Governance & Risk Management
,
Government
,
Identity Governance & Administration
GAO: SSA Fails to Meet Industry and Federal Electronic Verification System Goals
The Social Security Administration is struggling to modernize key fraud prevention technologies, leaving gaps that could allow synthetic identity scams to go unnoticed by financial institutions and federal authorities.
See Also: Securing the Nation: FedRAMP-Authorized Identity Security
The U.S. federal agency responsible for administering the New Deal social welfare program launched the Electronic Consent-Based Social Security Number Verification service in June 2020 to combat synthetic identity fraud, in which fraudsters combine real and fictitious information to create fake identities. The service allows authorized entities, such as financial institutions and their service providers, to verify individuals’ personally identifiable information electronically.
But “questions have been raised about the service’s financial viability and use by industry participants,” the Government Accountability Office said in a report published Thursday. The government watchdog criticized SSA for failing to adhere to agency guidelines on planning IT investments, neglecting to consistently apply federal best practices and falling short of mandatory requirements to fully recover service costs due to lower-than-expected industry participation.
“Synthetic identities may be difficult for financial institutions to detect and can go unnoticed for years,” the report said. “Fraudsters may create a synthetic identity to open a credit card, make on-time payments to build a positive credit history, and gradually increase their credit limit. They may then accumulate large amounts of debt they never intend to repay.”
Industry participants told GAO the service provided “difficult-to-interpret verification results” and said SSA had not established performance measures or goals to evaluate its use and benefits. The report also found that the service “has not significantly increased users” since enrollment opened in fiscal year 2022.
Synthetic identity scams are an escalating threat in the United States, with SSA reporting nearly 3,000 suspicious activity reports tied to $182 million in potential fraud in 2021 alone. The agency has spent an estimated $62 million to develop and deploy the verification service since 2020, and has only recovered $25 million in user fees, the report said.
GAO urged SSA to implement appropriate controls over its IT investments and develop new strategies to expand the use of its verification service. It should establish performance measures and goals to ensure the service effectively combats synthetic identity fraud, auditors urged. SSA agreed with all seven of the recommendations included in the report, which warned that the agency may not meet its cost recovery goals “without increasing users or fees.”
SSA previously increased user fees due to unrecovered costs in July 2023 and implemented an annual fee to recover its development and operating costs. The administration developed three new systems since 2020 to implement the new service, including an online registration and authentication platform, an automated workflow tool to manage enrollment and a cloud-based data exchange system.