The US Government Accountability Office (GAO), in its review of six agencies, concluded that US federal agencies need to strengthen their online identity verification processes. The full report can be found here. The GAO recommended that the National Institute of Standards and Technology (NIST) provide guidance on implementing alternative methods of verification that are available to all citizens. The six agencies reviewed are: General Services Administration (GSA), Internal Revenue Service (IRS), Department of Veteran Affairs (VA), Social Security Administration (SSA), United States Postal Service (USPS), and Centers for Medicare and Medicaid Services (CMS). Why the review? The US federal government thus far has relied on consumer reporting agencies (CRAs) to help verify the identities of people who apply for government benefits online. However, the report said that the 2017 cyberattack on Equifax, one of the three major consumer credit reporting agencies in the US, which compromised the data of 143 million Americans, raised questions about reliance on commercial credit agencies/CRAs. What is the problem with the current process? As of now, to perform remote identity proofing, the 6 agencies GAO reviewed rely on CRAs to conduct knowledge-based verification. From the description in the GAO report, and from having gone through USPS’s knowledge-based authentication (KBA) system it is clear that these services use static KBA. Security questions (such as your mother’s maiden name, your first pet, etc.) that you choose while opening a new email account, or a bank account, are static KBA and for obvious reasons quite easy to get…
US federal agencies need better online identity verification processes, says Government Accountability Office
- How many crypto exchanges registered with India’s FIU following government notification? March 21, 2023
- Why is Twitter’s move to withhold accounts amid internet shutdown in Punjab problematic? March 21, 2023
- RTI: No details on how many entities have complied with CERT-In’s cybersecurity directions March 21, 2023
- Flipkart Not Required to Take “Action” on Copyright Complaints Under Platform Regulation Rules: Delhi HC March 21, 2023
- RTI: Indian govt says registration on U-WIN “not compulsory” yet for vaccination, but is the information public? March 21, 2023
MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.
Amazon announced that it will integrate its logistics network and SmartCommerce services with the Open Network for Digital Commerce (ONDC).
India's smartphone operating system BharOS has received much buzz in the media lately, but does it really merit this attention?
After using the Mapples app as his default navigation app for a week, Sarvesh draws a comparison between Google Maps and Mapples
In the case of the ‘deemed consent' provision in the draft data protection law, brevity comes at the cost of clarity and user protection
The regulatory ambivalence around an instrument so essential to facilitate data exchange – the CM framework – is disconcerting for several reasons.
Please subscribe to MediaNama. Don't share prints and PDFs.
You May Also Like
Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...
135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...
Twitter takes down tweets from MP, MLA, editor criticising handling of pandemic upon government request
By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...
Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...