October 3, 2001

The Honorable Charles E. Grassley
Ranking Minority Member
Committee on Finance
United States Senate
Washington, D.C. 20510

Dear Senator Grassley:

In response to your August 6, 2001 letter to Acting Commissioner Massanari and myself, the Social Security Administration (SSA), Office of the Inspector General is pleased to provide you with the requested information related to Social Security number (SSN) misuse.

As you are aware, my office is charged with preventing and detecting fraud, waste and abuse in Social Security programs and operations. Because the misuse of an SSN falls within that mandate, we are well acquainted with the SSN misuse and identity theft phenomena. In recent years, as these phenomena have grown exponentially, we have worked with SSA, Congress, other Government entities, as well as the public, to stem the tide of SSN misuse and, if one is optimistically inclined, begin a trend in the opposite direction. Nevertheless, we recognize that much work needs to be done within SSA, and some very difficult decisions will have to be made by Congress before we can make meaningful headway in the war against SSN misuse.

In responding to most of the questions you posed, we relied on information developed in past audits, evaluations and investigations. For the remaining questions, we obtained data through interviews of SSA representatives and analysis of information provided by these sources.

The enclosed report contains our insights and conclusions regarding the following subjects:

• Assignment and issuance of SSNs,

• Undeliverable SSN cards,

• Earnings records and the Earnings Suspense File,

• Programs/operations with the most incidences of SSN misuse,

• Employee SSN misuse cases,

• Proper use and dissemination of the SSN,

Page 2 – The Honorable Charles E. Grassley

• Coordination with other Federal agencies,

• Preventative measures to stop SSN misuse, and

• Data matching efforts.

If you have any questions or would like to be briefed on this issue, please call me or have your staff contact Richard A. Rohde, Special Agent-in-Charge for External Affairs, at (410) 966-1722.

Sincerely,

CONGRESSIONAL RESPONSE

Background

In 1935, the Social Security Act authorized the creation of the Social Security number (SSN) as part of a new system to track the earnings of employed Americans. Despite the narrowly drawn purpose of this nine-digit number, use of the SSN as a general identifier in record systems eventually grew. In 1967, the Department of Defense abandoned the military identification number in favor of the SSN for armed forces personnel. In the 34 years since, the myriad uses of the SSN have continued to expand.

Results of Review

On August 6, 2001, Senator Charles E. Grassley, Ranking Member, Senate Finance Committee, issued a letter to the Acting Commissioner of Social Security and the Inspector General of the Social Security Administration (SSA.) In this letter, Senator Grassley requested that SSA and the OIG conduct independent assessments of "SSA’s programs and operations with the goal of minimizing opportunities for SSN misuse at its administrative core." Senator Grassley specifically requested that the two organizations provide assessments of nine distinct elements. These elements and OIG’s insights and conclusions follow.

Over the past several years, SSA’s OIG has issued numerous reports in which we highlighted certain vulnerabilities within the Agency’s enumeration business process that allow the improper assignment of SSNs. We are confident SSA has given careful consideration to these vulnerabilities and, to its credit, has expeditiously implemented many of the recommendations made in our reports. However, there are a number of recommendations that the Agency disagreed with or that have yet to be implemented. As a result, we believe there are still vulnerabilities within the enumeration system that allow the improper assignment and issuance of SSNs. We believe the following areas continue to be weaknesses in SSA’s enumeration process.

When an individual applies for an original SSN, SSA requires the applicant to provide acceptable documentary evidence of age, identity, and United States citizenship or lawful alien status. When applying for a replacement SSN, the applicant must provide evidence of identity and, if applicable, lawful alien status. Reliable evidentiary documentation is crucial to ensuring the proper assignment of SSNs. Unfortunately, given the technological advances in today’s society, motivated individuals can counterfeit official documents with surprising accuracy. In fact, through our audits, evaluations and investigations, we have detected SSNs issued to individuals based on counterfeit evidentiary documents.

To effectively foil the efforts of these individuals and reduce the occurrences of improper SSN attainment, we recommended that SSA employ effective front-end controls in its enumeration process. The Agency accepted many of these recommendations and has initiated, or is in the implementation planning process for, most of our proposed corrective actions. However, SSA elected not to implement one recommendation that it believed would be administratively burdensome and negatively impact customer service.

