2020 Government Innovation Awards
EAZE-y enrollment for SSA’s identity proofing services
- By Stephanie Kanowitz
- Nov 16, 2020
The Social Security Administration (SSA) is fighting synthetic identity fraud through a new enrollment service that emphasizes authentication and authorization.
Synthetic identity fraud involves the criminal use of real and fake information to create a new identity, and it’s the fastest-growing type of financial fraud in the United States, according to a July 2019 Federal Reserve report. In 2016, it cost U.S. lenders $6 billion and accounted for 20% of credit losses, the report added. SSA comes in when fraudsters co-opt Social Security numbers because they’re use as a near-universal personal identifier.
To verify in real time whether the combination of an individual’s Social Security number, name and date of birth match authoritative SSA data, the agency built the Electronic Consent Based Social Security Number Verification Service so participating financial institutions could compare fraud protection data and confirm the use of a SSN was legitimate. eCBSV also allows individuals to electronically consent to have their identity verified by SSA.
So financial institutions and their affiliate businesses could securely enroll in and access eCBSV, SSA developed the Enterprise Authorization for Everyone (EAZE) application. Built with modern security architectures and public-key infrastructure to meet security and privacy needs while capturing individual consent, EAZE lets only permitted financial institutions to access eCBSV. Plus, these institutions can use EAZE to manage their affiliate businesses so SSA doesn’t have to reverify them.
In building EAZE, SSA used several risk-mitigation measures, including extended validation SSL certificates, OpenID Connect and machine-to-machine authorization using OAuth 2.0 for federated user authentication.
Before EAZE, the entity and affiliate registration processes were manual and often took weeks to complete. After requesting access, registrants would receive codes through the mail. Once entities were registered, SSA created and managed affiliate accounts and their permissions. That process did not meet security standards set by the National Institute of Standards and Technology for authentication, nor was it scalable or sustainable.
With thousands of financial institutions and affiliated businesses expected to tap into eCBSV, EAZE allows quick, secure and frictionless onboarding, saving time, money and reducing risk.
Stephanie Kanowitz is a freelance writer based in northern Virginia.