WASHINGTON – The Consumer First Coalition (CFC) today sent a letter to the House Ways and Means Committee ahead of its hearing on the State of Social Security’s Information Technology. In its letter, the CFC highlighted the financial industry’s leadership to protect consumers and combat synthetic ID fraud, and pledged to continue working with the Social Security Administration (SSA) to drive the synthetic ID implementation process forward.
“While developing this verification system is just a small piece of the broader SSA IT modernization effort, it is one that has the potential to benefit millions of Americans – especially children – who might otherwise become victims of synthetic identity fraud,” said CFC Executive Director Jason Kratovil. “CFC is committed to working with SSA to successfully implement this new law by leveraging member firms’ deep knowledge of privacy and data security compliance, as well as technological expertise that comes from building the most cutting-edge financial services platforms in the country.”
To read the full letter to the House Ways and Means Committee, see below:
Dear Chairman Johnson and Ranking Member Larson:
On behalf of the members of the Consumer First Coalition (CFC), I am pleased to submit this letter for the record for your Subcommittee hearing titled “Hearing on the State of Social Security’s Information Technology.”
CFC represents a group of leading financial services companies committed to combating new forms of fraud, protecting identities, and upholding the privacy protections that are a hallmark of the financial services industry. To meet these objectives and ensure consumer data and accounts are kept safe, the financial sector is constantly evolving and adapting to meet the dynamic challenges posed by sophisticated cyber criminals. Often, the best solution requires close collaboration among public and private stakeholders.
Such is the case with efforts to combat synthetic identity fraud, a particularly egregious form of identity theft that most often victimizes children. Earlier this year, your Committee unanimously passed legislation to address this type of fraud – the Protecting Children From Identity Theft Act, H.R. 5192, sponsored by Representatives Carlos Curbelo (R-FL), Kyrsten Sinema (D-AZ), Kenny Marchant (R-TX), and Randy Hultgren (R-IL) – and a similar version was signed into law as Section 215 of S. 2155, the Economic Growth, Regulatory Relief, and Consumer Protection Act.
This new law directs the Social Security Administration (SSA) to modernize its system that provides the financial industry the ability to verify whether a given name, date-of-birth and Social Security number (SSN) match with what the SSA has on file. As part of a creditor’s underwriting and fraud review of a new applicant, this piece of information can help prevent synthetic identities – which pair valid SSNs with fabricated personal information in order to create a “synthetic” credit history – from getting off the ground and harming the consumers whose SSNs were compromised.
Enacting this measure was a significant victory for consumers. Congress must now ensure implementation is a success as well. CFC and other industry stakeholders are actively engaged with SSA in positive discussions to drive the implementation process forward. For example, while Congress specifically addressed the importance of privacy and data security for users of the SSA’s verification system, it did not intend to deputize the SSA to regulate financial institutions. Those regulators already exist (e.g., Office of the Comptroller of the Currency, Federal Deposit Insurance Corporation, Board of Governors of the Federal Reserve System), and we are working with them to ensure that the legal protections afforded to the SSN itself are applied to SSA’s confirmation of the SSN’s validity.
Financial institutions are regulated and examined for compliance to the highest standards of privacy and cybersecurity. We are hopeful the outcome will address the important concerns of Congress and the SSA, but not create duplicative compliance burdens for financial institutions.
Also, as you know, the new law gives the Commissioner of SSA broad latitude to set fees and determine costs for users of the system on both an ongoing basis to sustain the system, and to meet any system build or expansion demands placed on SSA by the new law. Without question, meeting the requirements of the law will result in significantly increased volume and a greater need for reliability and system up-time, which will require an investment by users of the system to achieve.
While the financial industry recognizes the importance of implementing a functional system that achieves Congress’s goal of combating synthetic identity fraud, I would stress the importance to the Subcommittee of ensuring costs to users are not so high as to derail both the utility of the system and Congress’s goal of protecting consumers from fraud. Modern technologies such as scalable system architecture and the increasingly common use of robust application programming interfaces (APIs) to facilitate real-time data exchange are just some of the methods and tools at SSA’s disposal that can lead to a cost-effective yet highly sophisticated system that achieves all of Congress’s goals.
In conclusion, thank you for holding this hearing today. While developing this verification system is just a small piece of the broader SSA IT modernization effort, it is one that has the potential to benefit millions of Americans – especially children – who might otherwise become victims of synthetic identity fraud. CFC is committed to working with SSA to successfully implement this new law by leveraging member firms’ deep knowledge of privacy and data security compliance, as well as technological expertise that comes from building the most cutting-edge financial services platforms in the country.