Government , Identity Governance & Administration , Industry Specific

SSA Struggling to Modernize Fraud Prevention Tech, GAO Warns

GAO: SSA Fails to Meet Industry and Federal Electronic Verification System Goals
SSA Struggling to Modernize Fraud Prevention Tech, GAO Warns
The Social Security Administration is falling behind in modernizing its fraud prevention technology, the Government Accountability Office said. (Image: Shutterstock)

The Social Security Administration is struggling to modernize key fraud prevention technologies, leaving gaps that could allow synthetic identity scams to go unnoticed by financial institutions and federal authorities.

See Also: Government Agencies: Avoid Unwanted Privileged Access to Your Critical Systems and Data

The U.S. federal agency responsible for administering the New Deal social welfare program launched the Electronic Consent-Based Social Security Number Verification service in June 2020 to combat synthetic identity fraud, in which fraudsters combine real and fictitious information to create fake identities. The service allows authorized entities, such as financial institutions and their service providers, to verify individuals' personally identifiable information electronically.

But "questions have been raised about the service's financial viability and use by industry participants," the Government Accountability Office said in a report published Thursday. The government watchdog criticized SSA for failing to adhere to agency guidelines on planning IT investments, neglecting to consistently apply federal best practices, and falling short of mandatory requirements to recover service costs due to lower-than-expected industry participation.

"Synthetic identities may be difficult for financial institutions to detect and can go unnoticed for years,” the report said. "Fraudsters may create a synthetic identity to open a credit card, make on-time payments to build a positive credit history, and gradually increase their credit limit. They may then accumulate large amounts of debt they never intend to repay.”

Industry participants told GAO the service provided "difficult-to-interpret verification results" and said SSA had not established performance measures or goals to evaluate its use and benefits. The report also found that the service "has not significantly increased users" since enrollment opened in fiscal year 2022.

Synthetic identity scams are an escalating threat in the United States, with SSA reporting nearly 3,000 suspicious activity reports tied to $182 million in potential fraud in 2021 alone. The agency has spent an estimated $62 million to develop and deploy the verification service since 2020, and has only recovered $25 million in user fees, the report said.

GAO urged SSA to implement appropriate controls over its IT investments and develop new strategies to expand the use of its verification service. It should establish performance measures and goals to ensure the service effectively combats synthetic identity fraud, auditors said. SSA agreed with all seven recommendations included in the report, which warned that the agency may not meet its cost recovery goals "without increasing users or fees."

SSA previously increased user fees due to unrecovered costs in July 2023 and implemented an annual fee to recover its development and operating costs. The administration developed three new systems since 2020 to implement the new service, including an online registration and authentication platform, an automated workflow tool to manage enrollment and a cloud-based data exchange system.


About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ransomware.databreachtoday.com, you agree to our use of cookies.