Agency Information Collection Activities: Proposed Request, 21496-21499 [2014-08578]

Download as PDF 21496 Federal Register / Vol. 79, No. 73 / Wednesday, April 16, 2014 / Notices security deemed as a TRACE-Eligible Security would be excluded from the term ‘‘OTC Equity Security.’’ 26 FINRA did not modify the proposed interpretation regarding the treatment of capital trust securities and trust preferred securities. Thus, the term ‘‘TRACE-Eligible Security’’ would include a capital trust security and a trust preferred security (other than a capital trust security or a trust preferred security that is listed on an equity facility of a national securities exchange), and transactions in such securities must be reported to TRACE (and not to ORF) in compliance with the applicable reporting requirements. This interpretation would apply even if the capital trust security (or a trust preferred security) was previously listed on an equity facility of a national securities exchange but has since been delisted. Once delisted, the security must be reported to TRACE.27 All other preferred securities and depositary shares representing fractional interests in such securities—except the hybrid securities identified above: hybrid $1,000 preferred securities and hybrid $1,000 depositary shares—would continue to be included in the term ‘‘OTC Equity Security,’’ and members must report transactions in such securities to ORF.28 In light of the amended interpretation, FINRA determined not to extend the implementation date beyond the originally proposed maximum of 150 days following Commission approval. FINRA believes that members will be able to comply within such timeframe because the amended interpretation largely follows current market practice.29 Therefore, as of the date of implementation, affected securities will be transferred, if necessary, for reporting to the appropriate trade reporting facility, and after this transfer members must report all transactions in such securities to the appropriate trade reporting facility. Comment on Amendment No. 1. The Commission received one comment letter in response to Amendment No. 1.30 The commenter supported the proposed revisions and believed that the amended interpretation would prevent investor confusion by allowing hybrid pmangrum on DSK3VPTVN1PROD with NOTICES 26 See Notice of Amendment No. 1, 79 FR 12543. id. at n. 18. 28 For example, a non-convertible preferred security having a par value or liquidation preference of $25 that is not listed on an equity facility of a national securities exchange would be an OTC Equity Security under the interpretation and would be required to be reported to ORF. See 79 FR 12543. 29 See id. 30 See supra note 7. 27 See VerDate Mar<15>2010 15:20 Apr 15, 2014 Jkt 232001 $1,000 depositary shares and hybrid $1,000 preferred securities to be reported to TRACE. The commenter stated that the amended interpretation ‘‘appropriately preserves the established market practice for these securities and achieves investor protection goals consistent with the debt-like nature of the security, without being unduly burdensome.’’ 31 V. Discussion After carefully considering the proposed rule change, as modified by Amendment No. 1, the comments submitted, and FINRA’s response to the comments, the Commission finds that the proposed rule change, as modified by Amendment No. 1, is consistent with the requirements of the Act and the rules and regulations thereunder applicable to a national securities association.32 In particular, the Commission finds that the proposed rule change, as modified by Amendment No. 1, is consistent with Section 15A(b)(6) of the Act,33 which requires, among other things, that FINRA rules be designed to prevent fraudulent and manipulative acts and practices, to promote just and equitable principles of trade, and, in general, to protect investors and the public interest. The Commission believes that it is reasonable and consistent with the Act for FINRA to provide guidance as to whether particular hybrid securities should, for purposes of FINRA’s trade reporting rules, be deemed debt securities, and thus TRACE-eligible, or equity securities, and thus reportable to an equity trade reporting facility. Although such securities may have both debt and equity features, the Commission believes that it is appropriate for FINRA to seek to address the confusion about how to report such securities by having all transactions in a particular type of hybrid security reported to the same facility. This approach is reasonably designed to promote transparency, as all trade reports of the same hybrid security discussed in the proposal should now be reported to and disseminated by the same trade reporting facility, instead of appearing on different facilities in different formats. Furthermore, the Commission believes that, in the absence of a compelling regulatory reason to require hybrid securities to be reported to an equity trade reporting facility such as the ORF, it is consistent 31 SIFMA Letter II at 2. approving this proposed rule change, the Commission has considered the proposed rule change’s impact on efficiency, competition, and capital formation. See 15 U.S.C. 78c(f). 33 15 U.S.C. 78o–3(b)(6). 