commercial credit agencies Archives | FedScoop https://fedscoop.com/tag/commercial-credit-agencies/ FedScoop delivers up-to-the-minute breaking government tech news and is the government IT community's platform for education and collaboration through news, events, radio and TV. FedScoop engages top leaders from the White House, federal agencies, academia and the tech industry both online and in person to discuss ways technology can improve government, and to exchange best practices and identify how to achieve common goals. Fri, 14 Jun 2019 21:07:41 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.4 https://fedscoop.com/wp-content/uploads/sites/5/2023/01/cropped-fs_favicon-3.png?w=32 commercial credit agencies Archives | FedScoop https://fedscoop.com/tag/commercial-credit-agencies/ 32 32 Report: Benefits agencies, lacking guidance, slow to abandon traditional identity verification https://fedscoop.com/identity-verification-guidance-gao-report/ https://fedscoop.com/identity-verification-guidance-gao-report/#respond Fri, 14 Jun 2019 20:00:49 +0000 https://fedscoop.com/?p=32675 The 2017 Equifax data breach has officials second-guessing the old method, but no federal recommendations exist ensuring alternatives are adopted.

The post Report: Benefits agencies, lacking guidance, slow to abandon traditional identity verification appeared first on FedScoop.

]]>
The National Institute of Standards and Technology is being urged to offer more guidance on new ways of verifying the identities of people who apply for federal benefits online.

Commercial credit agencies have traditionally helped the government verify identities by asking personal questions from credit files, but the 2017 Equifax data breach has officials rethinking that process.

My Social Security uses knowledge-based verification before people can access their benefit status, replace Social Security or Medicare cards, or request services. But data stolen in the Equifax breach could be used to answer My Social Security’s personal questions.

Agencies could instead compare pictures of photo IDs submitted by mobile phone to documents on file, but not all people have a smartphone, according to a Government Accountability Office report released Friday.

In 2017, NIST effectively barred agencies from using knowledge-based verification for sensitive applications, but GAO said the guidance was insufficient in ensuring they adopted alternatives.

Agencies have argued alternatives present cost, convenience, technological, and equity barriers.

Of six agencies reviewed, only the General Services Administration and the IRS had eliminated knowledge-based verification for Login.gov and Get Transcript services.

GAO found the Department of Veterans Affairs still uses such questions for certain people, while SSA and the U.S. Postal Service indicated they want to reduce use but don’t have any plans to do so.

The Centers for Medicare and Medicaid Services have no plans to switch to alternatives.

“[U]ntil these agencies take steps to eliminate their use of knowledge-based verification, the individuals they serve will remain at increased risk of identity fraud,” reads the report.

GAO wants NIST to provide additional direction on how to successfully implement other methods like in-person identity proofing or verification of mobile device possession using carrier records. The new guidance should broach the advantages and disadvantages of different technologies and make recommendations, according to the report.

NIST officials had no plans for additional guidance at the time of review, GAO said, but the Department of Commerce agreed with the recommendations on NIST’s behalf — as did SSA, USPS and VA. The Department of Health and Human Services disagreed on CMS’s behalf arguing alternatives aren’t feasible for its clients like those using HealthCare.gov.

“The alternatives to knowledge-based verification proposed by GAO in their report are not suitable for certain populations served by CMS as they would create undue burden, create barriers to accessing federal services, or may be cost prohibitive,” HHS said in its comments. “For example, in-person for rural populations is not viable due to travel distance.”

HHS added it would continue to monitor for “potential effective” alternatives.

The Office of Management and Budget did not comment on GAO’s recommendation it require agencies to report their progress on identity-proofing processes outlined by NIST.

The post Report: Benefits agencies, lacking guidance, slow to abandon traditional identity verification appeared first on FedScoop.

]]>
https://fedscoop.com/identity-verification-guidance-gao-report/feed/ 0 32675