Download: docx | pdf

Supporting Statement for

Request for Internet Services & 800# Automated Telephone Services

Knowledge-Based Authentication (RISA-KBA)

20 CFR 401.45

OMB No. 0960-0596

A. Justification

1. Introduction/Authoring Laws and Regulations

The Social Security Administration (SSA) collects this information by authority of the Privacy Act of 1974 at 5 U.S.C., Sub-section 552A (e)(10), which requires agencies to establish appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of records. Sub-sections 552A (f)(2) & (3) require agencies to establish requirements for identifying an individual who requests a record, or information pertaining to that individual, and to establish procedures for disclosure of personal information. SSA promulgated Privacy Act rules in the Code of Federal Regulations, Subpart B. Procedures for verifying identity are at 20 CFR 401.45. Authority to collect this information is also contained in Section 205(a) of the Social Security Act.

2. Description of Collection

The Request for Internet Services and 800# Automated Telephone Services (RISA), one of SSA’s authentication methods, allows individuals to access their personal information through our Internet and Automated Telephone Services. SSA asks individuals and third parties who seek personal information from SSA records, or who register to participate in SSA’s online business services, to provide certain identifying information. As an extra measure of protection, SSA asks requestors who use the Internet and telephone services to provide additional identifying information unique to those services, so SSA can authenticate their identities before releasing personal information.

Electronic and automated telephone applications allow the public to establish their identity with SSA, prior to allowing them access to personal information through screens over the Internet and through automated voice responses over the telephone. SSA verifies the requester’s identity by obtaining Social Security Number (SSN), Date of Birth (DOB), and usually name (first, middle initial, last, suffix). We may also request other knowledge-based information such as mother’s maiden name, place of birth, gender, and other last name (if any). We then compare the answers to these questions to the information we have in our records.

With the exception of the gender field, we use the information we collect exclusively to verify the identity of the requester. For most of these applications, the field for other last names is optional; we use this to help us match the person in cases where the person has changed their name (e.g., marriage) and not notified SSA. We collect information on gender for management information purposes and it is optional.

SSA established a process for verifying the identity of individuals who use the Internet to request information from SSA records; to make changes to SSA records; or to register with SSA to participate in SSA’s online business services. Successful verification of the individual gives access to services such as:

• Retirement Estimator

• Registration of Appointed Representatives

• Special Notice Options

SSA established a process for verifying the identity of individuals who use the 800# automated telephone services to request information from SSA records, or to make changes to SSA records, such as:

• Benefit Verification (Proof of Income – POI Letter)

• Request a Medicare Replacement Card

• Replacement Benefit Statements (SSA-1099/1042S)

The respondents are current beneficiaries who request personal information from SSA; general members of the public who go online to use our calculator to estimate their retirement benefits; and individuals and third parties who register for SSA’s online business services. Respondents authenticate themselves by answering Knowledge-Based Authentication (KBA) questions each time they call the Automated Telephone Services to access these applications.

2. Use of Information Technology to Collect the Information

In accordance with the agency’s Government Paperwork Elimination Act plan, SSA created an electronic KBA process to provide our customers access to our Internet and Automated Telephone applications. The Internet version of this collection is an automated process where the requesters’ key in identifying information, transmit it over the Internet to SSA, and the system compares the information to our existing electronic records in real time. If the information matches SSA records, the system allows the requesters to proceed to additional screens, to make their specific request. The telephone version of this collection is also an automated process, which follows a similar process to the Internet version.

2. Why We Cannot Use Duplicate Information

The information we collect through these electronic processes is information we already collected and posted to SSA’s master electronic records, but we ask for it again for comparison and verification.

5. Minimizing Burden on Small Respondents

This collection does not significantly affect small businesses or other small entities.

6. Consequence of Not Collecting Information or Collecting it Less Frequently If we did not use RISA, we would not be able to identify and authenticate individuals who ask us to release their personal information. Because we only collect the information on an as needed basis, we cannot collect this information less frequently. There are no technical or legal obstacles to burden reduction.

7. Special Circumstances

There are no special circumstances that would cause SSA to conduct this information collection in a manner inconsistent with 5 CFR 1320.5.

8. Solicitation of Public Comment and Other Consultations with the Public

The 60-day advance Federal Register Notice published on August 20, 2021, at

86 FR 46897, and we received no public comments. The 30-day FRN published on October 26, 2021 at 86 FR 59262. If we receive any comments in response to this Notice, we will forward them to OMB. We did not consult with the public in the revision of this form.

8. Payment or Gifts to Respondents

SSA does not provide payments or gifts to the respondents.

8. Assurances of Confidentiality

SSA protects and holds confidential the information it collects in accordance with 42 U.S.C. 1306, 20 CFR 401 and 402, 5 U.S.C. 552 (Freedom of Information Act), 5 U.S.C. 552a (Privacy Act of 1974), and OMB Circular No. A-130.

The Privacy Act of 1974 protects the information we collect. In addition, our Privacy Policy protects the information SSA collects for Internet Services that ensures the confidentiality of all information provided by the requester. Our Internet privacy policy is:

• You do not need to give us personal information to visit our site.

• We collect personally identifiable information (such as name, SSN, or DOB) only if specifically, and knowingly provided by you.

• We use personally identifying information you provide will be used only in conjunction with services you request as described at the point of collection.

• We sometimes perform statistical analyses of user behavior to measure customer interest in the various areas of our site. We will disclose this information to third parties only in aggregate form.

• We do not give, sell, or transfer any personal information to a third party.

