Social Security Administration
Office of the Inspector General
Unauthorized Direct Deposit Changes through my Social Security
(Limited Distribution) (A-01-14-24011), September 23, 2015
OBJECTIVE
Our objective was to assess the impact on beneficiaries whose payments were misdirected
because of unauthorized direct deposit changes through my Social Security accounts.
BACKGROUND
In May 2012, the Social Security Administration (SSA) introduced my Social Security—an
Internet services portal that allows individuals to create a personal online account to access their
own information. In January 2013,
the Agency enhanced my Social Security, allowing
individuals to change their mailing address or direct deposit bank information.
In April 2013, we began receiving reports of changes to address and direct deposit information
that beneficiaries did not make or had not authorized. When direct deposit information is
changed, the Agency notifies the beneficiary acknowledging the change. If the beneficiary did
not authorize the change and contacts SSA, the Agency may be able to correct the direct deposit
information in time to prevent misdirected benefits, depending on system processing schedules.
However, some beneficiaries did not know about the bank change until they did not receive their
benefit payment and reported the non-receipt to SSA.
In May 2013, we formally notified SSA of our concerns with my Social Security. We
recommended several steps the Agency could take to improve its controls to prevent fraud.
Develop an outreach plan to inform the public of the issue with the my Social Security
application and the importance of protecting personal information.
Strengthen my Social Security authentication protocols.
Continue to quickly resolve all fraudulent my Social Security accounts.
In response to allegations of unauthorized changes made through my Social Security, SSA
worked with us to address potentially fraudulent activity. As part of our review, we selected a
random sample of 275 beneficiaries for analysis from a population of 21,649 with potentially
fraudulent my Social Security activity for the period January 1, 2013 through January 9, 2014.
To put this in perspective, the Agency reported in Calendar Year 2013 that there were
1,086,276 change of address and direct deposit transactions made through my Social Security.
The population of 21,649 potentially fraudulent transactions was 2 percent of these online
transactions.