This is the accessible text file for GAO report number GAO-03-920 
entitled 'Social Security Numbers: Improved SSN Verification and 
Exchange of States' Driver Records Would Enhance Identity Verification' 
which was released on September 15, 2003.

This text file was formatted by the U.S. General Accounting Office 
(GAO) to be accessible to users with visual impairments, as part of a 
longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov.

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately.

Report to Congressional Requesters:

United States General Accounting Office:

GAO:

September 2003:

Social Security Numbers:

Improved SSN Verification and Exchange of States' Driver Records Would 
Enhance Identity Verification:

GAO-03-920:

GAO Highlights:

Highlights of GAO-03-920, a report to the Committee on the Judiciary 
and the Subcommittee on Social Security, Committee on Ways and Means, 
House of Representatives 

Why GAO Did This Study:

Since September 11, 2001, more attention has been focused on the 
importance of identifying people who use false identity information or 
documents to obtain a driver license. The Social Security 
Administration (SSA) offers states a service to verify social security 
numbers (SSNs) collected during the driver licensing process. This 
report examines states’ use of SSA’s verification service, factors 
that may affect the usefulness of the service, and other tools states 
use or need to verify identity.

What GAO Found:

GAO found that 25 states have used either one or both of the methods 
SSA offers for requesting SSN verification. Over the last several 
years, states used the batch and on-line method to submit over 84 
million and 13 million requests, respectively. Although on-line use 
has been increasing, usage varied significantly among states, with 5 
out of 18 states submitting over 70 percent of all requests. States 
decide to use SSA’s service based on various factors, such as costs 
and state priorities.

Weaknesses in SSA’s design and management of its SSN verification 
service have contributed to capacity and performance problems and 
limited its usefulness. While SSA recently increased systems capacity 
and reduced outages, problems remain. For example:

* The level of service cannot be assessed because SSA has not 
established key performance measures. 
* States are concerned that the high verification failure rate adds to 
their workloads. Several states noted that some of the failures could 
be prevented if SSA disclosed more information to states.  
* States using the batch method are vulnerable to licensing 
individuals using SSNs of deceased persons because SSA does not match 
requests against its death files. In fact, GAO obtained licenses using 
fraudulent documents and deceased persons’ SSNs in 2 states. 

Driver licensing agencies rely primarily on visual inspection of 
documents such as birth certificates, driver licenses, and U.S. 
immigration documents to verify applicants’ identity. While states may 
use safeguards beyond visual inspection to verify documents, they lack 
the ability to systematically exchange identity information on all 
drivers with other states. Without a means to readily share all driver 
records, states face a greater risk for identity theft and fraud in 
the driver licensing process. A recent Department of Transportation 
report to Congress identified options that would provide states a 
system for exchanging records on all drivers and could help mitigate 
identity fraud.


What GAO Recommends:

GAO recommends that SSA develop performance measures to assess the 
quality of its service, develop a strategy to decrease the 
verification failure rate, and modify its batch method to match 
requests against death records. SSA disagreed on developing 
performance measures for this purpose but agreed it should develop a 
strategy for improving the verification rate and begin matching batch 
requests against death records. However, SSA stated that limits in law 
and systems priorities could restrict the actions it could take.

Given the homeland security implications associated with states’ 
inability to exchange information on all drivers, GAO recommends that 
the Congress, in partnership with the states, consider authorizing the 
development of a national data sharing system. 


www.gao.gov/cgi-bin/getrpt?GAO-03-920.

To view the full product, including the scope and methodology, click 
on the link above. For more information, contact Barbara Bovbjerg at 
(202) 512-7215 or bovbjergb@gao.gov.

[End of section]

Contents:

Letter:

Results in Brief:

Background:

Twenty-five States Have Used SSA's Verification Service:

Weaknesses in SSA's Design and Management of the SSN Verification 
Service Has Limited Its Usefulness:

States May Use Safeguards Beyond Visual Inspection of Identity 
Documents, but Lack a Systematic Means to Share All Driver Records:

Conclusion:

Matter for Congressional Consideration:

Recommendations:

Agency Comments and Our Evaluation:

Appendix I: Scope and Methodology:

Appendix II: Comments from the Social Security Administration:

Appendix III: GAO Contacts and Staff Acknowledgments:

GAO Contacts:

Staff Acknowledgments:

Related GAO Products:

Figures:

Figure 1: States Using SSA's Verification Services through March 2003:

Figure 2: SSA's On-line Transactions, Fiscal Years 1998-2002:

Figure 3: Distribution of On-line Verification Requests, Fiscal Years 
1998-2002:

Abbreviations:

AAMVA: American Association of Motor Vehicle Administrators:

CDLIS: Commercial Drivers Licensing Information System:

DHS: Department of Homeland Security:

DOT: Department of Transportation:

NDR: National Driver Register:

NHTSA: National Highway Traffic Safety Administration:

SSA: Social Security Administration:

SSN: social security number:

United States General Accounting Office:

Washington, DC 20548:

September 15, 2003:

The Honorable F. James Sensenbrenner, Jr. 
Chairman 
Committee on the Judiciary 
House of Representatives:

The Honorable E. Clay Shaw, Jr. 
Chairman 
Subcommittee on Social Security 
Committee on Ways and Means 
House of Representatives:

The events of September 11, 2001, focused attention on the importance 
of identifying people who use false identity information or documents, 
particularly in the driver licensing process. Driver licenses are a 
widely accepted form of identification that individuals frequently use 
to obtain services or benefits from federal and state agencies, open a 
bank account, request credit, board an airplane, and carry on other 
important activities of daily living. For this reason, driver licensing 
agencies are points at which individuals may attempt to fraudulently 
obtain a license using a false name, social security number (SSN), or 
other documents such as birth certificates to secure this key 
credential. Accordingly, states face increasing pressure to verify the 
identity information of individuals to whom they issue licenses.

As the agency responsible for issuing SSNs, the Social Security 
Administration (SSA) is uniquely positioned to help states verify the 
identity information provided by applicants. To this end, SSA has a 
verification service in place that allows state driver licensing 
agencies to verify the SSN, name, and date of birth of customers with 
SSA's master file of SSN owners. States can transmit requests for SSN 
verification in two ways. One is by sending multiple requests together, 
called the "batch" method, to which SSA generally responds within 24 to 
48 hours. The other way is to send an individual request on-line, to 
which SSA responds immediately.

To shed light on states' practices for verifying the identity 
information of driver license applicants, you asked us to examine: (1) 
the extent to which states use SSA's services to verify the SSNs of 
driver license applicants, (2) factors that may affect the usefulness 
of SSA's verification service, and (3) other tools states use or need 
to verify the identity of driver license applicants. To conduct our 
work, we reviewed federal requirements governing SSN use in the driver 
licensing process, SSA's policies for disclosing information to 
licensing agencies, information on the operation of SSA's verification 
service, and national data on states' use of the service. We 
interviewed key SSA headquarters managers and staff responsible for the 
design and oversight of the verification service, as well as American 
Association of Motor Vehicle Administrators (AAMVA) officials 
responsible for co-managing the on-line verification method with 
SSA.[Footnote 1] To develop in-depth information on specific states' 
identity verification practices, we obtained data and interviewed 
officials from California, Florida, Georgia, Maine, Maryland, 
Massachusetts, Ohio, Pennsylvania, and Tennessee. These states 
represent a range of identity verification policies and practices. We 
also telephoned or visited the states that did not use SSA's service to 
obtain general information about their identity verification policies 
and practices. Finally, we analyzed SSA and state driver licensing 
agency data to identify instances of potential identity fraud involving 
(1) individuals who used the name and SSN of deceased persons and (2) 
individuals who used fraudulent out-of-state licenses. We conducted our 
work from July 2002 through May 2003 in accordance with generally 
accepted government auditing standards. For additional details on our 
audit approach, see appendix I.