• We implement Tier 1 (Single session) and Tier 2 (Multi-session without PII) technologies using the text-based “cookie” technology. We use Tier 2 technology to help us analyze site use by identifying you as a new or returning visitor; this does nothing other than distinguish whether you have been to our site before. Our web measurement applications compare the behavior of new and returning visitors in the aggregate to help us identify work flows and trends, and also resolve common problems on our site. We do not use this technology to identify you or any other person. We use Tier 2 web measurement technology to improve our website and provide a better user experience for our customers. This technology anonymously tracks how visitors interact with socialsecurity.gov, including where they came from, what they did on the site, and whether they completed any pre-determined tasks while on the site. SSA also uses Tier 2 technology to obtain feedback and data on visitors’ satisfaction with the SSA website.

Additionally, SSA ensures the confidentiality of the requester’s personal information in several ways:

• All electronic requests use the Secure Socket Layer (SSL) security protocol to encrypt information. SSL encryption prevents a third party from reading the transmitted data even if intercepted. This protocol is an industry standard and is used for Internet banking by banks such as Wells Fargo and Bank of America.

• The requester will be given adequate warnings that the Internet is an open system, and there is no absolute guarantee that others will not intercept and decrypt the personal information they have entered. They will be advised of alternative methods of requesting personal information, i.e., a personal visit to a field office or a call to the 800 number.

Only upon verification of identity will the system allow access to additional screens that allow requests for personal information from SSA, or which allow the individual to make changes to personal information, or to register personal or business information.

8. Justification for Sensitive Questions

This information collection does not contain any questions of a sensitive nature, other than those described in Item 2.

8. Estimates of Public Reporting Burden

Modality of Completion	Number of Respondents	Frequency of Response	Average Burden per Response (minutes)	Estimated Total Annual Burden (hours)	Average Theoretical Hourly Cost Amount (dollars)*	Total Annual Opportunity Cost (dollars)**
Internet Requestors	2,921,795	1	3	146,090	$27.07*	$3,954,656**
Automated Telephone Requestors	1,157,833	1	4	77,189	$27.07*	$2,089,506**
Totals	4,079,628			198,930		$6,044,162**

* We based this figure on the average DI payments based on SSA's current FY 2021 data (https://www.ssa.gov/legislation/2021FactSheet.pdf).

** This figure does not represent actual costs that SSA is imposing on recipients of Social Security payments to complete this application; rather, these are theoretical opportunity costs for the additional time respondents will spend to complete the application. There is no actual charge to respondents to complete the application.

We base our burden estimates on current management information data, which includes data from actual interviews, as well as from years of conducting this information collection.  Per our management information data, we believe that the average time in minutes listed in the chart above accurately shows the average burden per response for reading the instructions, gathering the facts, and answering the questions. Based on our current management information data, the current burden information we provided is accurate. The total burden for this ICR is 198.930 burden hours (reflecting SSA management information data), which results in an associated theoretical (not actual) opportunity cost financial burden of $6,044,162. SSA does not charge respondents to complete our applications.

13. Annual Cost to the Respondents (Other)

This collection does not impose a known cost burden on the respondents.

14. Annual Cost To Federal Government

The annual cost to the Federal Government is approximately $3,490,587.

Description of Cost Factor	Methodology for Estimating Cost	Cost in Dollars*
Designing and Printing the Form	Design Cost + Printing Cost	$0*
Distributing, Shipping, and Material Costs for the Form	Distribution + Shipping + Material Cost	$0*
SSA Employee (e.g., field office, 800 number, DDS staff) Information Collection and Processing Time	GS-9 employee x # of responses x processing time	$2,122,587
Full-Time Equivalent Costs	Out of pocket costs + Other expenses for providing this service	$0*
Systems Development, Updating, and Maintenance	GS-9 employee x man hours for development, updating, maintenance	$1,368,000
Quantifiable IT Costs	Any additional IT costs	$0*
Total		$3,490,587

* We have inserted a $0 amount for cost factors that do not apply to this collection.

SSA is unable to break down the costs to the Federal government further than we already have.  It is difficult for us to break down the cost for processing a single form, as field office and State Disability Determination Services staff often help respondents fill out several forms at once, and the time it takes to do so can vary greatly per respondent.  As well, because so many employees have a hand in each aspect of our forms, we use an estimated average hourly wage, based on the wage of our average field office employee (GS-9) for these calculations.  However, we have calculated these costs as accurately as possible based on the information we collect for creating, updating, and maintaining these information collections.

15. Program Changes or Adjustments to the Information Collection Request

When we last cleared this collection in 2018, the burden was 774,048 hours. Currently, we are reporting a burden of 198,930 hours. This change stems a decrease in the number of responses from 12,699,559 to 4,079,628. There is no change to the burden time per response. Due to ongoing efforts to migrate existing automated applications from knowledge-based access to our Public Credentialing Registration and Authentication process (OMB# 0960‑0789), which provides access to our my Social Security online services several applications were removed from KBA including Change of Address, Change of Direct Deposit, and Medicare Replacement Card.

16. Plans for Publication Information Collection Results

SSA will not publish the results of the information collection.

17. Displaying the OMB Approval Expiration Date

SSA is not requesting an exception to the requirement to display the OMB approval expiration date.

18. Exceptions to Certification Statement

SSA is not requesting an exception to the certification requirements in

5 CFR 1320.9 and related provisions in 5 CFR 1320.8(b)(3).

B. Collections of Information Employing Statistical Methods

SSA does not use statistical methods for this information collection.

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Title	Title of Information Collection and Form Number(s)
Author	Naomi
File Modified	0000-00-00
File Created	2022-08-12