Specifically, we recommended that SSA obtain independent verification from the issuing Agency (e.g., Immigration and Naturalization Service (INS), State Department) for all evidentiary documents submitted by noncitizens before issuing an original SSN. Our audits, evaluations and investigations have indicated that documents presented by some noncitizens are problematic. Additionally, we concluded SSA’s current verification process is not sufficient to ensure the validity of evidentiary documents presented by noncitizens. For example, in one audit, we found that 999 of the 3,557 original SSN applications reviewed were approved based on improper evidentiary documentation. We acknowledge that this is not the case with the majority of noncitizen documents. However, our experience has shown that the error rate is significant enough to warrant increased verification of these documents.

SSA’s assignment of an SSN is dependent on the processing of SSN applications through SSA’s Modernized Enumeration System (MES). When an application is entered in MES, the program processes the information and performs various automated edits including a determination of whether the applicant has previously obtained an SSN. If these edits are passed, the system assigns an SSN and a card is issued to the applicant.

Through previous audit work, we determined that edits within MES could be enhanced to provide more reliable results. For example, in a recent audit, we identified instances in just 4 States in which SSA assigned multiple SSNs to 178 infants. These instances occurred because MES edits did not recognize the applications as duplicate. In many of these cases, only one or two letters were different in the applicants’ name.

In addition to enhancing existing edits, we have recommended that SSA incorporate preventive controls in MES to stop the assignment and issuance of SSNs when the system detects the following occurrences.

• Over a specified period of time, SSA issued multiple SSNs cards to the same address.

• Over a specified period of time, parents claimed to have had an unusually large number of children.

• Known fraudulent documentation is presented as evidence in support of an SSN application.

Current edits addressing these issues concentrate on the detection of fraud after it has already occurred. Unfortunately, once an SSN has been issued, SSA has little ability to prevent or curtail the use of that SSN in committing further fraud. Accordingly, SSA is in the process of incorporating some of these edits in MES. However, full implementation may take several years. We believe that these enhancements should be accelerated and that if funding is an issue the Agency should identify the resource requirements.

Because many cases of identity fraud involve improperly obtained replacement cards, we believe SSA needs to develop a combination of regulations and system controls to limit the number of replacement SSN cards an individual can receive during a specified period. In a recent audit, we determined that 192 individuals obtained 6 or more replacement SSN cards during a 1-year period. Through examination, we concluded that over 100 of these individuals appeared to be misusing their SSNs. Under current SSA policy, any individual can obtain up to 52 replacement SSN cards in a year. Although we recognize there could be extraordinary occurrences in which an individual might have a need for several SSN cards, we believe this should be the exception. Accordingly, we believe SSA should establish a reasonable threshold for the number of replacement SSN cards an individual may obtain during a year and over a lifetime. SSA should then implement controls within its system requiring management personnel to approve any applications exceeding this limit.

Well-trained employees are as important to the enumeration process as procedures and systems. Based on recent audits, we believe SSA field office employees would benefit from educational reinforcement through training and quality reviews of SSN processing. Specifically, we have recommended that SSA should:

• Re-emphasize the importance of following enumeration policies and procedures associated with the issuance of original and replacement SSN cards, including the requirement to independently verify INS documents when indicated by SSA policy and the Systematic Alien Verification for Entitlements (SAVE) program.

• Conduct periodic quality reviews of processed SSN applications and provide timely feedback to field office personnel.

• Test field office employee compliance with procedures for issuing replacement SSN cards when performing periodic enumeration quality reviews. Additional training and/or supervision should be provided to employees if necessary.

• Instruct field office personnel to exercise greater care when resolving enumeration feedback messages generated by the system.

• Require field office personnel to document the basis of all resolution actions taken on enumeration feedback messages for an appropriate period of time to facilitate management review.

• Require FO management to perform periodic quality reviews of processed enumeration feedback messages and provide appropriate feedback and related training to FO personnel.

