Step up Social Security number protection, OIG says
- By Alice Lipowicz
- Dec 23, 2011
The Social Security Administration should do more to protect against identity theft by increasing security controls on Social Security numbers and programs, according to two new federal audits.
One of the audits targeted the millions of SSN printouts distributed by the agency each year, which have much looser security controls than Social Security cards.
The second audit recommended tighter security for the SSA’s online iClaim process, which allows applicants to file claims for benefits.
While the number of replacement cards dropped from 12 million a year to 11 million a year between 2004 and 2009, the number of printouts increased from 5 million a year to 7 million a year during that period, the Dec. 13 audit from the Office of Inspector General said.
The identity authentication requirements for the SSN printouts are less stringent than for the cards, the inspector general wrote. Also, the cards have security features to protect their integrity, while the printouts have none.
The inspector general also noted there were more instances in which people were requesting more than 10 printouts per day, or per year, and more known cases of fraud involving printouts.
“We continue to believe the agency should strengthen its controls for issuing SSN printouts,” the report states. “We found an increase in the (1) number of SSN printouts SSA issued, (2) volume of numberholders obtaining more than 10 SSN printouts in a day and a year, and (3) occurrences of fraud involving SSN printouts.”
The report made six recommendations, including advising SSA to set limits on the number of printouts that can be issued to a single person per day or per year. SSA officials agreed with five of the recommendations.
However, agency officials disputed the recommendation that field officers obtain management approval in order to issue printouts to people with insufficient or nonexistent identity documents.
“SSA disagreed with this recommendation and stated that it does not believe management review of every request involving insufficient or nonexistent documentation would be cost effective, in light of its other planned enhancements,” agency officials said.
The second audit, issued on Dec. 7, was not released in full, because it contained “restricted information.” A summary was published on the SSA’s inspector general’s website.
The summary noted that the inspector general made seven recommendations to strengthen the integrity of the iClaim online claim application process, which is currently being used by about 1.2 million applicants per year.
“We made seven recommendations to enhance the integrity of the iClaim application and ensure appropriate actions are taken for completed applications,” the summary states. “This report contains restricted information for official use. Distribution is limited to authorized officials.”
The SSA has been strongly promoting iClaim as the preferred means for baby boomers to apply for retirement benefits, with a goal of 50 percent of applications to be filed through iClaim by 2013.
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.