A. Justification
Introduction/Authoring Laws and Regulations
Section 215 of S. 2155, the Economic Growth, Regulatory Relief, and Consumer Protection Act of 2018 (Banking Bill; Pub. L. No. 115-174) directs SSA to modify or develop a database for accepting and comparing fraud protection data provided electronically by a permitted entity. The Banking Bill defines ‘‘Fraud Protection
Data’’ as a combination of an individual’s name (including the first name and any family forename or surname); Social Security Number (SSN); and date of birth (DOB) (including month, day, and year).
Permitted entities, such as a financial institution as defined by section 509 of the Gramm-Leach-Bliley Act, or a service provider, subsidiary, affiliate, agent, subcontractor, or assignee of a financial institution, present the Social Security Administration (SSA) with requests for SSN verifications. To facilitate processing these requests, SSA developed the electronic Consent Based Social Security Number Verification (eCBSV) service. Section 1106 of the Social Security Act (Act), codified at 42 U.S.C. 1306; section 20 CFR 401.100 of the Code of Federal Regulations; and 5 U.S.C. 552a (b) of the Privacy Act provide the authority for SSA to provide verification of SSNs.
Description of Collection
The eCBSV service is a fee-based SSN verification service that allows permitted entities to verify an individual’s SSN based on the SSN holder’s signed, including electronically signed, consent in connection with a credit transaction or any circumstance described in Section 604 of the Fair Credit Reporting Act (15 U.S.C. 1681b). Permitted entities are able to complete their enrollment, electronically sign a Permitted Entity Certification and eCBSV user agreement in the eCBSV Customer Connection portal, and pay electronically via Pay.gov. Once approved, enrolled permitted entities will submit verification requests via an application programming interface.
Background
We created this service due to the Banking Bill. Permitted entities are able to submit an SSN, name, and DOB of the number holder in connection with a credit transaction, or any circumstances described in Section 604 of the Fair Credit Reporting Act to SSA for verification via an application programming interface. The purpose of the information collection is for SSA to verify for the permitted entity that the submitted SSN, name, and DOB matches, or does not match, the data contained in our records. After obtaining all of the number holders’ consents, a permitted entity submits the names, DOBs, and SSNs of number holders to the eCBSV service. SSA matches the information against our Master File, using SSN, name, and DOB. The eCBSV service responds in real time with a match/no match indicator (and an indicator if our records show that the number holder died). SSA does not provide specific information on what data elements did not match, nor does SSA provide any SSNs or other identifiable information. The verification does not authenticate the identity of the number holders or conclusively prove the number holders we verify are who they claim to be. Up-to-date information on the service, eligibility, fees, enrollment, technical specifications, and guides to written consent can be found on the eCBSV website.
Consent Requirements
Under the eCBSV process, the permitted entity does not submit the number holder’s consent forms to SSA. SSA requires each permitted entity to retain a valid consent for each SSN verification request submitted for a period of 5 years. The agency permits the permitted entity to retain the consent in an electronic format.
Compliance Review
SSA requires each permitted entity to undergo compliance reviews. An SSA‑approved certified public accountant (CPA) conducts the compliance reviews. SSA designed the compliance reviews to ensure that the permitted entities meet all terms and conditions of the user agreement, including that the permitted entities obtain valid consent from number holders. The permitted entity pays all compliance review costs through the eCBSV fees. In general, we request annual reviews with additional reviews as necessary. The CPA follows review standards established by the American Institute of Certified Public Accountants and contained in the Generally Accepted Government Auditing Standards (GAGAS).
When we received initial approval, SSA only allowed 10 permitted entities access to use the service with an estimated 307,000,000 requests. Now, with the open enrollment, eCBSV is available to all interested permitted entities, as defined in section 215 of the Banking Bill with an estimated annual 77,000,000 requests.