Results in Brief:

Twenty-five states have used the batch or on-line method to verify SSNs 
with SSA, and the extent to which they regularly use the service 
varies. About three-fourths of the states that rely on SSA's 
verification service used the on-line method or a combination of the 
on-line and batch method, while the remaining states used the batch 
method exclusively. Over the last several years, states estimated 
submitting over 84 million SSN verification requests to SSA using the 
batch method compared with 13 million requests submitted using the on-
line method. States generally use the batch method for a short-term 
period to verify SSNs in their existing records, while states are more 
likely to use the on-line service on a continuous basis. States' use of 
SSA's on-line service has increased steadily over the last several 
years. However, the extent of use has varied significantly, with 5 
states submitting over 70 percent of all on-line verification requests 
and one state submitting about one-third of the total. States consider 
various factors in deciding whether to use SSA's verification service. 
For example, some states that did not use SSA's service told us they 
were reluctant to do so based on performance problems they had heard 
were encountered by other states, such as frequent outages and slowness 
of the on-line system. States' use of SSA's service is also driven by 
internal policies, priorities, and other concerns. For example, some 
states may limit their use to certain targeted populations, such as 
where fraud is suspected or for initial licenses, but not for renewals 
of in-state licenses.

Weaknesses in SSA's design and management of its SSN on-line 
verification service have contributed to capacity and performance 
problems. SSA recently took steps to increase system capacity and to 
give more management attention to the service; however, problems 
remain. In designing the service, SSA used an available infrastructure 
to set up the system and encountered capacity problems, which worsened 
after the pilot phase. AAMVA's data show that, in 1999, the on-line 
system experienced an average of three major outages per month, 
increasing to an average of five per month in 2000. The capacity 
problems inherent in the design of the on-line system have affected 
states' use of SSA's verification service. For example, officials in 
one state told us that they have been forced to scale back their use of 
the system because they were told by SSA that their volume of 
transactions was overloading the system. SSA officials acknowledged 
problems stemming from the design and management of the on-line service 
and have made some necessary improvements. For example, in April 2003, 
SSA completed an upgrade to increase capacity and improve response 
times. SSA has also designated a project manager to oversee the day-to-
day management of the service. However, at the time of our review, SSA 
still had not established key goals for the level of service it will 
provide to driver licensing agencies. SSA has also not addressed 
problems regarding the high nonmatch rate and some states' continued 
vulnerability to fraud associated with the use of SSNs of deceased 
individuals by driver license applicants. These issues may affect 
states' willingness to use the service and may also expose them to a 
higher risk of fraud. Our own investigators were able to obtain 
licenses in two states using a counterfeit out-of-state license and 
other fraudulent documents and the SSNs of deceased persons.

While states may use safeguards beyond visual inspection to verify 
documents, states lack the ability to systematically exchange identity 
information on all drivers with other states. Driver licensing agencies 
rely primarily on visual inspection of documents such as birth 
certificates, driver licenses, and immigration documents to verify 
applicants' identity. For example, driver licensing employees look for 
security features or other characteristics that indicate authenticity. 
States may employ more extensive measures to verify identity 
information. For example, states may use independent data sources to 
corroborate applicants' identity information and computer systems to 
identify potential instances of identity fraud within their respective 
driver records and to prevent licensing when key identity information 
is questionable. Despite these extra measures, however, states remain 
vulnerable to identity fraud because they lack a systematic means to 
exchange information on all drivers. States' current means to exchange 
driver information is limited to records for commercial drivers and 
individuals who have lost their driving privileges. Our analysis in one 
state showed that licensing agencies might unknowingly accept false 
out-of-state licenses as valid identity documents. However, a joint 
federal and AAMVA study recently identified options that if implemented 
would provide states an exchange system for all driver records and 
could help mitigate the vulnerabilities that exist across states.

This report includes recommendations for SSA to improve the management 
of its SSN verification service to make it more useful to driver 
licensing agencies. SSA generally agreed with our findings regarding 
its SSN verification service and commented that recent improvements 
have increased states' use of the service. SSA also noted that its 
service only confirms individuals' SSN information and is not a means 
for verifying their identity. In response to our specific 
recommendations, SSA did not agree that it should develop measures for 
assessing the quality of its SSN on-line verification service because 
the agency did not believe that it would result in improved identity 
authentication. SSA agreed with our recommendations that it develop a 
strategy for improving the nonmatch rate and that it modify the batch 
process to include a match against its death records. However, the 
agency said that factors such as legal restrictions and limited systems 
resources could restrict the actions it can take. We are also 
presenting a matter for congressional consideration that the Congress, 
in partnership with the states, authorize the development of a national 
data sharing system for all driver records.

Background:

Driver licenses have become widely accepted identity documents because 
they generally include features that make them difficult to counterfeit 
or alter and may contain identifying information such as the licensees' 
legal name, photograph, physical description, and signature. Currently, 
about 188 million drivers are licensed in the United States, and states 
issue an additional 73 million licenses and identification cards each 
year.[Footnote 2] Individuals can apply to obtain licenses at about 
3,800 locations across the United States.[Footnote 3]

Authority for designing and administering driver licensing programs, as 
well as for verifying the identity information of licensees, lies with 
individual states. Accordingly, driver licensing agencies face the 
challenge of determining whether the identity documents individuals 
provide (1) are authentic and contain information that agrees with the 
issuing agency's records and (2) actually belong to the person 
presenting them. To promote uniformity among driver licensing programs, 
AAMVA provides states with guidance on documents it recommends as 
acceptable proof of identity, as well as best practices for verifying 
the documents. Not surprisingly, the SSN is key to any verification 
process because each SSN is unique to its owner.[Footnote 4] In 
February 2002, we reported that 45 states collect SSN information from 
driver license applicants. [Footnote 5] Individuals obtain SSNs by 
applying to SSA and providing evidence of their age, identity, and U.S. 
citizenship or lawful alien status.[Footnote 6]

As the agency responsible for assigning SSNs and issuing social 
security cards, SSA provides a service to the states to verify those 
numbers. SSA provides two methods for driver licensing agencies to 
verify SSNs: batch and on-line. States use the batch method to submit 
an aggregate group of SSN requests directly to SSA, and SSA generally 
responds within 24 to 48 hours. Those states using the on-line method 
submit individual SSN requests and receive immediate "real time" 
responses from SSA. On-line users transmit and receive information to 
and from SSA through a network maintained by AAMVA. SSA charges states 
a fee to cover its costs (basically system processing and personnel) 
for providing this service. Batch users pay $0.0015 per transaction 
while on-line users are charged $0.03 per transaction. For fiscal year 
2002, the total billings for batch and on-line users were about $39,000 
and $193,000, respectively. SSA collects payments directly from the 
batch users, while it bills and collects payments from the on-line 
users through AAMVA.

SSA followed Privacy Act[Footnote 7] requirements in deciding what 
information it would disclose to driver licensing agencies. Under its 
current disclosure policy, if the SSN, name, and date of birth 
submitted to SSA by a driver licensing agency match SSA's records, SSA 
will verify the match to the state driver licensing agency. If one or 
more elements do not match, SSA will inform the agency of the nonmatch 
but will not disclose further information. match only establishes that 
the information agrees with SSA's records and is not proof that the 
individual using the SSN is the person to whom SSA assigned the number.

Beyond SSA's verification service, the federal government plays a role 
in several other key areas of states' driver licensing programs. For 
example, within the Department of Transportation (DOT), the National 
Highway Traffic Safety Administration (NHTSA) operates the National 
Driver Register (NDR), a national database containing identity 
information on 39 million problem drivers that states are required to 
use when making licensing decisions.[Footnote 8] Also, to remove unsafe 
commercial drivers from the highways, the federal government 
established the Commercial Drivers License Information System (CDLIS), 
a nationwide database of 11 million records that states must use to 
exchange information on applicants who may hold commercial licenses in 
other states or have driving infractions that make them ineligible for 
licensing.[Footnote 9] DOT, the federal agency charged with 
establishing the CDLIS database, contracts with AAMVA to operate it. 
The federal government also provides grants to help states improve 
their highway safety programs. Furthermore, states' receipt of federal 
funds for their state child support enforcement programs are contingent 
on the collection of individuals' SSNs during the driver licensing 
process. This provision enables licensing agencies to assist states in 
locating and obtaining child support payments from noncustodial 
parents.

Twenty-five States Have Used SSA's Verification Service:

Twenty-five states have used either the batch or on-line verification 
method and the extent to which they regularly use the on-line service 
varies.[Footnote 10] States that used the batch method generally use it 
for a short period then switch to the on-line process exclusively. 
Although states' use of SSA's on-line service has increased steadily 
over the last several years, 5 states submitted over 70 percent of all 
on-line verification requests. Factors such as cost, system 
performance, and individual state priorities play a role in determining 
whether states opt to use SSA's verification service and the frequency 
in which it is used.