32 In PO 00000 Frm 00067 Fmt 4703 Sfmt 4703 with the Act for FINRA to permit its members to continue using existing infrastructure to report the hybrid securities in question to TRACE. VII. Conclusion It is therefore ordered pursuant to Section 19(b)(2) of the Act 34 that the proposed rule change (SR–FINRA– 2013–039), as modified by Amendment No. 1, be and hereby is approved. For the Commission, by the Division of Trading and Markets, pursuant to delegated authority.35 Jill M. Peterson, Assistant Secretary. [FR Doc. 2014–08585 Filed 4–15–14; 8:45 am] BILLING CODE 8011–01–P SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request The Social Security Administration (SSA) publishes a list of information collection packages requiring clearance by the Office of Management and Budget (OMB) in compliance with Public Law 104–13, the Paperwork Reduction Act of 1995, effective October 1, 1995. This notice includes revisions of OMB-approved information collections. SSA is soliciting comments on the accuracy of the agency’s burden estimate; the need for the information; its practical utility; ways to enhance its quality, utility, and clarity; and ways to minimize burden on respondents, including the use of automated collection techniques or other forms of information technology. Mail, email, or fax your comments and recommendations on the information collection(s) to the OMB Desk Officer and SSA Reports Clearance Officer at the following addresses or fax numbers. (OMB) Office of Management and Budget, Attn: Desk Officer for SSA, Fax: 202– 395–6974, Email address: OIRA_ Submission@omb.eop.gov. (SSA) Social Security Administration, OLCA, Attn: Reports Clearance Director, 3100 West High Rise, 6401 Security Blvd., Baltimore, MD 21235, Fax: 410– 966–2830, Email address: OR.Reports.Clearance@ssa.gov. The information collections below are pending at SSA. SSA will submit them to OMB within 60 days from the date of 34 15 35 17 E:\FR\FM\16APN1.SGM U.S.C. 78s(b)(2). CFR 200.30–3(a)(12). 16APN1 21497 Federal Register / Vol. 79, No. 73 / Wednesday, April 16, 2014 / Notices this notice. To be sure we consider your comments, we must receive them no later than June 16, 2014. Individuals can obtain copies of the collection instruments by writing to the above email address. 1. Letter to Landlord Requesting Rental Information—20 CFR 416.1130(b)—0960–0454. SSA uses Form SSA–L5061 to obtain rental subsidy information, which enables SSA to determine and verify an income value for such subsidies. SSA uses this income value as part of determining eligibility for Supplemental Security Income (SSI) and the correct amount of SSI payable to the claimant. SSA bases an individual’s eligibility for SSI payments, in part, on the amount of countable income the individual receives. Income includes in-kind support and maintenance in the form of room or rent, such as a subsidized rental arrangement. SSA requires claimants to assist in obtaining this information to prevent a delay or overpayment with their SSI payments. We collect this information only if the SSI applicant or recipient is the parent or child of the landlord (respondent). For most respondents, we collect this information once per year or less, via telephone or face-to-face personal interview. The claims representative records the information in our Modernized SSI Claims System (MSSICS), and we require verbal attestation in lieu of a wet signature. However, if the claims representative is unable to contact the respondent via the telephone or face-to face, we print and mail a paper form to the respondent for completion. The respondent completes, signs, and returns the form to the claims representative. Upon receipt, the claims representative documents the information in MSSICS or, for nonMSSICS cases, faxes the form into the appropriate electronic folder and shreds the paper form. The respondents are landlords who are related to the SSI beneficiaries as a parent or child. Type of Request: Revision of an OMBapproved information collection. Modality of completion Number of respondents Frequency of response Average burden per response (minutes) Estimated total annual burden (hours) SSA–L5061 ...................................................................................................... 72,000 1 10 12,000 2. Social Security’s Public Credentialing and Authentication Process—20 CFR 401.45 and 402— 0960–0789. Background Authentication is the foundation for secure, online transactions. Identity authentication is the process of determining, with confidence, that someone is who he or she claims to be during a remote, automated session. It comprises three distinct factors: something you know, something you have, and something you are. Singlefactor authentication uses one of the factors, and multi-factor authentication uses two or more of the factors. pmangrum on DSK3VPTVN1PROD with NOTICES SSA’s Public Credentialing and Authentication Process SSA offers consistent authentication across SSA’s secured online services. We allow our users to request and maintain only one User ID, consisting of a self-selected username and password, to access multiple Social Security electronic services. Designed in accordance with the OMB Memorandum