched to a verified clinical credential get suspended pending review. NAADAC and IC&RC maintain searchable public directories. The matching can be automated.
The announcement yesterday is a meaningful step in the right direction and Derek Barrs deserves credit for making it. The fraud documented in these pages was real, the harm was documented, the mechanism was known, and the agency moved to close it. That is what accountability looks like.
The post FMCSA moves to close the door on Clearinghouse fraud appeared first on FreightWaves.
