SSA puts finishing touches on interactive Web service

Within days, the agency plans to launch a PEBES request and response system on SSA's
World Wide Web site at http://www.ssa.gov.


Before the end of the year, PEBES requests and replies will be available not only via
PCs, but also through kiosks in selected public sites, said Bruce Carter, SSA's online
webmaster.


Since last April, anyone whose Web browser had the Secure Sockets Layer could request a
PEBES from SSA's computer center in Baltimore. But SSA would send the statement via
regular mail because it could not ensure online confidentiality. The problem, Carter said,
was that the data caching for its Web site let a user access the previous user's requests
and replies.


Wells Fargo Bank in San Francisco was one of four sites last year to run an interactive
PEBES pilot to help SSA work out the security problem. "We worked closely with Wells
Fargo on this-they do online banking-and they shared with us a Hypertext Transfer Protocol
call that prevents caching of the data," Carter said.


Making timelier responses was a main driver of the PEBES project. Using regular mail,
the entire transaction can take up to six weeks. For an online request with a regular mail
reply, turnaround averages four weeks. But SSA estimates an online request and reply will
take just minutes.


SSA expects an interactive PEBES program to save up to $1.5 million this year.
"That's a conservative estimate. I think it'll be at least 50 percent more,"
Carter said. Annual PEBES requests have been running at about 200,000.


System capacity and data throughput were also concerns. "We've been doing some
load balancing and working with AT&T Corp., adding some additional lines," Carter
said.


Because PEBES requests will be fast and easy, SSA expects taxpayers to ask for more
than one PEBES to construct what-if scenarios. "We encourage that because people need
to do that kind of planning," Carter said.


But SSA also will be watching the new operation closely for signs of strain. PEBES
replies are long on detail, made on the fly and access two databases: Social Security
numbers and earnings records. SSA updates both databases nightly, Carter said.


"The same system-the same back end-is used by SSA field officers to process
claims, and their needs must come first," he said.


Later plans for online PEBES include a possible Java applet that would let users
download their PEBES information once and do multiple what-if scenarios on their own,
"and then it wouldn't be a hit on our database," Carter said.


To request a PEBES, a user must visit the SSA Web site and fill out an SSA-7004 form.
The form asks for name, Social Security number, date and place of birth, and mother's
maiden name. If any of the five elements do not match, the system will reject the request.
About 30 percent of requests fail the initial match now, SSA said.


Although the application will encrypt the data, the agency warns that transmissions
might be intercepted and decoded. SSA will monitor the volume of requests for potential
security problems.


inside gcn

  • Congressman sees broader role for DHS in state and local cyber efforts

    Automating the ATO

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above