M–04–04 and the National Institute of Standards and Technology (NIST) Special Publication 800–63, this process provides the means of authenticating users of our secured electronic services and streamlines access to those services. SSA’s public credentialing and authentication process: • Issues a single User ID to anyone who wants to do business with the agency; VerDate Mar<15>2010 15:20 Apr 15, 2014 Jkt 232001 • Offers authentication options that meet the changing needs of the public; • Partners with an external data service provider to help us verify the identity of our online customers; • Complies with relevant standards; • Offers access to some of SSA’s heaviest, but more sensitive, workloads online while providing a high level of confidence in the identity of the person requesting access to these services; • Offers an in-person process for those who are uncomfortable with or unable to use the Internet process; • Balances security with ease of use; and • Provides a user-friendly way for the public to conduct extended business with us online instead of visiting local servicing offices or requesting information over the phone. Individuals have real-time access to their Social Security information in a safe and secure web environment. Public Credentialing and Authentication Process Features We collect and maintain the users’ personally identifiable information (PII) in our Central Repository of Electronic Authentication Data Master File Privacy Act system of records that we published in the Federal Register (75 FR 79065). The PII may include the users’ name, address, date of birth, Social Security number (SSN), phone number, and other types of identity information [e.g., address information of persons from the W–2 and Schedule Self Employed forms we receive electronically for our programmatic purposes as permitted by 26 U.S.C. 6103(l)(1)(A)]. We may also PO 00000 Frm 00068 Fmt 4703 Sfmt 4703 collect knowledge-based authentication data, which is information users establish with us or that we already maintain in our existing Privacy Act systems of records. We retain the data necessary to administer and maintain our eAuthentication infrastructure. This includes management and profile information, such as blocked accounts, failed access data, effective date of passwords, and other data that allows us to evaluate the system’s effectiveness. The data we maintain also may include archived transaction data and historical data. We use the information from this collection to identity proof and authenticate our users online and to allow them access to their personal information from our records. We also use this information to provide second factor authentication. We are committed to expanding and improving this process so we can grant access to additional online services in the future. Offering online services is not only an important part of meeting SSA’s goals, but is vital to good public service. In increasing numbers, the public expects to conduct complex business over the Internet. Ensuring that SSA’s online services are both secure and userfriendly is our priority. With the limited data we have, it is difficult for SSA to meet the OMB and NIST authentication guidelines for identity proofing the public. Therefore, we awarded a competitively bid contract to an external data service E:\FR\FM\16APN1.SGM 16APN1 21498 Federal Register / Vol. 79, No. 73 / Wednesday, April 16, 2014 / Notices provider, Experian,1 to help us verify the identity of our online customers. We use this external data service (EDS), in addition to our other authentication methods, to help us prove, or verify, the identity of our customers when they are completing online/electronic transactions with us. Social Security’s Authentication Strategy We remain committed to enhancing our online services using authentication processes that balance usability and security. We will continue to research and develop new authentication tools while monitoring the emerging threats. The following are key components of our authentication strategy: • Enrollment and Identity Verification—We collect identifying data and use SSA and EDS records to verify an individual’s identity. Individuals have the option of obtaining an enhanced, stronger, User ID by providing certain financial information (e.g., Medicare wages, self-employed earnings, direct deposit amount, or the last eight digits of a credit card number) for verification. We also ask individuals to answer out-of-wallet questions so we can further verify their identities. Individuals who are unable to complete the process online can present identification at a field office to obtain a User ID. • Establishing the User Profile—The individual self-selects a username and password, both of which can be of variable length and alphanumeric. We provide a password strength indicator to help the individual select a strong password. We also ask the individual to choose challenge questions for use in restoring a lost or forgotten username or password. • Enhancing the User ID—If an individual opts to enhance or upgrade the User IDs, we mail a one-time-use upgrade code to the individual’s verified residential address. When the individual receives the upgrade