REVISED Supporting Statement 0596 - 6-29-2012

REVISED Supporting Statement 0596 - 6-29-2012.doc

Request for Internet Services-Authentication; Automated Telephone Speech Technology-Authentication

OMB: 0960-0596

Document [doc]
Download: doc | pdf

Supporting Statement for

Request for Internet Services & 800# Automated Telephone Services

Knowledge-Based Authentication (RISA)

20 CFR 401.45 OMB No. 0960-0596


A. Justification


  1. Introduction / Authoring Laws and Regulations

The Social Security Administration (SSA) collects this information by authority of the Privacy Act of 1974 at 5 U.S.C., Sub-section 552A (e)(10) which requires agencies to establish appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of records. Sub-sections, (f)(2)&(3) require agencies to establish requirements for identifying an individual who requests a record or information pertaining to that individual and to establish procedures for disclosure of personal information. SSA promulgated Privacy Act rules in the Code of Federal Regulations, Subpart B. Procedures for verifying identity are at 20 CFR 401.45. Authority to collect this information is also contained in Section 205(a) of the Social Security Act.


The Request for Internet Services and 800# Automated Telephone Services (RISA) Knowledge-Based Authentication (KBA) is one of the authentication methods the Social Security Administration (SSA) uses to allow individuals access to their personal information through our Internet and Automated Telephone Services.


  1. Description of Collection

RISA, one of SSA’s authentication methods, allows individuals to access their personal information through our Internet and Automated Telephone Services. SSA asks individuals and third parties who seek personal information from SSA records, or who register to participate in SSA’s online business services, to provide certain identifying information. As an extra measure of protection, SSA asks requestors who use the Internet and telephone services to provide additional identifying information unique to those services so SSA can authenticate their identities before releasing personal information. The respondents are current beneficiaries who are requesting personal information from SSA, and individuals and third parties who are registering for SSA’s online business services.


Electronic and automated telephone applications allow the public to establish their identity with SSA prior to allowing them access to personal information through screens over the Internet and through automated voice responses over the telephone. SSA must verify the requester’s identity by obtaining Social Security Number (SSN), Date of Birth (DOB), and usually name (first, middle initial, last, suffix). We request other knowledge-based information such as mother’s maiden name, place of birth, gender, and other last name (if any). Depending on the individual’s current status in SSA’s records, we may also ask for the amount of the last payment, or the month of the last monthly payment. We then compare the answers to these questions to the information we have in our records.


With the exception of the gender field, we use the information we collect exclusively to verify the identity of the requester. For most of these applications, the field for other last names is optional; which we use this to help us match the person in cases where the person has changed his or her name (e.g., marriage) and not notified Social Security. We collect information on gender for management information purposes and it is optional.


SSA has established a process for verifying the identity of individuals who use the Internet to request information from SSA records, to make changes to SSA records, or to register with SSA in order to participate in SSA’s online business services. Successful verification of the individual will give access to services such as

  • Change of Address and Telephone Number

  • Benefit Verification (Proof of Income – POI Letter)

  • Medicare Replacement Card

  • Replacement Benefit Statements (SSA-1099/1042S)

  • Retirement Estimator

  • Registration of Appointed Representatives

  • Special Notice Options

Respondents are current Social Security beneficiaries, individuals who are registering for SSA’s online business services, or the general public. Respondents will receive authentication by answering KBA questions each time they come online to access these services.

SSA has established a process for verifying the identity of individuals who use the 800# automated telephone services to request information from SSA records or to make changes to SSA records, such as:


  • Change of Address

  • Start or Change Direct Deposit

  • Benefit Verification (Proof of Income – POI Letter)

  • Request a Medicare Replacement Card

  • Replacement Benefit Statements (SSA-1099/1042S)


Respondents are current Social Security beneficiaries. Respondents will receive authentication by answering KBA questions each time they call the Automated Telephone Services to access these applications.


  1. Use of Information Technology to Collect the Information

The Internet version of this collection is an automated process. The requesters’ key in identifying information, transmits it over the Internet to SSA, and the information system compares information to existing electronic records in real time. If the information matches SSA records, the system allows the requesters to proceed to additional screens to make their specific request.


The telephone version of this collection is also an automated process, which follows a similar process to the Internet version.


In accordance with the agency’s Government Paperwork Elimination Act plan, SSA created an electronic Knowledge-Based Authentication process to provide our customers access to our Internet and Automated Telephone applications.


  1. Why We Cannot Use Duplicate Information

The information collected through these electronic processes has already been collected and posted to SSA’s master electronic records, but we ask again for comparison and verification.


  1. Minimizing Burden on Small Respondents

This collection does not significantly affect small businesses or other small entities.


  1. Consequence of Not Collecting Information or Collecting it Less Frequently

If we did not use RISA, we would not be able to authenticate individuals identify and would not be able to release personal information. Because we only collect the information on an as needed basis, we cannot collect it less frequently.


There are no technical or legal obstacles to burden reduction.


  1. Special Circumstances

There are no special circumstances that would cause SSA to conduct this information collection in a manner inconsistent with 5 CFR 1320.5.