Twenty-five States Have Used the Batch or On-line Methods:

As of March 2003, driver licensing agencies in 25 states have used the 
batch or on-line method to verify SSNs with SSA. States generally use 
the batch method for a short-term period, but states are more likely to 
use the on-line service on a continuous basis. About three-fourths of 
the states that rely on SSA's verification service used the on-line 
method or a combination of the on-line and batch method, while the 
remaining states used the batch method exclusively. (See fig. 1.) Over 
the last several years, states estimated submitting over 84 million 
requests to SSA using the batch method.[Footnote 11] Similarly, states 
submitted a total of 13 million requests using the on-line method. Two-
thirds of these on-line requests were submitted in the last 2 fiscal 
years.[Footnote 12]

Figure 1: States Using SSA's Verification Services through March 2003:

[See PDF for image]

[End of figure]

SSA officials told us that the batch method offers advantages in 
circumstances where a real-time verification response is unnecessary. 
For example, some states have used the batch method to "clean-up" SSNs 
in their existing records and address any discrepancies prior to the 
license coming due for renewal at a later date. A number of states that 
have used the batch method in this manner subsequently used the on-line 
method exclusively. For example, one state that used the batch method 
in 2001 to verify over 8.3 million existing records has since used the 
on-line method exclusively. SSA officials noted that only one state 
currently uses the batch method on a continuous basis to verify SSNs 
for all of its customers.

For states that issue permanent licenses on the spot, the on-line 
service also offers an advantage, namely, the ability to instantly 
verify the SSN and other key information submitted by individuals 
seeking initial licenses, as well as those converting out-of-state 
licenses. Between fiscal years 1998 and 2002, the number of states 
participating in SSA's on-line service grew by about 3 states each 
year. As shown in figure 2, the volume of on-line verification requests 
processed by SSA has also increased significantly from 300,000 in 
fiscal year 1998 to 5.5 million in fiscal year 2002.

Figure 2: SSA's On-line Transactions, Fiscal Years 1998-2002:

[See PDF for image]

[End of figure]

Extent of States' Use of the On-line Verification Method Varied:

Although the volume of on-line requests grew between 1998 and 2002, 
usage varied significantly among states and within individual states 
from year to year. As shown in figure 3, 5 states accounted for over 70 
percent of the total transactions over a 5-year period, and a single 
state was responsible for submitting about one-third of the total 
transactions. In addition, in some states, the use of the on-line 
service varied from year to year. For example, one state sent in about 
250,000 requests in 1 year and about half that number the following 
year.

Figure 3: Distribution of On-line Verification Requests, Fiscal Years 
1998-2002:

[See PDF for image]

[End of figure]

States Weigh Considerations in Deciding to Use SSA's Verification 
Service:

Various factors--such as costs, performance problems, and state 
priorities--may affect states' decisions about whether or not to use 
SSA's verification service. The nonverifying states we contacted 
frequently cited cost as a reason why they did not use SSA's 
verification service. In addition to the per-transaction fees that SSA 
charges, states may incur additional costs to set up and use SSA's 
service, including the cost for computer programming, equipment, 
staffing, training, and so forth. State estimates associated with 
establishing an on-line SSN verification process with SSA varied 
considerably based on factors such as the system modifications they 
planned to make. For example, one state we contacted estimated that it 
would cost approximately $770,000 to implement the on-line service. 
Another state estimated that using the on-line service would have a 
start-up cost of about $230,000.

Many nonverifying states we contacted expressed a reluctance to use 
SSA's verification service based on performance problems they had heard 
were encountered by other states. Some states cited concerns about 
frequent outages and slowness of the on-line system. Other states 
mentioned that the extra time to verify and resolve SSN problems could 
increase customer waiting times because a driver license would not be 
issued until verification was complete.

States' decisions about whether to use SSA's service, or the extent to 
which to use it, are also driven by internal policies, priorities, and 
other concerns. For example, some of the states we visited have 
policies requiring their driving licensing agencies to verify all 
customers' SSNs. Officials in one of these states acknowledged that the 
growing prevalence of identity theft and the events of September 11, 
2001, directly affected their decision to begin using SSA's service. 
Conversely, another state we visited that had submitted only 51 
transactions over a 3-year period told us that it was delaying full use 
of SSA's service until spring 2003 to coincide with the roll-out of its 
new driver-license issuance system. Finally, we found that states may 
limit their use of the on-line method to certain targeted populations. 
For example, one state reported that its policy was to use the on-line 
method only if fraud was suspected, while another used the service only 
for initial licenses and out-of-state conversions, but not for renewals 
of in-state licenses.

Weaknesses in SSA's Design and Management of the SSN Verification 
Service Has Limited Its Usefulness:

Weaknesses in the design and management of SSA's on-line verification 
service have contributed to capacity and performance problems and 
ultimately limited its usefulness. SSA recently took steps to increase 
systems capacity and to give more management attention to the service; 
however, problems remain. In designing the system, SSA used an 
available infrastructure and encountered capacity problems early on. 
Although the problems worsened after the pilot phase, SSA did not 
monitor or modify the system to improve its performance. Beyond system 
design problems, SSA's day-to-day management of the service has also 
been problematic. This lack of management attention to the service is 
evidenced by the fact that SSA has failed to bill and collect in a 
timely fashion more than $370,000 from AAMVA over the last several 
years. SSA officials have taken some steps to address system capacity 
problems, but the agency still lacks key performance goals for the on-
line service. Despite an increased focus on daily management and 
oversight of the service, SSA still has not addressed other problem 
areas such as a high nonmatch rate or states' vulnerability to fraud 
associated with individuals who use the SSNs of deceased individuals to 
obtain licenses. These issues may affect states' willingness to use the 
service and expose them to a higher risk of fraud.

The Design and Management of the On-line System Contributed to Capacity 
and Performance Problems:

Weaknesses in the design and management of SSA's on-line system have 
contributed to capacity and performance problems. In designing the 
system, SSA connected its server to AAMVA's network, to which driver 
licensing agencies across the country were linked.[Footnote 13] SSA 
connected the two systems using a low-speed data communication line. In 
1997, SSA piloted the on-line service with three states participating. 
A joint SSA and AAMVA evaluation of the pilot estimated that the on-
line service could verify 43,200 requests in a 12-hour period or 12.5 
million per year. It was also estimated that states would submit 7.7 
million requests in 1998. While the system experienced some problems 
during the pilot--such as slow response times and outages--SSA 
expressed confidence that its system would be sufficient to handle all 
requests. SSA acknowledged that only limited capacity testing was done. 
However, SSA planned to monitor the system's performance as needed to 
ensure it could meet states' needs.

Following the pilot phase, problems worsened as more states began using 
SSA's service. AAMVA's data show that in 1999 the system experienced an 
average of three major outages per month, increasing to an average of 
five per month in 2000. More recent AAMVA data showed that from August 
2002 through March 2003, outages continued to occur frequently and 
lasted from about 30 minutes to as long as 1 day. Such outages can 
affect customer service because employees in one state told us that 
when the service is down, they cannot process customers' transactions. 
However, because SSA did not collect or monitor performance data on 
response times and outages, SSA did not know the magnitude or specifics 
of the problem.

The capacity problems inherent in the design of the on-line system have 
affected states' use of SSA's verification service. Officials in one 
state told us that they have been forced to scale back their use of the 
system because they were told by SSA that the volume of transactions 
was overloading the system. In addition, AAMVA representatives told us 
that because of concerns about performance and reliability, they have 
not allowed new states to use the service since the summer of 2002. At 
the time of our review, 10 states had signed agreements with SSA and 
were waiting to use the on-line system, and 17 states had received 
funds from DOT for the purpose of verifying SSNs with SSA.[Footnote 14] 
It is uncertain how many of the 17 states will ultimately opt to use 
SSA's on-line service. However, even if they signed agreements with SSA 
today, they may not be able to use the service until the backlog of 
waiting states is addressed.

In addition to design weaknesses, SSA did not sufficiently focus on the 
management of its service. In particular, SSA previously lacked a 
designated person to oversee the day-to-day operations of the service 
and to coordinate with AAMVA on various management issues. As a result, 
AAMVA lacked a focal point within SSA to resolve persistent performance 
problems that arose with the system. AAMVA officials told us they would 
start by calling SSA's general help desk, as directed by SSA, but would 
end up calling several different components within the agency. This 
situation impeded the timely and effective resolution of problems 
necessary to meet states' verification needs. SSA's lack of management 
attention to the service is also evidenced by the fact that the agency 
failed to timely bill and collect fees from AAMVA over the last several 
years. Each year SSA is required to reach agreement with AAMVA on the 
per transaction cost of its service. However, for several years SSA and 
AAMVA have not done this. Under the agreement, SSA is also required to 
send AAMVA a final billing each year based on the number of 
transactions processed. SSA billed and collected payments from AAMVA 
for the first 2 fiscal years--1997 and 1998. However, between fiscal 
years 1999 and 2002, SSA failed to bill and collect more than $370,000 
it calculated as being due from AAMVA.

