Unauthorized Direct Deposit Changes through my Social Security

REPORT SUM M AR Y

Social Security Administration

Office of the Inspector General

(Limited Distribution) (A-01-14-24011), September 23, 2015

OBJECTIVE

Our objective was to assess the impact on beneficiaries whose payments were misdirected

because of unauthorized direct deposit changes through my Social Security accounts.

BACKGROUND

In May 2012, the Social Security Administration (SSA) introduced my Social Security—an

Internet services portal that allows individuals to create a personal online account to access their

own information. In January 2013,

the Agency enhanced my Social Security, allowing

individuals to change their mailing address or direct deposit bank information.

In April 2013, we began receiving reports of changes to address and direct deposit information

that beneficiaries did not make or had not authorized. When direct deposit information is

changed, the Agency notifies the beneficiary acknowledging the change. If the beneficiary did

not authorize the change and contacts SSA, the Agency may be able to correct the direct deposit

information in time to prevent misdirected benefits, depending on system processing schedules.

However, some beneficiaries did not know about the bank change until they did not receive their

benefit payment and reported the non-receipt to SSA.

In May 2013, we formally notified SSA of our concerns with my Social Security. We

recommended several steps the Agency could take to improve its controls to prevent fraud.

 Develop an outreach plan to inform the public of the issue with the my Social Security

application and the importance of protecting personal information.

 Strengthen my Social Security authentication protocols.

 Continue to quickly resolve all fraudulent my Social Security accounts.

In response to allegations of unauthorized changes made through my Social Security, SSA

worked with us to address potentially fraudulent activity. As part of our review, we selected a

random sample of 275 beneficiaries for analysis from a population of 21,649 with potentially

fraudulent my Social Security activity for the period January 1, 2013 through January 9, 2014.

To put this in perspective, the Agency reported in Calendar Year 2013 that there were

1,086,276 change of address and direct deposit transactions made through my Social Security.

The population of 21,649 potentially fraudulent transactions was 2 percent of these online

transactions.

RESULTS OF REVIEW

Some beneficiaries incurred a delay in receiving their payments and some of them faced dire

financial need, requiring that they contact SSA for immediate assistance. Based on our sample

results, we estimated about $20 million in benefit payments to approximately

12,200 beneficiaries was misdirected between January 1, 2013 and January 9, 2014.

Furthermore, we estimated about $11 million was not returned to SSA as of August 2015.

Additionally, we estimated that SSA prevented about $6 million in benefits from being

misrouted for about 5,300 beneficiaries whose direct deposit bank account was changed without

their authorization.

SSA Improvements to Address Fraud

SSA has since strengthened its controls over my Social Security accounts to address potential

fraud and improve service to beneficiaries. For example, the Agency

 Strengthened the my Social Security registration process;

 Provided my Social Security account fraud awareness training to employees;

 Established the Fraud Analysis and Coordination Team to investigate potential fraud;

 Established a my Social Security help desk for public users’ technical questions;

CONCLUSIONS

SSA has taken steps to reduce fraud related to my Social Security, and prevent additional fraud.

However, although it represents a relatively small part of overall direct deposit changes, every

missing payment represents a beneficiary who faced a delay in receiving his or her benefit

payment. The Agency replaced payments sent to the wrong bank account—but misdirected

funds were not always recovered. The Agency should continue its efforts to evaluate controls

over access to my Social Security.

This report contains restricted information for official use. Distribution is limited to

authorized officials.