Supporting Statement 0960-0596

Supporting Statement 0960-0596.doc

Request for Internet Services-Authentication; 800# Automated Telephone Speech Technology-Authentication

OMB: 0960-0596

Document [doc]
Download: doc | pdf


Supporting Statement for

Request for Internet Services & 800# Automated Telephone Services

Knowledge-Based Authentication (RISA-KBA)

20 CFR 401.45


OMB No. 0960-0596


A. Justification


  1. Introduction/Authoring Laws and Regulations

The Social Security Administration (SSA) collects this information by authority of the Privacy Act of 1974 at 5 U.S.C., Sub-section 552A (e)(10) , which requires agencies to establish appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of records. Sub-section (f)(2)&(3) require agencies to establish requirements for identifying an individual who requests a record or information pertaining to that individual and to establish procedures for disclosure of personal information. SSA promulgated Privacy Act rules in the Code of Federal Regulations, Subpart B. Procedures for verifying identity are at 20 CFR 401.45. Authority to collect this information is also contained in section 205(a) of the Social Security Act.


The Request for Internet Services and 800# Automated Telephone Services (RISA) Knowledge-Based Authentication (KBA) is one of the authentication methods SSA uses to allow individuals access to their personal information through our Internet and Automated Telephone Services. We use knowledge-based questions to give ourselves assurance that the individuals trying to access our electronic services are really who they claim to be.


  1. Description of Collection

RISA, one of SSA’s authentication methods, allows individuals to access their personal information through our Internet and Automated Telephone Services. SSA asks individuals and third parties who seek personal information from SSA records, or who register to participate in SSA’s online business services, to provide certain identifying information. As an extra measure of protection, SSA asks requestors who use the Internet and telephone services to provide additional identifying information unique to those services so SSA can authenticate their identities before releasing personal information. The respondents are current beneficiaries who are requesting personal information from SSA, general members of the public who are coming online to use our calculator to estimate their retirement benefits, and individuals and third parties who are registering for SSA’s online business services.


Electronic and automated telephone applications allow the public to establish their identity with SSA prior to allowing them access to personal information through screens over the Internet and through automated voice responses over the telephone. SSA verifies the requester’s identity by obtaining Social Security number (SSN), date of birth (DOB), and usually name (first, middle initial, last, suffix). We request other knowledge-based information such as mother’s maiden name, place of birth, gender, and other last name (if any). We then compare the answers to these questions to the information we have in our records.


With the exception of the gender field, we use the information we collect exclusively to verify the identity of the requester. For most of these applications, the field for other last names is optional; we use this to help us match the person in cases where the person has changed his or her name (e.g., marriage) and not notified SSA. We collect information on gender for management information purposes and it is optional.

SSA has established a process for verifying the identity of individuals who use the Internet to request information from SSA records, to make changes to SSA records, or to register with SSA in order to participate in SSA’s online business services. Successful verification of the individual will give access to services such as:


  • Retirement Estimator

  • Registration of Appointed Representatives

  • Special Notice Options

  • Block Electronic and Automated Telephone Access

Respondents are current Social Security beneficiaries, individuals who are registering for SSA’s online business services, or the general public. Respondents authenticate themselves by answering KBA questions each time they come online to access these services.

SSA has established a process for verifying the identity of individuals who use the 800# automated telephone services to request information from SSA records or to make changes to SSA records, such as:


  • Benefit Verification (Proof of Income – POI Letter)

  • Request a Medicare Replacement Card

  • Replacement Benefit Statements (SSA-1099/1042S)

  • Block Electronic and Automated Telephone Access


Respondents are current Social Security beneficiaries or general members of the public. Respondents authenticate themselves by answering KBA questions each time they call the Automated Telephone Services to access these applications.


  1. Use of Information Technology to Collect the Information

The Internet version of this collection is automated. The requesters key in identifying information, transmit it over the Internet to SSA, and the information system compares information to existing electronic records in real time. If the information matches SSA records, the system allows the requesters to proceed to additional screens to make their specific request.


The telephone version of this collection is also an automated process, which follows a similar process to the Internet version.


In accordance with the agency’s Government Paperwork Elimination Act plan, SSA created an electronic KBA process to provide our customers access to our Internet and Automated Telephone applications.


  1. Why We Cannot Use Duplicate Information

The information we collect through these electronic processes has already been collected and posted to SSA’s master electronic records, but we ask again for comparison and verification.


  1. Minimizing Burden on Small Respondents

This collection does not significantly affect small businesses or other small entities.


  1. Consequence of Not Collecting Information or Collecting it Less Frequently

If we did not use RISA, we would not be able to identify and authenticate individuals who are asking us to release their personal information. Because we only collect the information on an as needed basis, we cannot collect it less frequently.


There are no technical or legal obstacles to burden reduction.


  1. Special Circumstances

There are no special circumstances that would cause SSA to conduct this information collection in a manner inconsistent with 5 CFR 1320.5.