SSA and AAMVA officials have acknowledged problems stemming from the 
design and management of the on-line service and have made some 
necessary improvements. For example, according to SSA, in April 2003 
the service began using software that AAMVA recently revised to 
increase the volume of transactions states could submit and receive 
through AAMVA's network. About the same time, SSA completed an upgrade 
of its data communication line and server to enhance its system 
capacity and response time. SSA officials told us these upgrades should 
reduce outages and enhance performance. SSA provided us with 
information showing that in May 2003, 2 states had increased their 
volume of transmissions and an additional 3 states had begun using the 
service. SSA plans to add 4 new states that are currently testing the 
on-line system. AAMVA estimates that 2003 verification requests may 
increase to 28 million, more than five times the number received in 
2002. Despite this projection, however, at the time of our review, SSA 
still had not established key goals for the level of service it will 
provide driver licensing agencies. SSA officials told us they are 
currently monitoring the volume of transactions and response times as 
new states are added. However, until SSA establishes key goals, the 
quality and effectiveness of SSA's on-line service cannot be fully 
assessed. More recently, SSA also designated a project manager 
responsible for overseeing the day-to-day operation of its service, as 
well as an individual responsible for the billing and collection of 
AAMVA payments. At the time of our review, SSA had collected $330,000 
from AAMVA for fiscal years 1999-2002.[Footnote 15] SSA officials told 
us that they are in the process of updating the cost estimates and 
payments for fiscal year 2003.

SSA Has Not Focused on Other Key Weaknesses in the Service It Provides 
States:

Despite SSA's recent efforts to focus more management attention on its 
verification service, problems regarding the high nonmatch rate and 
states' continued vulnerability to fraud associated with the use of 
SSNs of deceased individuals by driver license applicants remain. These 
problems pose a concern for states because of the additional workloads 
associated with resolving discrepancies between SSA and states' driver 
records as well as the potential for identity theft. SSA's data over 
the last 5 years show that an average of 11 percent of all transactions 
submitted by states failed to verify with SSA's records. Some states 
have experienced nonmatch rates as high as 30 percent. In fiscal year 
2002, about 800,000 records failed verification. Generally, about one-
half of these failed because the name submitted with the SSN did not 
match the name in SSA's records. Such mismatches may occur, for 
example, if a person's SSN record lists a maiden name, but the person 
is applying for a license under a married name. The states and AAMVA 
have voiced their concerns to SSA about the need for additional 
disclosure of information. In a May 2001 letter to one state, SSA's 
Acting Deputy Commissioner specified the agency's disclosure policy for 
driver licensing agencies and stated that SSA closely scrutinizes 
requests involving SSN use for purposes not related to the Social 
Security program. In doing so, SSA has decided to provide its 
verification service in a limited manner by informing driver licensing 
agencies which data elements match or do not match.

State concerns about the potential workloads associated with resolving 
nonmatch issues may affect their willingness to fully use SSA's 
service. Officials in one state told us that a planned start up of the 
on-line service may be delayed due to concerns about the high nonmatch 
rate they have experienced using SSA's batch service. Officials in 
another state indicated that they have not done a batch clean up of 
their existing databases because they are unable to devote the 
additional funding and staff resources to address nonverification 
issues. SSA officials told us that they are aware of states' concerns 
and have recently begun discussions to address disclosure issues with 
the states.

In reviewing SSA's verification service, we also identified a key 
weakness in the batch method that exposes states to a higher risk of 
fraud by allowing them to inadvertently issue licenses to individuals 
using the SSNs of deceased individuals. Unlike the on-line service, SSA 
does not match batch requests against its death records. As a result, 
the batch method will not identify and prevent the issuance of a 
license in cases where an SSN of a deceased individual is being used. 
SSA officials told us that they initially developed the batch method 
several years ago, and they did not design the system to match SSNs 
against its death files. However, a death match was built into the on-
line system. At the time of our review, SSA acknowledged that it had 
not explicitly informed states about the limitation of the batch 
service.

Our own analysis of 1 month of SSN transactions submitted to SSA by one 
state using the batch method identified at least 44 cases in which 
individuals used the SSN, name, and date of birth of persons listed as 
deceased in SSA's records to obtain a license or an identification 
card.[Footnote 16] We forwarded this information to state investigators 
who quickly confirmed that licenses or identification cards had been 
issued in 41 cases and were continuing to investigate the others. To 
further assess states' vulnerability in this area, our own 
investigators, working in an undercover capacity, were able to obtain 
licenses in two batch states using a counterfeit out-of-state license 
and other fraudulent documents and the SSNs of deceased persons. In 
both states, driver licensing employees accepted the documents we 
submitted as valid. Our investigators completed the transactions in one 
state and left with the new valid license.[Footnote 17] In the second 
state, the new permanent license arrived by mail within weeks. The ease 
in which they were able to obtain these licenses confirmed states' 
vulnerability to accepting fraudulent documents, and for those states 
that use SSA's batch process, to issuing licenses to individuals using 
SSNs of deceased individuals. SSA officials have told us that the 
agency has not made a decision about whether the current batch system 
will be modified to include a death match.

Our field work shows that licensing officials in states that use or 
have used the batch process were often unaware that SSA did not match 
SSNs against its death records. As a result, these states lacked 
information that they could have used to make more informed decisions 
in choosing either the batch or on-line method or to seek alternative 
strategies to avoid issuing licenses to individuals using SSNs of 
deceased persons. Moreover, states that have used the batch method in 
prior years to clean up their records and to verify the SSNs of 
millions of driver license holders, may have also unwittingly left 
themselves open to identity theft and fraud.

States May Use Safeguards Beyond Visual Inspection of Identity 
Documents, but Lack a Systematic Means to Share All Driver Records:

States may use tools beyond visual inspection to verify documents, but 
lack the ability to systematically exchange identity information on all 
drivers with other states. Although driver licensing agencies rely 
primarily on visual inspection of documents to verify applicants' 
identity information, states may employ more extensive measures such as 
using independent sources to corroborate applicants' identity 
information. Despite the extra measures, states remain vulnerable to 
identity fraud because they lack a systematic means to exchange 
information on all drivers. As a result, states may unknowingly accept 
false out-of-state licenses as valid identity documents or license 
individuals who use the identity information of others.

Visual Inspection of Documents Is a Primary Practice for Verifying 
Identity:

In the states we visited, driver-licensing agencies rely primarily on 
visual inspection to determine the authenticity of documents provided 
by applicants. As proof of identity, applicants must present one or 
more state-approved documents that are generally inspected by staff. 
Applicants may present a variety of documents, such as a social 
security card, a U.S. birth certificate, a driver license from another 
state, or passport. For noncitizen applicants, staff also review a 
myriad of passports and U.S. immigration documents. In reviewing 
identity documents, staff look for security features such as watermarks 
and raised seals that are difficult to counterfeit and are designed to 
reveal evidence of tampering. They also inspect documents for other 
indications of authenticity such as signs of appropriate aging. If 
employees are unsure if a particular document is authentic or if it 
actually belongs to the applicant, they may use interviewing techniques 
to ensure that the individual can corroborate key information.

In the states we visited, staff responsible for processing driver 
license applications generally received some training and basic 
assistance to support the visual inspection. For example, all of the 
states provided training to help employees distinguish between 
authentic and fraudulent documents. This generally occurred once or 
twice a year and was sometimes presented as part of a larger training 
module covering other policies and procedures of the agencies. In 
addition to training, office managers and supervisors with more 
experience in detecting false documents were available on site to help 
with the visual inspection if needed. In several states, supervisors 
and office managers told us that they have directly contacted issuing 
agencies to determine whether documents, such as birth certificates, 
were valid. However, this was not routinely done because it can be a 
time-consuming and labor-intensive process. Nearly every state we 
visited provided staff with some basic tools to help with the visual 
inspection, such as reference manuals describing the security features 
included in various state and federal government issued identity 
documents. Other tools such as black lights and magnifying glasses were 
also commonly available to help staff view the security features 
embedded in certain documents. However, we found that the extent to 
which staff actually used these tools varied.