code in the mail, he or she can enter this code online to enhance the security of the account. At this time, we also ask the individual to enter a cell phone number. We send an initial text message to that number and require the individual to confirm its receipt. We send a text message to that number each time the individual signs in, subsequently. • Login and Use—Standard authentication provides an individual with a User ID for access to most online applications. Enhanced authentication uses the standard User ID along with a one-time code sent to the individual’s cell phone, via text message, to create a more secure session, and to grant access to certain sensitive Social Security services. An individual who forgets the password can reset it automatically without contacting SSA. The enrollment process is a one-time only activity for the respondents. After the respondents enroll and choose their User ID (username & password), they have to sign in with their User ID every time they want to access Social Security’s secured online services. SSA requires the individual to agree to the ‘‘Terms of Service’’ detailed on our Web site before we allow him or her to begin the enrollment process. The ‘‘Terms of Service’’ informs individuals what we will and will not do with their personal information and the privacy and security protections we provide on all data we collect. These terms also detail the consequences of misusing this service. In order to verify the individual’s identity, we ask the individual to give us minimal personal information, which may include: • Name; Number of respondents Modality of completion • SSN; • Date of birth; • Address—mailing and residential; • Telephone number; • Email address; • Financial information; • Cell phone number; and • Selecting and answering password reset questions. We send a subset of this information to the EDS, who then generates a series of out-of-wallet questions back to the individual. The individual must answer all or most of the questions correctly before continuing in the process. The exact questions generated are unique to each individual. This collection of information, or a subset of it, is mandatory for respondents who want to do business with SSA via the Internet. We collect this information via the Internet, on SSA’s public-facing Web site. We also offer an in-person identification verification process for individuals who cannot, or are not willing to register online. For this process, the individual must go to a local SSA field office and provide identifying information. We do not ask for financial information with the in-person process. We only collect the identity verification information one time, when the individual registers for a credential. We ask for the User ID (username and password) every time an individual signs in to our automated services. If individuals opt for the enhanced or upgraded account, they also receive a text message on their cell phones (this serves as the second factor for authentication) each time they sign in. The respondents are individuals who choose to use the Internet or Automated Telephone Response System to conduct business with SSA. Type of Request: Revision of an OMBapproved information collection. Frequency of response Average burden per response (minutes) Total annual burden hours (hours) 38,251,877 1,370,633 1 1 8 8 5,100,250 182,751 Totals ........................................................................................................ pmangrum on DSK3VPTVN1PROD with NOTICES Internet Requestors ......................................................................................... In-Person (Intranet) Requestors ...................................................................... 39,622,510 ........................ ........................ 5,283,001 1 Experian is a global information services company. Experian’s decisional solutions enable VerDate Mar<15>2010 15:20 Apr 15, 2014 Jkt 232001 Social Security to manage and optimize risk as well as prevent, detect, and reduce fraud. PO 00000 Frm 00069 Fmt 4703 Sfmt 9990 E:\FR\FM\16APN1.SGM 16APN1 21499 Federal Register / Vol. 79, No. 73 / Wednesday, April 16, 2014 / Notices Dated: April 10, 2014. Faye Lipsky, Reports Clearance Director, Social Security Administration. [FR Doc. 2014–08578 Filed 4–15–14; 8:45 am] BILLING CODE 4191–02–P SOCIAL SECURITY ADMINISTRATION Agency Information Collection Activities: Proposed Request and Comment Request The Social Security Administration (SSA) publishes a list of information collection packages requiring clearance by the Office of Management and Budget (OMB) in compliance with Public Law (Pub. L.) 104–13, the Paperwork Reduction Act of 1995, effective October 1, 1995. This notice includes revisions of OMB-approved information collections and one new information collection. SSA is soliciting comments on the accuracy of the agency’s burden estimate; the need for the information; its practical utility; ways to enhance its quality, utility, and clarity; and ways to minimize burden on respondents, including the use of automated collection techniques or other forms of information technology. Mail, email, or fax your comments and recommendations on the information collection(s) to the OMB Desk Officer and SSA Reports Clearance Officer at the following addresses or fax numbers. (OMB) Office of Management and Budget, Attn: Desk Officer for SSA, Fax: 202– 395–6974, Email address: OIRA_ Submission@omb.eop.gov. (SSA) Social Security Administration, OLCA, Attn: Reports Clearance Director, 3100 West High Rise, 6401 Security Blvd., Baltimore, MD 21235, Fax: 410– 966–2830, Email address: OR.Reports.Clearance@ssa.gov. I. The information collections below are pending at SSA. SSA will submit them to OMB within 60 days from the date of this notice. To be sure we consider your comments, we must receive them no later than June 16, 2014. Individuals can obtain copies of the collection instruments by writing to the above email address. 