Psychological Cost:
Requirement for Program: SSA requires a wet or electronic signature on the consent. A permitted entity may request verification of a number holder’s SSN on behalf of a financial institution pursuant to the terms of the Banking Bill, the user agreement between SSA and the permitted entity, and the SSN Holder’s consent. In this case, the permitted entity ensures that the financial institution agrees to the terms in the user agreement, which require the use of SSN verification only for the purpose stated in the consent and prohibits entities from further using or disclosing the SSN verification. This relationship is subject to the terms in the user agreement between SSA and the permitted entity.
Psychological Cost: SSA understands psychological costs may cause a number holder to delay their completion of the information collection or cause them to abandon the information collection entirely. However, we require full completion of this collection to verify the information provided matches or does not match our records. Therefore, we have taken this potential psychological cost into account when calculating our burden in #12 below.
The respondents to the eCBSV information collection are the permitted entities; members of the public who consent to SSN verifications; and CPAs who provide compliance review services.
Use of Information Technology to Collect the Information
In accordance with the Banking Bill, SSA created the eCBSV service under the agency’s Government Paperwork Elimination Act (GPEA) plan. Based on our data, 100% of respondents under this OMB number use the electronic version. In addition, the consent forms may not be entirely electronic, but the permitted entities will need to submit that information to us electronically to prove consent, if SSA requests it.
Why We Cannot Use Duplicate Information
The nature of the information we collect and the manner in which we collect it precludes duplication. Respondents could use existing OMB-approved forms SSA-88 and SSA-89 (OMB No. 0960‑0760) to provide similar information. However, SSA created eCBSV to collect this information electronically, so this creates a different modality of information collection rather than a duplicate one.
Minimizing Burden on Small Respondents
This collection does affect small businesses or other small entities. However, if we did not impose this burden, we would be unable to verify the social security numbers of the number holders completing these forms. We minimized the burden by carefully reviewing the form and ensuring we only ask small businesses and entities to complete relevant and necessary questions. There is extensive interest among the small business community for this type of service because they believe it will save them time and improve efficiency in verifying SSNs. The use of eCBSV is voluntary.
6. Consequence of Not Collecting Information or Collecting it Less Frequently If we did not collect this information, permitted entities would not have the ability to obtain the name/DOB/SSN verification they need for business purposes, which is a service they requested. This would also increase foot traffic to SSA field offices. As well, we would not be in compliance with the relevant requirements of the Banking Bill. Since we only collect the information once per person, we cannot collect it less frequently. There are no technical or legal obstacles that prevent burden reduction.
7. Special Circumstances
Consent Form Retention Requirement: SSA requires participating permitted entities to retain the signed consent of the individual who is the subject of the verification request for 5 years, they do not submit the consent form to SSA. SSA’s primary purpose for requiring permitted entities to retain consent forms for 5 years is due to SSA’s need to ensure that we can obtain a copy of the consent to defend against, or prosecute, alleged violations of civil and criminal law. The agency permits permitted entities to retain copies of the consent in an electronic format. Because the Privacy Act establishes a 2-year statute of limitations that begins when the individual discovers a potential violation of the Act (5 U.S.C. 552a(g)(5)), SSA must require no less than a 3‑year consent retention period to ensure we can obtain a copy of the consent from the permitted entity to defend against any alleged Privacy Act cause of action.
In addition, other statutes of limitations applicable to criminal actions that might arise from consent-based disclosures to third parties counsel in favor of a 5-year retention period. For example, in the event an employee of a permitted entity provides fraudulent consents to the agency, or a permitted entity misrepresents the validity of a consent, Federal statutes exist in aiding investigations of fraud against the Government, including 18 U.S.C. 371 (conspiracy to defraud the Government) and 18 U.S.C. 1001 (false statements). Accordingly, SSA is requiring a 5-year consent retention period to prosecute alleged violations of criminal law. A 5-year retention period serves to reinforce the need for third parties to provide SSA with accurate and valid consent as a critical requirement.
There are no other special circumstances that would cause SSA to conduct this information collection in a manner inconsistent with 5 CFR 1320.5.