Despite the training and other measures to aid visual inspection, these 
approaches are often not enough for employees to make a definitive 
determination of a document's authenticity. Staff and managers we 
interviewed frequently expressed concern that the variety of valid 
state birth certificates, social security cards, out-of-state licenses 
and immigration documents, made it extremely difficult to catch those 
that are forged, short of them being obvious fakes.[Footnote 18] They 
also frequently expressed a need for better access to automated means 
of verifying these documents.

States Employ Additional Safeguards to Verify Identity and Prevent 
Fraud:

Because of the vulnerabilities associated with the visual inspection of 
documents, states employ more extensive safeguards to better deter and 
detect identity theft and fraud. These include seeking out independent 
third-party data sources to corroborate identity information and 
documents provided by driver license applicants, utilizing computer 
systems to strengthen the integrity of their licensing process, and 
using other innovative tools to better verify applicants' identity 
information and deter fraud.

At the time of our review, a number of states we visited were either 
using or pursuing the use of other tools to electronically verify 
identity information with issuing agencies and other independent third 
parties. Officials in several states we visited told us that they 
wanted access to the Department of Homeland Security (DHS)[Footnote 19] 
immigration information to verify the identity documents of noncitizen 
applicants. Further, a state with a large immigrant and noncitizen 
population had contracted with DHS to routinely authenticate 
immigration documents and other information relevant to a person's 
citizenship and immigration status.[Footnote 20] A second state was in 
the process of negotiating access to these records. Statewide birth and 
death information was also viewed by state administrators as key to the 
identity verification process. Accordingly, several of the states we 
visited have periodically used electronic queries or data matches to 
access birth or death records.

Three of the nine states we visited were pilot-testing or considering 
the use of private vendors to strengthen their identity verification 
and fraud detection procedures. These private vendors typically access 
various information sources, including civil and criminal records, 
credit information, address information, state driver records, and 
state birth and death data to help driver licensing agencies 
corroborate information provided by applicants and correctly issue 
licenses. At the time of our review, one state was pilot-testing on-
line access to a private vendor in a limited number of sites. AAMVA 
officials did not have national data on the extent to which other 
states are using innovative third-party verification tools to 
strengthen the integrity of their licensing procedures. However, they 
generally noted that such practices are not routinely used to 
supplement states' primary practice of visually inspecting documents.

Several states we visited made extensive use of computer systems to 
prevent identity theft and fraud. Several states have computer systems 
capable of screening for multiple individuals in their state with the 
same or similar identity information. For example, one state's computer 
system automatically cross-matches first-time applicants' personal 
information against existing driver records in the database to search 
for such situations. When states do not have the capability to 
routinely perform such cross-matches, employees may inadvertently issue 
licenses to individuals who may be using the identity information of 
someone the state has previously licensed.

Some states' computer systems are designed to prevent the issuance of a 
license in certain high-risk situations. For example, one state's 
system terminates the processing of a transaction if identity 
information does not verify with SSA, or if staff attempt to by-pass 
this verification step. Staff are also prevented from overriding the 
system and issuing the license unless an authorized person--generally a 
higher-level official--intervenes. Similarly, some states had systems 
that could prevent issuance of a license if an individual's personal 
information already existed in the states' driver records, or DHS 
information failed to verify. Further, in cases where fraud is 
suspected, most states' systems--although not all--are capable of 
flagging the transaction and automatically transmitting this 
information to other offices within the state to prevent persons from 
"shopping" sites once they were denied at the first location. Officials 
in one state that lacked this protection told us that in cases of 
suspected fraud, staff relied on manual processes such as telephone 
calls and e-mails to alert other offices about suspicious individuals 
and false documents.

Finally, to varying degrees, the states we visited have instituted 
additional controls to better address identity theft and fraud issues. 
Due to concerns about the quality and integrity of other state 
licensing systems, three states prohibit or limit the acceptance of 
out-of-state licenses as a sole or primary identity document. Officials 
from another state told us that they would not accept such documents 
from 20 states that they have determined to have less stringent 
verification processes. A few other states have also instituted 
policies requiring that two employees review or sign-off on the 
authenticity of documents provided by applicants before a license can 
be issued. This separation of responsibilities provides for additional 
scrutiny of documents and may act as a further check against employee 
fraud. Another common practice among several states was to copy all 
identity documents if during the application process, fraud was 
suspected. This provides the licensing agency with key information for 
investigating the individual's alleged identity. An official in one 
state told us that staff are trained to collect and copy identity 
documents upfront regardless of whether fraud is suspected at the time.

All nine states we visited also store and transmit information such as 
digital photographs and signatures for verification purposes. Two 
states also captured fingerprints at the time of application, but only 
one of them used biometric technology to electronically verify this 
identity information for individuals renewing licenses. Another 
safeguard used by two states is the issuance of temporary licenses when 
identity information has not been corroborated at the time of 
application. Such licenses lack photographs and security features 
common to permanent licenses or clearly state that they are not valid 
for identity verification purposes. However, a third state's temporary 
license looks the same and includes identical information as its 
permanent license. As a result, this license could continue to be 
presented as an identity document by individuals even if the 
circumstances under which it was issued are ultimately determined to be 
fraudulent.

States Lack a Systematic Means to Exchange Records on All Drivers:

Despite the additional safeguards taken by some states, licensing 
agencies lack a systematic means to exchange information on all drivers 
nationwide, limiting their ability to deter identity theft and fraud. 
Currently, states have automated access and are required to use the 
NDR, which is a DOT database of 39 million problem drivers. With this 
system, licensing agencies have the ability to simultaneously query all 
50 states to determine whether an applicant's name appears in the 
database. For commercial drivers, states obtain information on their 
licensing, identification, and disqualification from the CDLIS database 
of 11 million records. States are required to input driver information 
into CDLIS and to use the system to verify commercial driver record 
information during the licensing process.

Because the NDR and CDLIS target specific driver populations and do not 
include the records and identity information of the approximately 188 
million drivers operating in the United States, state driver licensing 
agencies lack a single inquiry process to determine whether or not a 
person has ever been issued a license. Numerous officials in the states 
we visited told us that having a more efficient means of electronic 
interstate communications, that included the electronic transfer of 
identity information such as digital photographs and signatures, would 
improve the integrity of their licensing process. Officials in the 
states we visited were particularly concerned about individuals using 
licenses issued by other states as identity documents and their 
inability to quickly query all states' databases to corroborate key 
information. As a result, states are limited in their ability to 
determine whether other states' identity documents are authentic or to 
identify multiple individuals using the same personal identifying 
information in other states.

Our analysis of one state's data demonstrates the potential 
vulnerabilities driver licensing agencies currently face when accepting 
out-of-state licenses as proof of identity. We examined data from one 
state's internal state cross-match of its existing driving records and 
identified numerous instances where the same out-of-state license 
number had been used by multiple individuals with different names and 
dates of birth to apply for and obtain a new license. We forwarded 
about 100 of these license numbers to the alleged issuing state and 
asked them to provide us with key information on the owner of record. 
We found 96 cases of potential identity fraud involving 52 of the 
driver licenses numbers. For example, states reported some license 
numbers as invalid or as being issued to someone other than the persons 
that had used them. One state reported back that the license number we 
submitted to them was actually a zip code, rather than a genuine state-
issued license number. Another license was reported by the issuing 
state to be a valid number that had been counterfeited and used in 
several states.

A July 2001 report to the Congress prepared by DOT in cooperation with 
AAMVA, identified alternatives to improving state data exchanges and 
discussed various options for change.[Footnote 21] The specialized 
nature of NDR and CDLIS does not allow states to verify licenses for 
all drivers--a means to identify potential identity fraud. However, the 
report concluded that an alternative system encompassing all driver 
records could operate efficiently using existing programs developed for 
CDLIS and on hardware that is currently in use. However, the report 
also concluded that before such a system could be developed, several 
potential obstacles should be addressed. These include agreeing on the 
use of a unique identifier by which to query all state driving records, 
ensuring that all states participate, defining the role of the federal 
government, and funding the costs of developing and converting to an 
all-driver system. The report also acknowledged that state resources 
for development and implementation would be necessary to cover 
projected costs, which AAMVA has estimated to be about $78 million over 
3 years. However, the report concluded that, once operational, user 
fees similar to those imposed for CDLIS could be levied by states to 
cover operational expenses.