  1. Solicitation of Public Comment and Other Consultations with the Public

SSA published the 60-day advance Federal Register Notice on April 7, 2015, at 80 FR 18669, and we received no public comments. We published the 30-day FRN on June 23, 2015, at 80 FR 36031. If we receive any comments to this Notice, we will forward them to OMB. We did not consult with the public in the maintenance of this collection.


  1. Payment or Gifts to Respondents

SSA does not provide payments or gifts to the respondents.


  1. Assurances of Confidentiality

SSA protects and holds confidential the information it collects in accordance with 42 U.S.C. 1306, 20 CFR 401 and 402, 5 U.S.C. 552 (Freedom of Information Act), 5 U.S.C. 552a (Privacy Act of 1974), and OMB Circular No. A-130.


The Privacy Act of 1974 protects the information we collect. In addition, our Privacy Policy protects the information SSA collects for Internet Services that ensures the confidentiality of all information provided by the requester. Our Internet privacy policy is:


  • You do not need to give us personal information to visit our site.

  • We collect personally identifiable information (such as name, SSN, or DOB) only if specifically and knowingly provided by you.

  • Personally identifying information you provide will be used only in conjunction with services you request as described at the point of collection.

  • We sometimes perform statistical analyses of user behavior in order to measure customer interest in the various areas of our site. We will disclose this information to third parties only in aggregate form.

  • We do not give, sell, or transfer any personal information to a third party.

  • We implement Tier 1 (Single session) and Tier 2 (Multi-session without personally identifiable information) technologies using the text-based “cookie” technology. We use Tier 2 technology to help us analyze site use by identifying you as a new or returning visitor; this does nothing other than distinguish whether you have been to our site before.  Our web measurement applications compare the behavior of new and returning visitors in the aggregate to help us identify work flows and trends and also resolve common problems on our site. We do not use this technology to identify you or any other person. We use Tier 2 web measurement technology to improve our website and provide a better user experience for our customers. This technology anonymously tracks how visitors interact with socialsecurity.gov, including where they came from, what they did on the site, and whether they completed any pre-determined tasks while on the site. SSA also uses Tier 2 technology to obtain feedback and data on visitors’ satisfaction with the SSA website.


Additionally, SSA will ensure the confidentiality of the requester’s personal information in several ways:


  • All electronic requests use the Secure Socket Layer (SSL) security protocol to encrypt information. SSL encryption prevents a third party from reading the transmitted data even if intercepted. This protocol is an industry standard and is used for Internet banking by banks such as Wells Fargo and Bank of America.

  • The requester will be given adequate warnings that the Internet is an open system, and there is no absolute guarantee that others will not intercept and decrypt the personal information they have entered. They will be advised of alternative methods of requesting personal information, i.e., a personal visit to a field office or a call to the 800 number.


Only upon verification of identity will the system allow access to additional screens that allow requests for personal information from SSA, or which allow the individual to make changes to personal information or to register personal or business information.


  1. Justification for Sensitive Questions

The information collection does not contain any questions of a sensitive nature, other than those described in Item 2.




  1. Estimates of Public Reporting Burden


Respondent Burden Chart


Modality of Collection

Number of Respondents

Average Burden Per Response (minutes)

Estimated Annual Burden (hours)

Internet Requestors

10,373,917

2.5

432,247

Telephone Requestors

1,703,367

4

113,558

*Change of Address (on hold)

1


1

*Screen Splash (on hold)

1


1

Totals

12,077,286


545,807


*We previously reduced the burden to a one-hour placeholder for Screen Splash and Change of Address because we are not currently using these automated telephone applications. We are working on ways to strengthen and secure our online and automated telephone services, to streamline service delivery, and to improve customer service by not duplicating verification data.

The total burden for this ICR is now 545,807 hours. This figure represents burden hours, and we did not calculate a separate cost burden.


  1. Annual Cost to the Respondents (Other)

This collection does not impose a known cost burden on the respondents.


  1. Annual Cost to Federal Government

The annual cost to the Federal Government is approximately $152,000. This estimate is a projection of the costs for collecting the information, and the costs for updating and maintaining the systems.


  1. Program Changes or Adjustments to the Information Collection Request

There has been a decrease in burden hours. This decrease stems from our ongoing efforts to migrate existing automated applications from knowledge-based access to our Public Credentialing Registration and Authentication process (OMB# 0960-0789), which provides access to our my Social Security online services.


  1. Plans for Publication of Information Collection Results

SSA will not publish the results of the information collection.


  1. Displaying the OMB Approval Expiration Date

SSA is not requesting an exception to the requirement to display the OMB approval expiration date.


  1. Exceptions to Certification Statement

SSA is not requesting an exception to the certification requirements at 5 CFR 1320.9 and related provisions at 5 CFR 1320.8(b)(3).


B. Collection of Information Employing Statistical Methods


SSA does not use statistical methods for this information collection.





6


File Typeapplication/msword
File TitleFebruary 11, 2003
AuthorBruce Carter
Last Modified By889123
File Modified2015-06-25
File Created2015-04-30

© 2024 OMB.report | Privacy Policy