The Social Security Administration
(SSA)is introducing a stronger citizen authentication process that
will enable a new user experience and access to more electronic
services. Authentication is the foundation for secure, online
transactions. Identity authentication is the process of
determining, with confidence, that someone is who he or she claims
to be during a remote, automated session. It comprises three
distinct factors: something you know, something you have, and
something you are . Single-factor authentication uses one of the
factors, and multi-factor authentication uses two or more of the
factors. Social Security's new process features credential
issuance, account management, and single- and multi-factor
authentication. With this process, we are working towards offering
consistent authentication across Social Security's secured online
services, and eventually, Social Security's automated telephone
services. We will allow our users to maintain one User ID, which
will consist of a self-selected Username and Password, to access
multiple Social Security electronic services. This new process
provides the means for authenticating users of Social Security's
sensitive electronic services and streamlines access to those
services. SSA's new process will include the following key
components: registration and identity verification; enhancement of
the user ID; as well as authentication. The registration process is
a one-time activity for the respondents. After the respondents
register and receive their User ID (Username & Password), they
will log in with their User ID each time they access SSA's online
services. SSA will use this collection of identity proofing and
authentication information to verify the identity of the
individuals attempting to access our automated services. After we
verify individuals' identities, we allow them to create a
credential (Username and Password) they can use to log into and
gain access to our automated services. We will also allow them to
chose a second factor authentication credential. SSA will ask for
an individual's personal information, which may include: Name, SSN,
Date of Birth, Address, Telephone number, Email address, Financial
information, Cell phone number, Responses to Out-of-Wallet
Questions (multiple choice format questions keyed to specific data
that identity thieves will not be able to answer), and Password
Reset Questions. This collection of information, or a subset of it,
is required for respondents who want to do business with Social
Security via the Internet or automated 800 number. We will collect
this information via the Internet, on SSA's public-facing website.
We also offer an in-person identification verification process for
individuals who cannot, or are not willing to, register online. We
do not ask for financial information with the in-person process. In
addition, if individuals opt for the enhanced, or upgraded,
account, they will also receive a text message on their cell phones
(this serves as the second factor for authentication) each time
they log into SSA's online services. This new authentication
strategy will provide a user-friendly way for the public to conduct
extended business with Social Security online instead of visiting
the local servicing office or requesting information over the
phone. Individuals will have real time access to their sensitive
Social Security information in a safe and secured web environment.
The respondents are individuals who choose to use the Internet or
Automated Telephone Response System to conduct business with
SSA.
US Code:
5 USC
552a Name of Law: The Privacy Act of 1974
US Code: 5 USC
552 Name of Law: Freedom of Information Act
US Code: 42
USC 405 Name of Law: The Social Security Act
US Code:
26 USC 6103(l)(1)(A) Name of Law: Internal Revenue Code
PL:
Pub.L. 107 - 347 301 Name of Law: E-Government Act of 2002
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.
0960-NEW final Public Credentialing and Authentication.docx
Attachment H - SSA Authentication Process.pdf
In-Person (Intranet) Requestors