Conclusion:

The driver license is a key identity document that can be used by 
individuals to obtain a range of public and private services 
nationwide. Accordingly, state driver license agencies face a daunting 
task in ensuring that the identity information of those to whom they 
issue licenses is verified. However, states' effectiveness in this area 
is often dependent on several factors, including the receipt of timely 
and accurate identity information from SSA, the extent to which they 
implement additional identity verification and fraud detection tools, 
and their ability to quickly and systematically share key driving 
record information with other state licensing systems. Deficiencies in 
any of these areas may weaken states' efforts to ensure the integrity 
of their licensing decisions.

Unfortunately, design and management weaknesses associated with SSA's 
verification service have limited its effectiveness. States that are 
unable to take full advantage of the service and others that are 
waiting for the opportunity to use it remain vulnerable to identity 
theft and fraud. SSA's recent efforts to refocus management attention 
on improving its service represents a positive step and may be key to 
moving more state licensing agencies away from processes that rely 
heavily on fraud-prone visual inspections of identity documents, to one 
in which information such as an individual's SSN, name, and date of 
birth can be quickly and independently corroborated. However, sustained 
attention to improving its service is needed. Furthermore, states that 
continue to rely primarily or partly on SSA's batch verification 
service still risk issuing licenses to individuals using the SSNs and 
other identity information of deceased individuals. This remains a 
critical flaw in SSA's service and states' efforts to strengthen the 
integrity of the driver license.

Since September 11th, more state driver licensing agencies have begun 
to reassess their prior view that driver licenses are simply an 
authorization to operate a motor vehicle and have taken aggressive 
actions to strengthen the integrity of this important identity 
document. However, licensing programs remain state-administered and may 
vary considerably in the tools provided to front-line staff to verify 
identity information, such as access to automated independent third-
party data sources. This has potentially serious consequences for the 
numerous public and private sector service providers who rely on the 
driver license as an identity document, but may be unaware that not all 
states' licenses are equal in terms of the integrity of the identifying 
information included on them.

Beyond the actions taken by individual states, coordination and data 
sharing is key to addressing many of the factors that allow identity 
theft and fraud to continue in the driver licensing process. No single 
state has overarching authority to require information sharing 
nationwide, define minimum standards for proof of identity, or mandate 
the development of a systematic means for interstate communication. 
However, cooperative efforts between the federal government, the 
states, and AAMVA have identified and facilitated technological options 
for improving the exchange of driver record data among all states. We 
recognize that potential barriers related to system's design, funding, 
privacy rights, and states' willingness to use such a tool have yet to 
be fully resolved. However, given the potential economic and national 
security implications associated with identity theft at the point of 
driver licensing, sustained leadership at the federal level could be 
the catalyst for needed change.

Matter for Congressional Consideration:

In light of the homeland security implications associated with states' 
inability to systematically exchange driver license identity 
information and the need for sustained leadership in this area, the 
Congress, in partnership with the states, should consider authorizing 
the development of a national data sharing system for driver records.

Recommendations:

Considering the significant increase in the number of on-line requests 
that SSA anticipates receiving from states, as well as the weaknesses 
that we identified in SSA's service that may increase states' 
vulnerability to identity fraud, we recommend that the Commissioner of 
Social Security take the following actions:

* Develop performance measures essential to assessing the quality of 
the service provided.

* Develop a strategy for improving the nonmatch rate for SSA's 
verification service. This should include identifying additional 
information it can reasonably and legally disclose to state driver-
licensing agencies as well as actions states can take to prevent 
nonmatches.

* Modify SSA's batch verification method to include a match against its 
nationwide death records.

Agency Comments and Our Evaluation:

We obtained written comments on a draft of this report from the 
Commissioner of SSA. SSA's comments are reproduced in appendix II. SSA 
also provided additional technical comments, which we incorporated in 
the report as appropriate. We also requested that AAMVA officials 
review the technical accuracy of our discussion of AAMVA's role in the 
SSN verification process, as well as our characterization of states' 
identity verification and fraud prevention activities. We incorporated 
AAMVA's comments in the report as appropriate.

SSA generally agreed with our findings regarding its SSN verification 
service and said that recent improvements have increased states' use of 
the service. The agency noted that it is continuing to investigate the 
sequence of events surrounding our ability to obtain driver licenses 
with counterfeit documents and the SSNs of deceased individuals. SSA 
also said that its service only offers confirmation that SSNs and other 
identity information provided by driver license applicants are 
consistent with its records and should not be perceived as a means for 
verifying identity. Also, SSA said that any attempts to reduce the 
nonmatch rate for its service by relaxing the match criteria would be 
inconsistent with the need for "tighter match requirements" and 
increased security in the post 9/11 era. We agree that SSA's service 
does not allow states to definitively determine the identity of driver 
license applicants and have made small changes to ensure that our 
report will not be misinterpreted. However, we continue to believe that 
the verification service, in combination with other verification tools 
used by the states, is key to corroborating the identity information 
presented by driver license applicants. We also are not suggesting that 
SSA compromise the integrity of its verification service in order to 
reduce the nonmatch rate. However, our report shows that about half of 
all verification failures are for name mismatches. Such mismatches are 
thought to commonly occur due to changes in marital status. We continue 
to believe that opportunities exist for SSA to work with the states to 
explore options for addressing this issue and to ultimately improve the 
overall quality of its service.

In response to our specific recommendations, SSA disagreed that it 
should develop measures for assessing the quality of its SSN on-line 
verification service. Instead, SSA said that it plans to develop a 
performance baseline for enumeration accuracy to measure whether 
applicants were entitled to receive an SSN based on supporting 
documentation. SSA did not believe that developing performance measures 
specifically for its verification service would result in improved 
identity authentication. However, we continue to believe that the 
verification service, in combination with other tools used by the 
states, is key to corroborating driver license applicants' identity 
information. As our report notes, performance concerns and issues often 
affected the extent to which states used SSA's verification service, or 
whether they opted to use the service at all. Thus, some states lacked 
a key tool for corroborating the identity information of driver license 
applicants. We continue to believe that SSA should develop measures for 
its service to monitor and assess systems availability, outages, 
response times and other key aspects of performance. Without such 
measures, SSA lacks a means to identify performance problems and take 
corrective actions when needed.

SSA agreed with our recommendations that it develop a strategy for 
improving the nonmatch rate for its service and that it modify the 
batch process to include a match against its death records. However, 
the agency said that factors such as legal restrictions on the 
information it may disclose to states and limited systems resources 
could restrict the actions it can take. Indeed, we encourage SSA to 
work within the existing law to develop policies to reduce nonmatches 
and to better assist states when they occur. Also, in view of states' 
vulnerability to licensing individuals using deceased persons' SSN 
information and the volume of batch verification requests submitted to 
SSA by the states, we believe immediate action is needed.

We are sending copies of this report to the Commissioner of SSA and 
other interested parties. Copies will also be made available to others 
upon request. In addition, the report will be available at no charge on 
GAO's Web site at http://www.gao.gov. If you have any questions 
concerning this 
report, please call me on (202) 512-7215. The major contributors to 
this report are listed in appendix III.

Barbara D. Bovbjerg 
Director, Education, Workforce, and Income Security Issues:

Signed by Barbara D. Bovbjerg: 

[End of section]

Appendix I: Scope and Methodology:

This appendix provides additional details about our analysis of the 
Social Security Administration's (SSA) verification services and 
states' practices for verifying the identity of driver license 
applicants. To attain our objectives, we obtained and reviewed various 
reports related to the issue of identity verification from state 
auditors, SSA's Office of Inspector General, and the American 
Association of Motor Vehicle Administrators (AAMVA). We reviewed 
federal requirements governing social security number (SSN) use in the 
driver licensing process, SSA's policies for disclosing identity 
information to licensing agencies, and numerous verification agreements 
between SSA and the states. We analyzed nationwide data on states' use 
of SSA's verification service, including the volume of records 
submitted, trends in usage, and the rate at which SSNs failed to verify 
between October 1997 through May 2003.[Footnote 22] We interviewed SSA 
officials responsible for the SSN verification data with regard to the 
reliability of the data, and determined the data to be sufficiently 
reliable for our reporting purposes. We telephoned or visited states 
that were not using SSA's service to obtain general information about 
their identity verification practices, as well as their plans for using 
SSA's service in the future.