1. National Beneficiary Survey— 0960–NEW. SSA is proposing to undertake the National Beneficiary Survey (NBS), a survey intended to gather data from Supplemental Security Income (SSI) recipients and Social Security Disability Insurance (SSDI) beneficiaries about their characteristics, their well-being, and other factors that promote or hinder employment. In particular, the survey seeks to uncover important information about the factors that promote beneficiary self-sufficiency and, conversely, factors that impede beneficiary efforts to maintain employment. We will use this data to improve the administration and effectiveness of the SSDI and SSI programs. These results will be valuable as SSA and other policymakers continue efforts to improve programs and services that help SSDI beneficiaries and SSI recipients become more self-sufficient. Background SSDI and SSI programs provide a crucial and necessary safety net for working-age people with disabilities. By improving employment outcomes for SSDI beneficiaries and SSI recipients, SSA supports the effort to reduce the reliance of people with disabilities on these programs. SSA conducted the prior NBS in 2004, 2005, 2006, and 2010, and was an important first step in understanding the work interest and experiences of SSI recipients and SSDI beneficiaries, and in gaining information about their impairments, health, living arrangements, family structure, pre-disability occupation, and use of non-SSA programs (e.g., the Supplemental Nutrition Assistance Number of respondents pmangrum on DSK3VPTVN1PROD with NOTICES Administration year 2015 Cross-Sectional Samples: Representative Beneficiary Sample ......................................................... Successful Worker Qualitative Interviews ................................................ Program). The prior NBS data is available to researchers and the public. The National Beneficiary Survey (NBS) The primary purpose of the new NBSGeneral Waves is to assess beneficiary well-being and interest in work, learn about beneficiary work experiences (successful and unsuccessful), and identify factors that promote or restrict long-term work success. Information collected in the survey includes factors such as health, living arrangements, family structure, current occupation, use of non-SSA programs, knowledge of SSDI and SSI work incentive programs, obstacles to work, and beneficiary interest and motivation to return to work. We propose to conduct the first wave of the NBS-General Waves in 2015. We will further conduct subsequent rounds in 2017 (round 2) and 2019 (round 3). The information we will collect is not available from SSA administrative data or other sources. In the NBS-General Waves, the sample design is similar to what we used for the prior NBS. Enhancement of the prior questionnaire includes additional questions on the factors that promote or hinder employment success. We also propose to conduct semi-structured qualitative interviews (in 2015 only) to provide SSA an in-depth understanding of factors that aid or inhibit individuals in their efforts to obtain and retain employment and advance in the workplace. We will use the qualitative data to add context and understanding when interpreting survey results, and to inform the sample and survey design of rounds 2 and 3. Respondents are current SSDI beneficiaries and SSI recipients. Respondent participation in the NBS is voluntary and the decision to participate or not has no impact on current or future receipt of payments or benefits. Type of Request: This is a new information collection request. Frequency of response Average burden per response (hours) Estimated total annual burden (hours) 4,000 90 1 1 .75 1.00 3,000 90 Subtotal ............................................................................................. 2017 Cross-Sectional Samples: Representative Beneficiary Sample ......................................................... Successful Workers .................................................................................. ........................ ........................ ........................ 3,090 4,000 4,500 1 1 .75 .92 3,000 4,140 Subtotal ............................................................................................. ........................ ........................ ........................ 7,140 VerDate Mar<15>2010 15:20 Apr 15, 2014 Jkt 232001 PO 00000 Frm 00070 Fmt 4703 Sfmt 4703 E:\FR\FM\16APN1.SGM 16APN1