  1. Solicitation of Public Comment and Other Consultations with the Public

The 60-day advance Federal Register Notice published on June 06, 2012, at 77 FR 33546, and we received no public comments. The 30-day FRN published on

August 27, 2012 at 77 FR 51842. If we receive any comments to this Notice, we will forward them to OMB. We did not consult with the public in the maintenance of this collection.


  1. Payment or Gifts to Respondents

SSA does not provide payments or gifts to the respondents.


  1. Assurances of Confidentiality

SSA protects and holds confidential the information it collects in accordance with 42 U.S.C. 1306, 20 CFR 401 and 402, 5 U.S.C. 552 (Freedom of Information Act), 5 U.S.C. 552a (Privacy Act of 1974), and OMB Circular No. A-130.


The Privacy Act of 1974 protects the information we collect. In addition, our Privacy Policy protects the information SSA collects for Internet Services that ensures the confidentiality of all information provided by the requester. Our Internet privacy policy is:


  • You do not need to give us personal information to visit our site.


  • We collect personally identifiable information (such as name, SSN, or DOB) only if specifically and knowingly provided by you.


  • Personally identifying information you provide will be used only in conjunction with services you request as described at the point of collection.


  • We sometimes perform statistical analyses of user behavior in order to measure customer interest in the various areas of our site. We will disclose this information to third parties only in aggregate form.


  • We do not give, sell, or transfer any personal information to a third party.


  • We do not enable “cookies.” (A “cookie” is a file placed on your hard drive by a Web site that allows it to monitor your use of the site, usually without your knowledge.)


Additionally, SSA will ensure the confidentiality of the requester’s personal information in several ways:


  • All electronic requests use the Secure Socket Layer (SSL) security protocol to encrypt information. SSL encryption prevents a third party from reading the transmitted data even if intercepted. This protocol is an industry standard and is used for Internet banking by banks such as Wells Fargo and Bank of America.


  • The requester will be given adequate warnings that the Internet is an open system, and there is no absolute guarantee that others will not intercept and decrypt the personal information they have entered. They will be advised of alternative methods of requesting personal information, i.e., a personal visit to a field office or a call to the 800 number.


Only upon verification of identity will the system allow access to additional screens that allow requests for personal information from SSA, or which allow the individual to make changes to personal information or to register personal or business information.



  1. Justification for Sensitive Questions

The information collection does not contain any questions of a sensitive nature.


  1. Estimates of Public Reporting Burden


Modality of completion

Number of respondents

Frequency of response

Average burden per response (minutes)

Estimated total annual burden (hours)

Internet Requestors

7,929,336

1

2.5

330,389

Telephone Requestors

8,123,835

1

4.5

609,288

*Screen Splash (on hold)

1



1

Totals

16,053,172



939,678

*We are reducing the burden to a one-hour placeholder burden, because we are not currently using Screen Splash. We are currently working on ways to streamline service delivery and improve customer service by not duplicating verification data.


The total burden for this ICR is 939,678 hours. This figure represents burden hours, and we did not calculate a separate cost burden.


This clearance request covers questions we ask to authenticate the identity of users performing the following tasks.


  • Request for Electronic Benefit Verification via Proof of Income Letter

(covered under a separate OMB Clearance Number 0960-0595, but uses KBA for access to the application)


  • Request for a Replacement SSA-1099/SSA-1042S Social Security Benefits Statement (covered under a separate OMB Clearance Number 0960-0583, but uses KBA for access to the application)


  • Change of Address and Telephone Number


  • Request for a Medicare Replacement Card


  • Access to Retirement Estimator


  • Registration of Appointed Representatives


  • Start or Change Direct Deposit (automated telephone only - covered under a separate OMB Clearance Number 0960-0634, but uses KBA for access to the application)


The burdens to answer the authentication questions for the Proof of Income Letter and the Telephone Start or Change Direct Deposit information collections are included in separate OMB clearance numbers (shown above). The burden to answer the authentication questions for the Internet version of the Replacement 1099 information collection is included under a separate OMB clearance; however, we do count respondents for the Telephone version. Although the applications covered under separate clearances do use Knowledge-Based Authentication, we have not included the burden hours for these collections in this request. Therefore, we are not duplicating Respondent counts.


  1. Annual Cost to the Respondents (Other)

This collection does not impose a known cost burden on the respondents.


  1. Annual Cost to Federal Government

The annual cost to the Federal Government is approximately $152,000. This estimate is a projection of the costs for collecting the information, and the costs for updating and maintaining the systems.


  1. Program Changes or Adjustments to the Information Collection Request

There has been an increase in burden hours. This increase stems from an increase in usage of SSA’s website and 800 number automated telephone services.


  1. Plans for Publication of Information Collection Results

SSA will not publish the results of the information collection.


  1. Displaying the OMB Approval Expiration Date

SSA is not requesting an exception to the requirement to display the OMB approval expiration date.


  1. Exceptions to Certification Statement

SSA is not requesting an exception to the certification requirements at 5 CFR 1320.9 and related provisions at 5 CFR 1320.8(b)(3).


B. Collection of Information Employing Statistical Methods


SSA does not use statistical methods for this information collection.





6


File Typeapplication/msword
File TitleFebruary 11, 2003
AuthorBruce Carter
Last Modified By889123
File Modified2012-08-28
File Created2012-07-05

© 2024 OMB.report | Privacy Policy