To obtain more specific information on the design and management of 
SSA's batch and on-line verification service, we interviewed key SSA 
line and management officials as well as AAMVA officials responsible 
for co-managing the on-line service. We also reviewed an SSA/AAMVA 
evaluation of a pilot of the on-line method. [Footnote 23] To determine 
batch service states' vulnerability to individuals who may use deceased 
persons' SSNs to obtain a license, we matched approximately 500,000 
batch verification requests submitted by one state for the month of 
December 2002 against SSA's Master Death file.[Footnote 24] We 
identified 44 instances in which SSA verified an SSN submitted by the 
state that matched an SSN in the death record where the death occurred 
before December 2002. In order to determine whether these individuals 
actually received a license or identity card, we submitted the 44 cases 
to the state licensing agency for its review. The state officials 
confirmed that licenses or identification cards had been issued in 41 
cases and are currently reviewing the remaining cases. Because we 
selected a judgmental sample of cases to review, our findings are not 
generalizable to the entire state over time or to any other state.

To gain more in-depth information on specific challenges states may 
encounter in their efforts to verify applicant identity documents, as 
well as their policies and procedures for doing so, we conducted field 
work in California, Florida, Georgia, Maine, Maryland, Massachusetts, 
Ohio, Pennsylvania, and Tennessee. At these locations we interviewed 
key management and line staff and obtained data and documents relative 
to their verification processes and tools. We selected states that were 
geographically dispersed to obtain a mix that (1) did, and did not, 
issue temporary licenses before issuing permanent licenses, and (2) 
have, and have not, used one or both of SSA's verification services. We 
also chose some states that had large immigrant populations or were 
identified as using innovative practices to verify identity. We also 
interviewed and obtained information from representatives of private 
businesses that offer commercial services to assist driver licensing 
agencies in verifying identity information.

Finally, to assess states' vulnerability to accepting fraudulent out-
of-state driving licenses as an identity document, we used one state's 
listing representing numerous instances where the same out-of-state 
license number was used multiple times to obtain a license in another 
state. We selected about 100 cases where the name and date of birth of 
the individual were clearly different from one record to the next and 
submitted about 100 of them to the original issuing states. We obtained 
information from the states identifying the name and date of birth of 
the owner of the driver license to determine whether there was possible 
identification fraud. We conducted internal reliability checks for data 
received from state driver licensing agencies. Because we selected a 
judgmental sample of cases to review, our findings are not 
generalizable. We conducted our work from July 2002 through May 2003 in 
accordance with generally accepted government auditing standards.

[End of section]

Appendix II: Comments from the Social Security Administration:

SOCIAL SECURITY:

The Commissioner August 22, 2003:

Ms. Barbara D. Bovbjerg Director, Education, Workforce, and Income 
Security Issues U.S. General Accounting Office Washington, D.C. 20548:

Dear Ms. Bovbjerg:

Thank you for the opportunity to review and comment on the draft report 
"Social Security Numbers (SSN): Improved SSN Verification and Exchange 
of States' Driver Records Would Enhance Identity Verification" (GAO-03-
920). Our comments on the report are enclosed.

If you have any questions, please have your staff contact Laura Bell at 
(410) 965-2636.

Sincerely,

Jo Anne B. Barnhart:

Signed by Jo Anne B. Barnhart:

Enclosure:

SOCIAL SECURITY ADMINISTRATION	BALTIMORE MD 21235-0001:

COMMENTS ON THE GENERAL ACCOUNTING OFFICE (GAO) DRAFT REPORT "SOCIAL 
SECURITY NUMBERS (SSN): IMPROVED SSN VERIFICATION AND EXCHANGE OF 
STATES' DRIVER RECORDS WOULD ENHANCE IDENTITY VERIFICATION" (GAO-03-
920):

Thank you for the opportunity to review and comment on the draft 
report. We are pleased that the report highlights our and the American 
Association of Motor Vehicle Administrators' (AAMVA)[NOTE 1] efforts to 
improve the system that provides Social Security number online 
verification (SSOLV) to States in their driver licensing efforts. The 
enhancements are necessary and timely for a number of reasons, 
including that prior to April 2003, 18 States (including the District 
of Columbia) were using the SSOLV service, compared to 30 States that 
now have agreements to use the service. In researching why SSOLV 
responses to the States were slow (even though SSA was processing 
requests in sub-second time frames), it was discovered that AAMVA's 
processing code was incapable of handling the traffic volume. AAMVA 
took steps to upgrade its code and it was placed into SSA's production 
processes in April 2003.

To address additional concerns that could emerge on the then current 
infrastructure, we upgraded the capability of the data connection and 
supporting server that transmits data between AAMVA and SSA. We are 
pleased to report that tests of the upgraded system have proved 
satisfactory to both SSA and AAMVA. Specifically, the data shows that 
prior to the upgrade, we were processing 15,000 to 20,000 transactions 
per day, and currently we are processing 30,000 to 40,000 transactions 
a day. To further promote the States' use of the online verification 
service, AAMVA plans to begin a renewed campaign to educate the States 
about the improvements to the process.

We also have been meeting with AAMVA and State MVA representatives, to 
develop systems security requirements that will cover States' use of 
online SSN verification service under a new data exchange agreement 
with AAMVA.

Concerning the success of agents obtaining a false driver's license, we 
are investigating the sequence of events with the GAO test cases. On 
the face of it, it may be that the State employee simply did not 
attempt to use the service. If the undercover GAO agent left the MVA 
office with a driver's license, the batch routine interface may not be 
an issue, as the driver's license personnel may not have used the 
verification process.

Finally, we are concerned that the report and cover letter imply that 
SSA's SSN verification process verifies identity. Instances may occur 
when external system users wrongly believe if the forwarded information 
"matches" our information the person who provided it is the individual 
to whom the data relates. We believe the report's stated goals are 
internally inconsistent; that is, looser match routines, to reduce the 
number of mismatches, necessarily work against the tighter match 
routines required in the post-9/11 quest for security by State and 
Federal entities. Additionally, we do not believe that improving the 
non-match rate will necessarily result in improved identity 
authentication as anyone who presents a State's MVA with all of the 
correct data used on the SSN 
application would produce a match via SSN verification, but still may 
not be the person to whom the SSN was assigned. It has been our 
experience that the States and the Federal government are seeking 
better security, requiring "tighter" routines. The report should be 
clear that our processes merely confirm whether the forwarded 
information matches information in our computer records and that a 
match does not verify identity.

Our responses to the specific recommendations are provided below, and 
we are including technical comments to enhance the accuracy of the 
report.

Recommendation I:

SSA should develop performance measures to assess the quality of the 
SSN verification service.

Comment:

We do not agree. Beginning with fiscal year (FY) 2003, SSA began 
collecting data to establish a performance baseline that includes a new 
verification criterion to determine if the applicant was entitled to 
receive an SSN based on supporting documentation. This means that the 
field office verified appropriate records from the Bureau of 
Citizenship and Immigration Services, Department of Homeland Security, 
to document foreign born applicants and a birth certificate for U.S. 
born applicants. This new criterion will be applied to criteria in our 
existing performance measure for the percent of SSNs issued that are 
free of critical error effective FY 2004. The addition of this new 
criterion is expected to result in improved performance on the accuracy 
of SSN issuance.

However, we must emphasize that the accuracy of SSN issuance is 
entirely different from the quality of SSN verification service to the 
States for the purpose of enhancing identity verification. It is 
important that GAO fully understand that SSA's SSN verification process 
does not verify identity; it verifies that the individual's name and 
SSN, presented to SSA for verification, matches SSA's records.

Because the premise in the report that SSA's SSN verification process 
verifies identity is incorrect, the recommendation to develop 
performance measures to assess the quality of SSN verification service 
would be flawed. As we have stated, developing a performance measure to 
assess the quality of SSN verification service will not result in 
improved identity authentication any more than improving the no-match 
rate will result in improved identity authentication.

Recommendation 2:

The SSA should develop a strategy for improving the verification rate 
for the service.

Comment:

We partially agree. However, we are very limited by law and policy in 
the types of information that can be disclosed and accessed by motor 
vehicle agencies. While we can increase the elements to match upon, 
that may decrease "improve the non-match rate" by 
yielding more matches, we caution that there is the potential for 
increased vulnerability to fraud by increasing the number of false 
positives.

Recommendation 3:

SSA should modify the batch method to include a match against the 
nationwide death records.

Comment:

We agree. However, we must evaluate the resource impact and prioritize 
this request in our systems development plans.

NOTES: 

[1] AAMVA represents the 50 state's Motor Vehicle Administrators.