Agencies

[Federal Register Volume 79, Number 73 (Wednesday, April 16, 2014)]
[Notices]
[Pages 21496-21499]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-08578]


=======================================================================
-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION


Agency Information Collection Activities: Proposed Request

    The Social Security Administration (SSA) publishes a list of 
information collection packages requiring clearance by the Office of 
Management and Budget (OMB) in compliance with Public Law 104-13, the 
Paperwork Reduction Act of 1995, effective October 1, 1995. This notice 
includes revisions of OMB-approved information collections.
    SSA is soliciting comments on the accuracy of the agency's burden 
estimate; the need for the information; its practical utility; ways to 
enhance its quality, utility, and clarity; and ways to minimize burden 
on respondents, including the use of automated collection techniques or 
other forms of information technology. Mail, email, or fax your 
comments and recommendations on the information collection(s) to the 
OMB Desk Officer and SSA Reports Clearance Officer at the following 
addresses or fax numbers.

(OMB)

    Office of Management and Budget, Attn: Desk Officer for SSA, Fax: 
202-395-6974, Email address: OIRA_Submission@omb.eop.gov.

(SSA)

    Social Security Administration, OLCA, Attn: Reports Clearance 
Director, 3100 West High Rise, 6401 Security Blvd., Baltimore, MD 
21235, Fax: 410-966-2830, Email address: OR.Reports.Clearance@ssa.gov.
    The information collections below are pending at SSA. SSA will 
submit them to OMB within 60 days from the date of

[[Page 21497]]

this notice. To be sure we consider your comments, we must receive them 
no later than June 16, 2014. Individuals can obtain copies of the 
collection instruments by writing to the above email address.
    1. Letter to Landlord Requesting Rental Information--20 CFR 
416.1130(b)--0960-0454. SSA uses Form SSA-L5061 to obtain rental 
subsidy information, which enables SSA to determine and verify an 
income value for such subsidies. SSA uses this income value as part of 
determining eligibility for Supplemental Security Income (SSI) and the 
correct amount of SSI payable to the claimant. SSA bases an 
individual's eligibility for SSI payments, in part, on the amount of 
countable income the individual receives. Income includes in-kind 
support and maintenance in the form of room or rent, such as a 
subsidized rental arrangement. SSA requires claimants to assist in 
obtaining this information to prevent a delay or overpayment with their 
SSI payments. We collect this information only if the SSI applicant or 
recipient is the parent or child of the landlord (respondent). For most 
respondents, we collect this information once per year or less, via 
telephone or face-to-face personal interview. The claims representative 
records the information in our Modernized SSI Claims System (MSSICS), 
and we require verbal attestation in lieu of a wet signature. However, 
if the claims representative is unable to contact the respondent via 
the telephone or face-to face, we print and mail a paper form to the 
respondent for completion. The respondent completes, signs, and returns 
the form to the claims representative. Upon receipt, the claims 
representative documents the information in MSSICS or, for non-MSSICS 
cases, faxes the form into the appropriate electronic folder and shreds 
the paper form. The respondents are landlords who are related to the 
SSI beneficiaries as a parent or child.
    Type of Request: Revision of an OMB-approved information 
collection.

