Social Security Site Now Secure After Temporary Lapse in Identity Verification Process

In today's highly technological age where we can access an abundance of information on the Internet, including nearly endless amounts of personal data, there are sometimes issues with the protection of such information that may allow unlawful access. One particular government entity that recently had a lapse in their identity verification process, which allowed individuals to create access accounts to view personal data that didn't belong to them, was the Social Security Administration.

A secure section of the Social Security Administration (SSA)'s website, ssa.gov, didn't have the proper security in place to prevent identity thieves from registering an account at the SSA's portal using a retiree's personal information to later have their benefits diverted to prepaid debit cards.

While the idea of identity thieves granting themselves access to the SSA's website seems like a major issue, it really isn't considering that the SSA does utilize quite aggressive security protection policies for their website as a whole. What took place earlier this year was the Treasury started requiring that nearly all retired beneficiaries receive payments through direct deposit. By implanting such a requirement, users were welcomed to change or update their direct deposit information through their 'my Social Security Web portal.' In doing so, there was a rise in the number of identity theft complaints where thieves were using the portal to hijack the benefits of some individuals who had not yet created an account on the site.

The major issue for the SSA in allowing outsiders to change benefit information of those who were 'unregistered' for their updated direct deposit information resided with the Social Security Administration's poor choice in the verification of identities. Essentially, perpetrators were creating an account for the 'unregistered' beforehand in the name of individuals who had not yet logged in to create a new account. All a thief needed at the time to create an account was the target's name, address, phone number, date of birth, and their Social Security number. Then, after registering, the thief would later sell off the login information for $3-$4 through several cybercriminal outlets over the Internet.

The SSA's blunder in the identity verification process was just before their announcement of a new texting system to verify account ownership via sent security codes, which was an idea that the administration was urged not to utilize and only lasted for about two weeks. Afterward, the concept of using an extra code to supplement a password sent via the U.S. Mail became the suggested solution.

Now, the SSA assures that their site already was secure and now prevents thieves from registering accounts by extending validation certifications on their security websites. The full disclaimer of the SSA's security policy and how they have gone the extra mile to prevent unauthorized access can be found on their page at https://www.ssa.gov/myaccount/verifyandprotectid.html. Additionally, information on how exactly the SSA protects and verifies your identity can be found on the same page with updated policy information.

Even though the temporary lapse in SSA's security was an issue to some, there wasn't much of a news story to report due to speculation surrounding the thieves who discovered the so-called "flaw" were potentially in extremely low numbers. However, nothing is iron clad these days when hackers and cyber thieves are busy finding their next online target. No one is 100% safe – guard yourself accordingly and pay special attention to changes in security policies on any website that you access an account.