Oct 15, 2024

GAO Criticizes CBSV


     From Social Security Administration: Actions Needed to Help Ensure Success of Electronic Verification Service, a report by the Government Accountability Office (GAO):

The Social Security Administration (SSA) launched the Electronic Consent Based Social Security Number Verification service in June 2020. The service seeks to reduce synthetic identity fraud, which combines fictitious and real information to fabricate an identity. The service allows authorized entities—generally financial institutions and their service providers—to verify an individual's name, Social Security number, and date of birth electronically. SSA spent about $62 million from fiscal year (FY) 2018 through FY 2023, based on SSA data. ...

SSA is required to fully recover the service's costs and collected about $25 million in user fees (40 percent of $62 million total costs) as of the end of FY 2023. SSA has not met its projections for fee collections due to lower-than-expected industry participation. SSA will need to collect about $14 million annually to meet its goal to recover all costs by the end of FY 2027, based on GAO's analysis (see figure). But it is unclear if SSA can meet its goal without increasing users or fees. Subscription data through December 2023 demonstrate that the service has not significantly increased users since enrollment opened in FY 2022, and fee collections decreased after SSA increased fees in July 2023.

 SSA officials told GAO they did not plan to take significant steps to increase use of the service. Industry participants GAO interviewed cited several factors limiting their use, such as difficult-to-interpret verification results. SSA also had not established performance measures and goals for the service's use and benefit. SSA could better ensure the service achieves its intended purpose of reducing synthetic identity fraud by developing strategies and assessing tradeoffs for expanding its use and establishing related performance measures and goals. ...

GAO is making seven recommendations to SSA, including that it implements appropriate controls over IT investments, updates cost estimation guidance, develops strategies to expand use of the service, and establishes related performance measures and goals. SSA concurred with all seven recommendations and stated that it will evaluate its policies and processes to determine how to address them. ...

    Note that the synthetic identity theft being discussed here isn't being directed at Social Security. It's directed at private financial institutions.

No comments: