May 14, 2012
In May 2012, I attended the Experian Vision Conference. This conference is produced by Experian with attendance from their customers, partners and relying party services. It was a unique opportunity to speak to representatives who are stakeholders in trusted identity services communities – but not necessarily the same stakeholders that often in attend identity management specific events. Attendees were from sectors including but not limited to: risk, fraud, financial, credit, payments, and entertainment. Kantara was invited to contribute to a panel discussing Identity proofing using National Institute of Standards Technology (NIST) level 3 — strong authentication for the public and private sectors.
The panel was well received with many interested attendees who had insightful questions regarding the services coming on line, those that are already active and how compliance is verified to assure Trust. But perhaps one of the most interesting services we learned about was the recent announcement of a service from the US Social Security Administration (SSA) called “my Social Security” (read the SSA Press Release).
“my Social Security” service allows public citizens to create an account through SSA.gov which, upon verification, allows citizen access to earnings histories, social security statements and projected social security benefits upon retirement. What was even more exciting was that I was able to access the service and create a “my Social Security” account within approximately 5 minutes AND using an iPhone!
Here’s how it works
“To get a personalized online Statement, people age 18 and older must be able to provide information about themselves that matches information already on file with Social Security. In addition, Social Security uses Experian, an external authentication service provider, for additional verification. People must provide their identifying information and answer security questions in order to pass this verification. Social Security will not share a person’s Social Security number with Experian, but the identity check is an important part of this new, robust verification process.”
During the verification process I was asked to provide the last digits of a valid credit card. I decided to opt out of that mode and was provided with a number of alternate paths. I choose to verify using some values from my US Tax W-2 forms. The site also offers added security via one time pins sent to users via SMS. I encourage all US citizens/residents to try the service for your own experience.
While the press release indicates that the service is not perfect and some individuals may not be able to pass the Authentication questions, there are currently alternative means of verification via in-person proofing at a local SSA office. Trusted identity services linking citizens to government services still has a long way to go in terms of offerings and adoption, however this service is at the forefront of providing US citizens a view and access in to their benefits via US Gov services and an indicator of the exciting developments to come for trusted and verified Identity Ecosystems.
Relating to these activities I will note that, Experian is a member of the Kantara Initiative and currently has an application registered for Kantara Credential Service Provider Service Approval at Level of Assurance 3 non-crypto for a service they are offering which, once approved, would be listed in the US Federal Identity Credential Access Management (ICAM) Trust Framework which has adopted the Kantara Identity Accreditation and Approval Program based on the Identity Assurance Framework (IAF) as one of the US Gov Approved Trust Framework Providers. We at Kantara look forward to continuing development of the Trust Framework model with the US Government, Experian and all of our public and private sector members.