From a recent Government Accountability Office (GAO) report:
Remote identity proofing is the process federal agencies and other entities use to verify that the individuals who apply online for benefits and services are who they claim to be. To perform remote identity proofing, agencies that GAO reviewed rely on consumer reporting agencies (CRAs) to conduct a procedure known as knowledge-based verification. This type of verification involves asking applicants seeking federal benefits or services personal questions derived from information found in their credit files, with the assumption that only the true owner of the identity would know the answers. If the applicant responds correctly, their identity is considered to be verified. For example, the Social Security Administration (SSA) uses this technique to verify the identities of individuals seeking access to the “My Social Security” service, which allows them to check the status of benefit applications, request a replacement Social Security or Medicare card, and request other services.
However, data stolen in recent breaches, such as the 2017 Equifax breach, could be used fraudulently to respond to knowledge-based verification questions. The risk that an attacker could obtain and use an individual’s personal information to answer knowledge-based verification questions and impersonate that individual led the National Institute of Standards and Technology (NIST) to issue guidance in 2017 that effectively prohibits agencies from using knowledge- based verification for sensitive applications. Alternative methods are available that provide stronger security, as shown in Figure 1. However, these methods may have limitations in cost, convenience, and technological maturity, and they may not be viable for all segments of the public. ...
5 comments:
The best way to verify someone's ID is to have them show up at their local SSA office with their DL or state ID. Most of this fraud is done over the internet by people in other countries. Having claimants show up at the office would eliminate a lot of this type of fraud.
But that would require Washington to properly fund the agency to keep the local offices open and staffed.
@10:30
I mean, alternatively they could just require it and not boost funding...not sure that is better, since SSA then would have to draw resources from other areas, many of which could assist with fraud, and at the least would reduce service across the board.
Is this another solution in search of a problem? My recent experience attempting to help my clients when they are locked out of the electronic system has been less than inspiring. Met one in January at the local office. We set in front of a worker whoe took her claim at the window and inputted her dated. Nothing had happened by March so I had her come down again. We were initially told that we had never been there in January and had to get a supervisor to get it unsnagged and had to do the whole thing over again, but this time with copies and the supervisors name.
Half or more of the people who file for retirement file online. One of the reasons is to avoid coming into an office. If SSA were to do away with online filing, the number of employees would have to be increased quite a bit.
I use the online services all the time, both SSA and Medicare. I admit that setting up a My SSA account can be daunting, if the person you are assisting is a poor historian it can be very difficult. But the filing is quick, seldom have a problem. The MyMedicare page is super handy, EOBs, list of coverages, you can eliminate all the paper EOBs clogging mailboxes.
As the old generation dies off or becomes incapacitated we will see more and more online activities. AI will be developed that will handle the vast majority of transactions. Those unusual cases will still need an experienced CR to handle them.
Ever been to a Medicare office? All done with phone and online services. A bit apple and orange, but they handle a lot of transactions.
Post a Comment