Solicitation
of Public Comment and Other Consultations with the Public
The
60-day advance Federal Register Notice published on March 13, 2024,
at
89 FR 18471, and we received no public comments. The 30-day FRN published on May 30, 2024 at 89 FR 46945. If we receive any comments in response to this Notice, we will forward them to OMB. We did not consult with the public in the revision of this information collection.
Payment or Gifts to Respondents
SSA does not provide payment or gifts to the respondents.
Assurances of Confidentiality
SSA protects and holds confidential the information it collects in accordance with 42 U.S.C. 1306, 20 CFR 401 and 402, 5 U.S.C. 552 (Freedom of Information Act), 5 U.S.C. 552a (Privacy Act of 1974), and OMB Circular No. A-130.
Justification for Sensitive Questions
The information collection does not contain any questions of a sensitive nature.
Estimates
of Public Reporting Burden
Requirement |
Number of Respondents |
Frequency of Response |
Average Burden per Response (minutes) |
Estimated Total Annual Burden (hours) |
Average Theoretical Hourly Cost Amount (dollars)* |
Total Annual Opportunity Cost (dollars)** |
a) People whose SSNs SSA will verify - Reading and Signing |
76,000,000 |
1 |
3 |
3,800,000 |
$13.30* |
$50,540,000** |
a) Sending in the verification request, calling our system, getting a response |
76,000,000 |
1 |
1 |
1,266,667 |
$43.55* |
$55,163,348** |
c) CPA Compliance Review and Report*** |
21 |
1 |
4,800 |
1,680 |
$43.65* |
$73,332** |
Totals |
152,000,021 |
|
|
5,068,347 |
|
$105,776,680** |
* We based these figures on average Business and Financial operations occupations (https://www.bls.gov/oes/current/oes130000.htm), and Accountants and Auditors hourly salaries (https://www.bls.gov/oes/current/oes132011.htm), as reported by Bureau of Labor Statistics data, and average DI payments, as reported in SSA’s disability insurance payment data (https://mwww.ba.ssa.gov/legislation/2024FactSheet.pdf).
** This figure does not represent actual costs that SSA is imposing on recipients of Social Security payments to complete this application; rather, these are theoretical opportunity costs for the additional time respondents will spend to complete the application. There is no actual charge to respondents to complete the application.
***The enrollment process occurs automatically through the eCBSV Customer Connection, and entails providing consent for SSA to verify the EIN; electronically signing the eCBSV User Agreement, and the permitted entities certification; selecting their annual tier level; and linking to pay.gov to make payment for services.
**** SSA uses one CPA firm (an SSA-approved contractor) to conduct compliance reviews and prepare written reports of findings on the permitted entities.
We base our burden estimates on current management information data, which includes data from actual interviews, as well as from years of conducting this information collection. Per our management information data, we believe that average time of 1, 3 and 4,800 in minutes shown in our chart above accurately shows the average burden per response for learning about the program; receiving notices as needed; reading and understanding instructions; gathering the data and documents needed; answering the questions and completing the information collection instrument; scheduling any necessary appointment or required phone call; consulting with any third parties (as needed); and waiting to speak with SSA employees (as needed). Based on our current management information data, the current burden information we provided is accurate. The total burden for this ICR is 5,068,347 burden hours (reflecting SSA management information data), which results in an associated theoretical (not actual) opportunity cost financial burden of $105,776,680. SSA does not charge respondents to complete our applications.
13. Annual Cost to the Respondents (Other)
Participating permitted entities must compensate SSA for non-program-related work we do for others so the Social Security Trust Funds do not bear the costs of such activities. Before work begins on reimbursable projects requested by non‑Federal organizations, we require advance payment. OMB Circular A-11 (Preparation, Submission, and Execution of the Budget) stipulates budgetary resources for reimbursable work with non-Federal organizations, including State and local governments, are not available for obligation until receiving advance payments. OMB designed this policy to prevent unintentional violations of the Anti-Deficiency Act. In addition, advance payment covers the start-up costs if potential permitted entities cancel the user agreement; it protects SSA against any uncollectible debts; and prevents SSA components’ regular administrative allowance from having to absorb the cost. Accordingly, non-Federal requesters must pay 100 percent of SSA’s estimated costs in advance.
