Ssa We Cannot Process Your Request at This Time. Please Try Again Later.
The U.S. Social Security Administration announced last week that it will now require a cell phone number from all Americans who wish to manage their retirement benefits at ssa.gov. Unfortunately, the new security measure does little to forestall identity thieves from fraudulentlycreating online accounts to siphon benefits from Americans who haven't yet created accounts for themselves.
The SSA said all new and existing 'my Social Security' account holders volition demand to provide a cell phone number. The agency said it will utilize the mobile numbers to send users an eight-digit code via text message that needs to be entered along with a username and countersign to log in to the site.
The SSA noted it was making the modify to comply with an executive order for federal agencies to provide more secure authentication for their online services.
"People will not be able to admission their personal my Social Security account if they practice not have a cell phone or do not wish to provide the cell telephone number," the agency said. "The purpose of providing your prison cell phone number is that, each fourth dimension you log in to your account with your username and password, we volition ship yous a old security code you lot must as well enter to log in successfully to your account. We wait to provide additional options in the future, dependent upon requirements of national guidelines currently being revised."
Although the SSA's policy change provides boosted proof that the person signing in is the same individual who established multi-gene authentication in the the first place, it does not announced to provide whatever additional proof that the person creating an account at ssa.gov is who they say they are.
The SSA does offering other "extra security" options, such as the sending users a special code via the U.S. Mail that has to be entered on the agency'due south site to complete the signup process. If y'all cull to enable extra security, the SSA will then ask y'all for:
- The last eight digits of your Visa, MasterCard, or Detect credit menu;
- Information from your W2 taxation form;
- Information from a 1040 Schedule SE (cocky-employment) tax course; or
- Your direct eolith amount, if you receive Social Security benefits.
Sadly, it is yet relatively like shooting fish in a barrel for thieves to create an business relationship in the name of Americans who have not already created one for themselves. All one would demand is the target'due south proper noun, engagement of birth, Social Security number, residential address, and phone number. This personal data can be bought for roughly $3-$4 from a variety of cybercrime shops online.
Later that, the SSA relays four multiple-approximate, and then-chosen "knowledge-based authentication" or KBA questions from credit bureauEquifax. In exercise, many of these KBA questions — such as previous accost, loan amounts and dates — tin be successfully enumerated with random guessing. What'southward more, very often the answers to these questions can be institute past consulting complimentary online services, such as Zillow and Facebook.
In September 2013, I warned that SSA and fiscal institutions were tracking a rise in cases wherein identity thieves annals an account at the SSA's portal using a retiree'south personal data and accept the victim's benefits diverted to prepaid debit cards that the crooks command. Unfortunately, considering the SSA's new security features are optional, they do little to block crooks from hijacking SSA benefit payments from retirees.
Because information technology's possible to create just one my Social Security account per Social Security number, registering an account on the portal is one basic fashion that Americans can avoid becoming victims of this scam.
To recap: Once you lot constitute and verify your account and start getting texted codes to login, from and so on you lot will exist more secure. If y'all have not signed up already, these new security options do not make it any more hard for someone else to sign upwards as you lot.
Because that many senior citizens are notwithstanding wary of text messages and likely have never sent or received one, it's not clear that these optional security measures will become over well. I would like to run across the SSA make it mandatory to receive a one-time code via the U.S. Mail to finalize the cosmos of all new accounts, whether or not users opt for "actress security." Perchance the agency will require this in the time to come, but it'south mystifying to me why it doesn't already exercise this by default.
In addition to the SSA'due south optional security measures, Americans can further block ID thieves by placing a security freeze on their credit files with the major credit bureaus. Readers who have taken my ceaseless advice to freeze their credit volition need to temporarily thaw the freeze in order to complete the process of creating an business relationship at ssa.gov. Looked at some other way, having a freeze in place blocks ID thieves from fraudulently creating an account in your proper noun and potentially diverting your government benefits.
Alternatively, citizens tin block online access to their Social Security account. Instructions for doing that are hither.
The SSA's new text messaging system is apparently experiencing some technical difficulties at the moment, at to the lowest degree for Verizon Wireless customers. The SSA posted this message on its site over the weekend: "We are working to prepare a problem that is preventing Verizon wireless customers from receiving the cell phone security code. Verizon wireless customers are unable to access their personal my Social Securityaccount at this time."
Update, 1:00 p.m. ET: For the record, I requested comment from the SSA nigh why they did not apparently contact all users by U.South. postal service to verify their identities. I received the following response:
"The Social Security Assistants protects the information entrusted to usa and has strengthened the online registration procedure by making identity verification and authentication more than stringent. Nosotros cannot provide more details publicly as we don't want to draw a roadmap for criminals."
As well, as one reader already pointed out in the comments below, the SSA'due south adoption of two-gene SMS hallmark comes as the National Establish for Standards and Engineering (NIST) released a draft of new authentication guidelines that appear to be phasing out the use of SMS-based 2-cistron hallmark.
Update, Aug. 11, 2016: A source who helped me test some things for this story by signing up at the SSA'due south portal said he received a snail mail letter of the alphabet the other twenty-four hours notifying him that someone signed up an account in his proper noun online. And so, the SSA is mailing letters if you lot sign upward online, but they don't take that opportunity to deliver a special lawmaking to deeply complete the sign up. Go figure.
Source: https://krebsonsecurity.com/2016/08/social-security-administration-now-requires-two-factor-authentication/comment-page-1/
0 Response to "Ssa We Cannot Process Your Request at This Time. Please Try Again Later."
Post a Comment