----------------------------------------------------------------------------------------------------------------
                                                                                Average  burden  Estimated total
           Modality of completion                Number of       Frequency of    per  response    annual burden
                                                respondents        response        (minutes)         (hours)
----------------------------------------------------------------------------------------------------------------
SSA-L5061...................................          72,000                1               10           12,000
----------------------------------------------------------------------------------------------------------------

    2. Social Security's Public Credentialing and Authentication 
Process--20 CFR 401.45 and 402--0960-0789.

Background

    Authentication is the foundation for secure, online transactions. 
Identity authentication is the process of determining, with confidence, 
that someone is who he or she claims to be during a remote, automated 
session. It comprises three distinct factors: something you know, 
something you have, and something you are. Single-factor authentication 
uses one of the factors, and multi-factor authentication uses two or 
more of the factors.

SSA's Public Credentialing and Authentication Process

    SSA offers consistent authentication across SSA's secured online 
services. We allow our users to request and maintain only one User ID, 
consisting of a self-selected username and password, to access multiple 
Social Security electronic services. Designed in accordance with the 
OMB Memorandum M-04-04 and the National Institute of Standards and 
Technology (NIST) Special Publication 800-63, this process provides the 
means of authenticating users of our secured electronic services and 
streamlines access to those services.
    SSA's public credentialing and authentication process:
     Issues a single User ID to anyone who wants to do business 
with the agency;
     Offers authentication options that meet the changing needs 
of the public;
     Partners with an external data service provider to help us 
verify the identity of our online customers;
     Complies with relevant standards;
     Offers access to some of SSA's heaviest, but more 
sensitive, workloads online while providing a high level of confidence 
in the identity of the person requesting access to these services;
     Offers an in-person process for those who are 
uncomfortable with or unable to use the Internet process;
     Balances security with ease of use; and
     Provides a user-friendly way for the public to conduct 
extended business with us online instead of visiting local servicing 
offices or requesting information over the phone. Individuals have 
real-time access to their Social Security information in a safe and 
secure web environment.

Public Credentialing and Authentication Process Features

    We collect and maintain the users' personally identifiable 
information (PII) in our Central Repository of Electronic 
Authentication Data Master File Privacy Act system of records that we 
published in the Federal Register (75 FR 79065). The PII may include 
the users' name, address, date of birth, Social Security number (SSN), 
phone number, and other types of identity information [e.g., address 
information of persons from the W-2 and Schedule Self Employed forms we 
receive electronically for our programmatic purposes as permitted by 26 
U.S.C. 6103(l)(1)(A)]. We may also collect knowledge-based 
authentication data, which is information users establish with us or 
that we already maintain in our existing Privacy Act systems of 
records.
    We retain the data necessary to administer and maintain our e-
Authentication infrastructure. This includes management and profile 
information, such as blocked accounts, failed access data, effective 
date of passwords, and other data that allows us to evaluate the 
system's effectiveness. The data we maintain also may include archived 
transaction data and historical data.
    We use the information from this collection to identity proof and 
authenticate our users online and to allow them access to their 
personal information from our records. We also use this information to 
provide second factor authentication. We are committed to expanding and 
improving this process so we can grant access to additional online 
services in the future.
    Offering online services is not only an important part of meeting 
SSA's goals, but is vital to good public service. In increasing 
numbers, the public expects to conduct complex business over the 
Internet. Ensuring that SSA's online services are both secure and user-
friendly is our priority.
    With the limited data we have, it is difficult for SSA to meet the 
OMB and NIST authentication guidelines for identity proofing the 
public. Therefore, we awarded a competitively bid contract to an 
external data service

[[Page 21498]]

provider, Experian,\1\ to help us verify the identity of our online 
customers. We use this external data service (EDS), in addition to our 
other authentication methods, to help us prove, or verify, the identity 
of our customers when they are completing online/electronic 
transactions with us.
---------------------------------------------------------------------------

    \1\ Experian is a global information services company. 
Experian's decisional solutions enable Social Security to manage and 
optimize risk as well as prevent, detect, and reduce fraud.
---------------------------------------------------------------------------

