The Automated System Is Unable to Process Your Request at This Time. Please Try Again Later.
The U.Due south. Social Security Administration appear final week that information technology will at present require a jail cell phone number from all Americans who wish to manage their retirement benefits at ssa.gov. Unfortunately, the new security measure does little to foreclose identity thieves from fraudulentlycreating online accounts to siphon benefits from Americans who haven't yet created accounts for themselves.
The SSA said all new and existing 'my Social Security' account holders will need to provide a jail cell phone number. The agency said it will use the mobile numbers to ship users an 8-digit lawmaking via text message that needs to be entered forth with a username and password to log in to the site.
The SSA noted it was making the change to comply with an executive order for federal agencies to provide more secure authentication for their online services.
"People will not be able to admission their personal my Social Security account if they do non have a cell telephone or do non wish to provide the jail cell phone number," the bureau said. "The purpose of providing your prison cell telephone number is that, each time y'all log in to your account with your username and password, we will send you a ane-time security code you must also enter to log in successfully to your account. We expect to provide additional options in the time to come, dependent upon requirements of national guidelines currently being revised."
Although the SSA'due south policy change provides boosted proof that the person signing in is the same individual who established multi-cistron authentication in the the first place, it does not announced to provide whatsoever additional proof that the person creating an account at ssa.gov is who they say they are.
The SSA does offering other "extra security" options, such equally the sending users a special code via the U.S. Mail that has to be entered on the agency's site to consummate the signup process. If yous choose to enable extra security, the SSA volition so enquire you lot for:
- The last viii digits of your Visa, MasterCard, or Detect credit card;
- Information from your W2 tax form;
- Information from a 1040 Schedule SE (self-employment) taxation form; or
- Your direct deposit corporeality, if you receive Social Security benefits.
Sadly, it is still relatively easy for thieves to create an account in the name of Americans who have non already created one for themselves. All ane would need is the target's name, date of nascence, Social Security number, residential accost, and phone number. This personal data can exist bought for roughly $3-$4 from a variety of cybercrime shops online.
After that, the SSA relays four multiple-guess, and so-called "noesis-based authentication" or KBA questions from credit agencyEquifax. In exercise, many of these KBA questions — such equally previous accost, loan amounts and dates — can be successfully enumerated with random guessing. What's more, very often the answers to these questions can be found past consulting free online services, such equally Zillow and Facebook.
In September 2013, I warned that SSA and fiscal institutions were tracking a rise in cases wherein identity thieves register an account at the SSA's portal using a retiree's personal data and have the victim's benefits diverted to prepaid debit cards that the crooks command. Unfortunately, because the SSA's new security features are optional, they practice little to block crooks from hijacking SSA do good payments from retirees.
Considering information technology's possible to create just one my Social Security business relationship per Social Security number, registering an business relationship on the portal is ane basic way that Americans tin avoid becoming victims of this scam.
To recap: Once you establish and verify your account and start getting texted codes to login, from then on y'all will be more than secure. If you accept non signed up already, these new security options do non get in whatever more than difficult for someone else to sign upwardly as you.
Because that many senior citizens are still wary of text messages and likely have never sent or received one, it's not articulate that these optional security measures will become over well. I would similar to see the SSA make information technology mandatory to receive a sometime code via the U.S. Mail to finalize the creation of all new accounts, whether or non users opt for "actress security." Peradventure the bureau volition require this in the future, but it'due south mystifying to me why it doesn't already do this by default.
In addition to the SSA's optional security measures, Americans tin further block ID thieves past placing a security freeze on their credit files with the major credit bureaus. Readers who have taken my ceaseless advice to freeze their credit will need to temporarily thaw the freeze in order to complete the procedure of creating an account at ssa.gov. Looked at another way, having a freeze in place blocks ID thieves from fraudulently creating an account in your name and potentially diverting your government benefits.
Alternatively, citizens can block online admission to their Social Security account. Instructions for doing that are here.
The SSA'due south new text messaging system is evidently experiencing some technical difficulties at the moment, at to the lowest degree for Verizon Wireless customers. The SSA posted this message on its site over the weekend: "Nosotros are working to gear up a trouble that is preventing Verizon wireless customers from receiving the cell phone security code. Verizon wireless customers are unable to access their personal my Social Securityaccount at this fourth dimension."
Update, 1:00 p.m. ET: For the tape, I requested comment from the SSA about why they did not apparently contact all users by U.South. mail service to verify their identities. I received the following response:
"The Social Security Administration protects the information entrusted to us and has strengthened the online registration process by making identity verification and authentication more stringent. We cannot provide more details publicly as we don't want to depict a roadmap for criminals."
Likewise, as one reader already pointed out in the comments beneath, the SSA's adoption of 2-factor SMS hallmark comes as the National Found for Standards and Technology (NIST) released a typhoon of new authentication guidelines that appear to exist phasing out the utilise of SMS-based two-factor authentication.
Update, Aug. eleven, 2016: A source who helped me test some things for this story past signing up at the SSA's portal said he received a snail mail letter of the alphabet the other twenty-four hour period notifying him that someone signed up an business relationship in his name online. And then, the SSA is mailing messages if you sign up online, but they don't take that opportunity to deliver a special code to securely complete the sign upwardly. Go figure.
Source: https://krebsonsecurity.com/2016/08/social-security-administration-now-requires-two-factor-authentication/comment-page-1/
0 Response to "The Automated System Is Unable to Process Your Request at This Time. Please Try Again Later."
Enregistrer un commentaire