[End of section]

Appendix III: GAO Contacts and Staff Acknowledgments:

GAO Contacts:

Barbara Bovbjerg, Director, (202) 512-7215 Daniel Bertoni, Assistant 
Director, (202) 512-5988 Jacquelyn Stewart, Analyst-in-Charge, (202) 
512-7232:

Staff Acknowledgments:

In addition to those named above, the following team members 
contributed to this report throughout all aspects of its development: 
Raun Lazier, Caterina Pisciotta, and Dorothy Yee. In addition, Daniel 
Schwimer, Mary Dorsey, Shana Wallace, Raymond Wessmiller, and Corrina 
Nicolaou made contributions.

[End of section]

Related GAO Products:

Social Security Numbers: Ensuring the Integrity of the SSN. GAO-03-
941T. Washington, D.C.: July 10, 2003.

Social Security Numbers: Government Benefits from SSN Use but Could 
Provide Better Safeguards. GAO-02-352. Washington, D.C.: May 31, 2002.

Social Security Numbers: SSNs Are Widely Used by Government and Could 
Be Better Protected. GAO-02-691T. Washington, D.C.: April 29, 2002.

Child Support Enforcement: Most States Collect Drivers' SSNs and Use 
Them to Enforce Child Support. GAO-02-239. Washington, D.C.: February 
15, 2002.

Responses to Questions From May 18th Hearing on Uses of Social Security 
Numbers. HEHS/AIMD-00-289R. Washington, D.C.: August 21, 2000.

Social Security Numbers: Subcommittee Questions Concerning the Use of 
the Number for Purposes Not Related to Social Security. HEHS/AIMD-00-
253R. Washington, D.C.: July 7, 2000.

Social Security: Government and Other Uses of the Social Security 
Number are Widespread. GAO/T-HEHS-00-120. Washington, D.C.: May 18, 
2000.

Social Security: Use of the Social Security Number is Widespread. GAO/
T-HEHS-00-111. Washington, D.C.: May 9, 2000.

Social Security: Government and Commercial Use of the Social Security 
Number Is Widespread. GAO/HEHS-99-28. Washington, D.C.: February 16, 
1999.

FOOTNOTES

[1] AAMVA is an association that represents motor vehicle 
administrators in North America and is a recognized leader in driver 
credentialing issues. 

[2] Identification cards are issued for the sole purpose of identifying 
the owner and generally contain the same information as driver licenses 
but lack information authorizing the owner to drive. Estimates of the 
number of licenses and identification cards issued annually were taken 
from a 2002 survey conducted by the California Department of Motor 
Vehicles. 

[3] Estimates of the number of licensing sites nationwide were provided 
by AAMVA.

[4] SSN verification primarily serves to corroborate the identity 
information submitted by driver license applicants. If the identity 
document contains a photograph or biometric information, licensing 
employees may visually inspect or electronically read these data as 
well as use interviewing techniques to determine if the documents 
actually belong to the individual presenting them.

[5] See U.S. General Accounting Office, Child Support Enforcement: Most 
States Collect Drivers' SSNs and Use Them to Enforce Child Support, 
GAO-02-239 (Washington, D.C.: Feb. 15, 2002).

[6] All U.S. citizens can be assigned SSNs. SSA will also assign SSNs 
to noncitizens authorized by the Department of Homeland Security to 
work in the United States and to noncitizens legally in the country who 
have a valid nonwork reason.

[7] The Privacy Act regulates federal agencies' collection, use, and 
disclosure of individuals' personal information and generally prohibits 
disclosure of such information without the individuals' consent. The 
act authorizes 12 exceptions under which an agency may disclose 
information. One exception, "routine use," allows an agency to disclose 
the information if the agency deems the disclosure to be compatible 
with the purpose for which it collected the information, and the agency 
gives public notice describing the information it plans to disclose. 
SSA offers as many as 14 different verification services, each of which 
is designed for various requesters (e.g., social service agencies, 
employers, etc.) and may make different disclosures as a result of the 
verification. 

[8] Problem drivers are individuals whose driving privileges have been 
suspended, revoked, or canceled for cause or who have been convicted of 
certain traffic offenses.

[9] States issue commercial driver licenses to individuals involved in 
interstate, intrastate, or foreign commerce to operate certain types of 
vehicles such as large trucks and buses. 

[10] This report uses the word "states" to refer to the 50 states and 
the District of Columbia. 

[11] SSA did not provide the actual number of batch transactions. Batch 
estimates represent data for 1999-2003. 

[12] On-line verification requests represent data for fiscal years 
1998-2002.

[13] AAMVA's network serves as the conduit for transmitting 
verification requests from individual state driver licensing agencies 
to SSA, as well as receiving verification responses from SSA and 
transmitting them to individual states.

[14] Included in the 10 states that have signed agreements with SSA and 
the 17 that received DOT funding are 6 batch states. Of the 25 states 
that received DOT funding, 17 were not online users. 

[15] According to AAMVA, in May 2003 it paid SSA the remaining amount 
owed.

[16] SSA's death records may contain inaccuracies because SSA records 
all reports of death but only verifies those involving benefit 
payments.

[17] This state does not use SSA's batch verification process for 
initial licenses, but only for license renewals. Therefore, the use of 
the deceased person's SSN will not be caught when the state ultimately 
verifies it using the batch method.

[18] SSA has issued 53 versions of the social security card. Those 
issued before 1983 lack counterfeit-resistance and tamper proof 
security features. When issuing new versions of the social security 
card, SSA allows prior versions to remain valid because issuing new 
cards to all number holders would be costly. U.S. birth certificates, 
issued by each of the 50 states and the District of Columbia and in 
some cases by local government units within the state, vary according 
to the provisions of the issuing government unit. 

[19] The former Immigration and Naturalization Service has been 
transferred to DHS.

[20] In some states, noncitizens must document that they have a legal 
presence in the United States, as well as proof of their identity, as a 
condition for receiving a license.

[21] U.S. Department of Transportation, NHTSA in conjunction with 
Federal Motor Carrier Safety Administration and American Association of 
Motor Vehicle Administrators, Report to Congress: Evaluation of Driver 
Licensing Information Programs and Assessment of Technologies. (July 
2001).

[22] "States" for the purposes of this report is defined as the 50 
states plus the District of Columbia. 

[23] Evaluation of the Social Security Number Online Verification 
System for the American Association of Motor Vehicle Administrators, 
Social Security Administration (Jan. 1998).

[24] These transactions include any transaction where an SSN was 
collected from an applicant (i.e., issuance of licenses, IDs, motor 
vehicle registration, etc.). SSA maintains a death master file 
containing about 70 million records of persons who have been reported 
to the agency as being deceased. SSA only verifies the deaths of 
persons if it needs to make benefit decisions. The Master Death File 
for this review was current as of January 31, 2003.

GAO's Mission:

The General Accounting Office, the investigative arm of Congress, 
exists to support Congress in meeting its constitutional 
responsibilities and to help improve the performance and accountability 
of the federal government for the American people. GAO examines the use 
of public funds; evaluates federal programs and policies; and provides 
analyses, recommendations, and other assistance to help Congress make 
informed oversight, policy, and funding decisions. GAO's commitment to 
good government is reflected in its core values of accountability, 
integrity, and reliability.

Obtaining Copies of GAO Reports and Testimony:

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through the Internet. GAO's Web site ( www.gao.gov ) contains 
abstracts and full-text files of current reports and testimony and an 
expanding archive of older products. The Web site features a search 
engine to help you locate documents using key words and phrases. You 
can print these documents in their entirety, including charts and other 
graphics.

Each day, GAO issues a list of newly released reports, testimony, and 
correspondence. GAO posts this list, known as "Today's Reports," on its 
Web site daily. The list contains links to the full-text document 
files. To have GAO e-mail this list to you every afternoon, go to 
www.gao.gov and select "Subscribe to e-mail alerts" under the "Order 
GAO Products" heading.

Order by Mail or Phone:

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to:

U.S. General Accounting Office

441 G Street NW,

Room LM Washington,

D.C. 20548:

To order by Phone: 	

	Voice: (202) 512-6000:

	TDD: (202) 512-2537:

	Fax: (202) 512-6061:

To Report Fraud, Waste, and Abuse in Federal Programs:

Contact:

Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov

Automated answering system: (800) 424-5454 or (202) 512-7470:

Public Affairs:

Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S.

General Accounting Office, 441 G Street NW, Room 7149 Washington, D.C.

20548: