Social Security Administration: Actions Needed to Help Ensure Success of Electronic Verification Service

What GAO Found

The Social Security Administration (SSA) launched the Electronic Consent Based Social Security Number Verification service in June 2020. The service seeks to reduce synthetic identity fraud, which combines fictitious and real information to fabricate an identity. The service allows authorized entities—generally financial institutions and their service providers—to verify an individual's name, Social Security number, and date of birth electronically. SSA spent about $62 million from fiscal year (FY) 2018 through FY 2023, based on SSA data. However, SSA did not follow agency guidance for planning IT investments when estimating costs for the service. Moreover, its guidance on cost estimation did not consistently incorporate GAO best practices, such as documenting the estimation process. By establishing appropriate controls to ensure that all significant IT investments follow agency guidance and updating guidance to incorporate additional best practices, SSA could improve cost estimation for future projects.

SSA is required to fully recover the service's costs and collected about $25 million in user fees (40 percent of $62 million total costs) as of the end of FY 2023. SSA has not met its projections for fee collections due to lower-than-expected industry participation. SSA will need to collect about $14 million annually to meet its goal to recover all costs by the end of FY 2027, based on GAO's analysis (see figure). But it is unclear if SSA can meet its goal without increasing users or fees. Subscription data through December 2023 demonstrate that the service has not significantly increased users since enrollment opened in FY 2022, and fee collections decreased after SSA increased fees in July 2023.

About $14 Million in User Fees Is Needed Annually to Meet Cost Recovery Goal for the Electronic Consent Based Social Security Number Verification Service

SSA officials told GAO they did not plan to take significant steps to increase use of the service. Industry participants GAO interviewed cited several factors limiting their use, such as difficult-to-interpret verification results. SSA also had not established performance measures and goals for the service's use and benefit. SSA could better ensure the service achieves its intended purpose of reducing synthetic identity fraud by developing strategies and assessing tradeoffs for expanding its use and establishing related performance measures and goals.

Why GAO Did This Study

Synthetic identity fraud is a growing concern among financial institutions, which reported $182 million in related suspicious activity in 2021. The Economic Growth, Regulatory Relief, and Consumer Protection Act of 2018 directed SSA to combat such fraud by developing a database to electronically verify identifying information. However, questions have been raised about the service's financial viability and use by industry participants.

GAO was asked to examine, among other objectives, the extent to which SSA has (1) followed guidance and best practices for cost estimation for its Electronic Consent Based Social Security Number Verification service, (2) designed user fees to promote cost recovery for the service, and (3) taken steps to expand use and benefit of the service.

GAO reviewed relevant laws, guidance, and agency documentation and data and interviewed SSA officials responsible for the service. GAO also interviewed 16 industry participants selected to reflect a mix of entities and uses of the service.