Social Security's Authentication Strategy

    We remain committed to enhancing our online services using 
authentication processes that balance usability and security. We will 
continue to research and develop new authentication tools while 
monitoring the emerging threats.
    The following are key components of our authentication strategy:
     Enrollment and Identity Verification--We collect 
identifying data and use SSA and EDS records to verify an individual's 
identity. Individuals have the option of obtaining an enhanced, 
stronger, User ID by providing certain financial information (e.g., 
Medicare wages, self-employed earnings, direct deposit amount, or the 
last eight digits of a credit card number) for verification. We also 
ask individuals to answer out-of-wallet questions so we can further 
verify their identities. Individuals who are unable to complete the 
process online can present identification at a field office to obtain a 
User ID.
     Establishing the User Profile--The individual self-selects 
a username and password, both of which can be of variable length and 
alphanumeric. We provide a password strength indicator to help the 
individual select a strong password. We also ask the individual to 
choose challenge questions for use in restoring a lost or forgotten 
username or password.
     Enhancing the User ID--If an individual opts to enhance or 
upgrade the User IDs, we mail a one-time-use upgrade code to the 
individual's verified residential address. When the individual receives 
the upgrade code in the mail, he or she can enter this code online to 
enhance the security of the account. At this time, we also ask the 
individual to enter a cell phone number. We send an initial text 
message to that number and require the individual to confirm its 
receipt. We send a text message to that number each time the individual 
signs in, subsequently.
     Login and Use--Standard authentication provides an 
individual with a User ID for access to most online applications. 
Enhanced authentication uses the standard User ID along with a one-time 
code sent to the individual's cell phone, via text message, to create a 
more secure session, and to grant access to certain sensitive Social 
Security services. An individual who forgets the password can reset it 
automatically without contacting SSA. The enrollment process is a one-
time only activity for the respondents. After the respondents enroll 
and choose their User ID (username & password), they have to sign in 
with their User ID every time they want to access Social Security's 
secured online services.
    SSA requires the individual to agree to the ``Terms of Service'' 
detailed on our Web site before we allow him or her to begin the 
enrollment process. The ``Terms of Service'' informs individuals what 
we will and will not do with their personal information and the privacy 
and security protections we provide on all data we collect. These terms 
also detail the consequences of misusing this service.
    In order to verify the individual's identity, we ask the individual 
to give us minimal personal information, which may include:
     Name;
     SSN;
     Date of birth;
     Address--mailing and residential;
     Telephone number;
     Email address;
     Financial information;
     Cell phone number; and
     Selecting and answering password reset questions.
    We send a subset of this information to the EDS, who then generates 
a series of out-of-wallet questions back to the individual. The 
individual must answer all or most of the questions correctly before 
continuing in the process. The exact questions generated are unique to 
each individual.
    This collection of information, or a subset of it, is mandatory for 
respondents who want to do business with SSA via the Internet. We 
collect this information via the Internet, on SSA's public-facing Web 
site. We also offer an in-person identification verification process 
for individuals who cannot, or are not willing to register online. For 
this process, the individual must go to a local SSA field office and 
provide identifying information. We do not ask for financial 
information with the in-person process.
    We only collect the identity verification information one time, 
when the individual registers for a credential. We ask for the User ID 
(username and password) every time an individual signs in to our 
automated services. If individuals opt for the enhanced or upgraded 
account, they also receive a text message on their cell phones (this 
serves as the second factor for authentication) each time they sign in.
    The respondents are individuals who choose to use the Internet or 
Automated Telephone Response System to conduct business with SSA.
    Type of Request: Revision of an OMB-approved information 
collection.

----------------------------------------------------------------------------------------------------------------
                                                                                      Average
                                                     Number of     Frequency of     burden per     Total annual
             Modality of completion                 respondents      response        response      burden hours
                                                                                     (minutes)        (hours)
----------------------------------------------------------------------------------------------------------------
Internet Requestors.............................      38,251,877               1               8       5,100,250
In-Person (Intranet) Requestors.................       1,370,633               1               8         182,751
                                                 ---------------------------------------------------------------
    Totals......................................      39,622,510  ..............  ..............       5,283,001
----------------------------------------------------------------------------------------------------------------



[[Page 21499]]

    Dated: April 10, 2014.
Faye Lipsky,
Reports Clearance Director, Social Security Administration.
[FR Doc. 2014-08578 Filed 4-15-14; 8:45 am]
BILLING CODE 4191-02-P