The public cost burden depends on the number of permitted entities using the service and the annual transaction volume. We based the current tier fee schedule below on 20 participating permitted entities in fiscal year (FY) 2023 submitting an anticipated annual volume of 65 million transactions. For FY 2024, we are maintaining the current tier structure, based our analysis, which estimated 20 participating permitted entities with an anticipated annual volume of 52 million. Since our analysis and initial estimate, one permitted entity noted the potential for a significant increase in volume in FY 2024. The total cost for developing and operating the service is $62 million through FY 2023. Of this amount, $37 million remains unrecovered/unreimbursed. The current subscription tier structure and associated fees are intended to recover these costs over a four-year period, assuming projected enrollments and transaction volumes meet these projections.
SSA uses the fee to allocate for forecasted systems and operational expenses; agency oversight; and overhead necessary to sustain the service.
eCBSV Tier Fee Schedule
Tier |
Annual Transaction Threshold |
Annual Fee |
1 |
Up to 10,000 (1–10,000) |
$7,000 |
2 |
Up to 200,000 (10,001–200,000) |
$130,000 |
3 |
Up to 1 million (200,001–1 million) |
$630,000 |
4 |
Up to 2.5 million (1,000,001–2.5 million) |
$1,500,000 |
5 |
Up to 5 million (2,500,001–5 million) |
$3,000,000 |
6 |
Up to 10 million (5,000,001–10 million) |
$4,500,000 |
7 |
Up to 15 million (10,000,001–15 million) |
$5,000,000 |
8 |
Up to 20 million (15,000,001–20 million) |
$6,250,000 |
9 |
Up to 25 million (20,000,001–25 million) |
$7,250,000 |
10 |
Up to 75 million (25,000,001–200 million) |
$8,250,000 |
SSA calculates fees based on forecasted systems and operational expenses, agency oversight, overhead, and Certified Public Accountant audit contract costs.
Section 215(h)(1)(B) of the Banking Bill requires that the Commissioner shall “periodically adjust” the price paid by users to ensure that amounts collected are sufficient to fully offset the costs of administering the eCBSV system. On at least an annual basis, SSA will monitor costs incurred to provide eCBSV services and will revise the tier fee schedule accordingly. SSA will notify permitted entities of the tier fee schedule in effect at the renewal of eCBSV user agreements, when a permitted entity begins a new 365-day agreement period, and via notice in the Federal Register. Permitted entity renewals are governed by the tier in effect at the time of renewal.
Annual Cost To Federal Government
SSA designated eCBSV a fee-based service recovering the full costs (See #13 above).
15. Program Changes or Adjustments to the Information Collection Request
When we last cleared this information collection in 2021, the burden was 2,280,00,452 hours. However, we are currently reporting a burden of 5,068,347 hours. This change stems, because SSA has no new enrollees, and therefore, we are removing the burden for configuring customer system for ability to send in verification requests. The decrease also stems from a decrease in the number of CPA Compliance Review and Report. There is no change to the burden time per response. These figures represent current Management Information data for the full release of the eCBSV service.
16. Plans for Publication Information Collection Results
SSA will not publish the results of the information collection.
17. Displaying the OMB Approval Expiration Date
SSA is not requesting an exception to the requirement to display the OMB approval expiration date.
Exceptions to Certification Statement
SSA is not requesting an exception to the certification requirements at 5 CFR 1320.9 and related provisions at 5 CFR 1320.8(b)(3).
B. Collections of Information Employing Statistical Methods
SSA does not use statistical methods for this information collection.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| File Modified | 0000-00-00 |
| File Created | 2025-05-18 |