It is difficult to definitively conclude which SSA programs or operations have the most incidences of SSN misuse since it is impossible for OIG to verify the legitimacy of every allegation received. With limited staff and an overwhelming number of allegations, OIG’s Office of Investigations (OI) prioritizes the cases it can feasibly examine. Our first priority has traditionally been to investigate cases involving possible employee fraud. Secondly, we attempt to examine the large volume of programmatic cases that negatively impact Social Security trust funds. Accordingly, we are only able to provide statistics based on the SSN misuse cases our investigators have closed. We acknowledge that this representation may not be reflective of the total crimes that have occurred. However, given our mandate of attempting to secure SSA’s trust fund dollars, these figures reflect the cases our established priorities and current resource level allowed us to pursue.

During the past 5 fiscal years, the percentage of the cases involving SSN misuse and program fraud are as follows:

Title XVI – Aged SSI is the program for persons 65 years of age or older who demonstrate a financial need for assistance as mandated by law and program requirements. As shown in the chart above, title XVI – Aged SSI cases accounted for the majority of closed cases for which SSN misuse was also involved. Additionally, a measurable percent of SSN misuse cases involved losses to the title II Disability and RSI programs. We have included an example case for each program category below to provide an understanding of how SSN misuse impacted these cases.

On May 21, 2001, before the honorable U.S. District Court Judge Robert J. Timlin, Ms. Jean M. Whiteley (84 years old) was sentenced to 6 months home detention, 5 years probation, 60 hours of community service, a $300 special assessment fee and ordered to repay SSA $423,845.

The OIG initiated an investigation of Ms. Whiteley in September 1999, based on a referral from an SSA Assistant District Manager (ADM). The ADM informed OIG that, as a result of a joint project between SSA and the California Department of Health Services, the Palm Springs SSA office determined Ms. Whiteley had fraudulently collected SSA benefits under more than one identity. Additional investigation by the OIG revealed that Ms. Whiteley had been receiving SSA Widows’ Insurance Benefits (WIB) under the alias of Anna K. Whiteley since 1981, SSI benefits under the alias Ann Jeanette Oliver since 1982 and SSI benefits under the alias of Jean L. Whiteley since 1987. The investigation also revealed that since 1988, Ms. Whiteley received SSI benefits (aged) on her deceased husband’s fraudulent identity.

On November 9, 1999, OIG Special Agents executed a Federal search warrant at Ms. Whiteley’s residence in Desert Hot Springs, California. Items seized pursuant to the search warrant indicated that Ms. Whiteley used the aforementioned aliases to fraudulently receive SSA WIB and SSI benefits. In addition, items seized indicated that she used the aliases to fraudulently apply for Federal bankruptcies, California State Renter’s Tax Credits, County Home Energy Assistance and Rural Housing Assistance from the U.S. Department of Agriculture.

On January 28, 2000, a Federal Grand Jury returned a fourteen-count felony indictment for Ms. Whiteley in U.S. District Court, Los Angeles, California. Ms. Whiteley was indicted on twelve counts of 18 U.S.C. § 1343, "Fraud by wire, radio, or television." Additionally, she was indicted on two counts of 18 U.S.C. § 152, "Concealment of assets; false oaths and claims; bribery." Subsequently, she pled guilty to three counts of the aforementioned.

The loss to SSA from her crimes totaled approximately $423,845. Additional losses to the Federal government from fraudulent bankruptcy filings equal approximately $160,000.00.

1. On January 10, 2001, Mr. Anthony P. Coco was sentenced in Federal District Court by the Honorable Judge Clarence Newcomer to serve 5 months in prison followed by 5 months home detention. Following his release from prison, Mr. Coco will serve 3 years probation. Additionally, Judge Newcomer ordered Mr. Coco to repay $115,541 in restitution to SSA. Mr. Coco was further ordered to pay all costs of electronic monitoring related to his home detention. Mr. Coco voluntarily surrendered himself to the U.S. Bureau of Prisons on January 29, 2001 to begin his prison sentence.

Mr. Coco became entitled to receive title II disability benefits in 1985. However, from 1986 to 1999, Mr. Coco used his father's and daughter's SSNs to conceal his own work activity while still collecting disability benefits under his own SSN.

On May 23, 2001, Mr. Peter Collins appeared in the U.S. District Court for the Northern District of Ohio for the purpose of sentencing. Mr. Collins had previously pled guilty to one count of violating 18 U.S.C. § 641, "Public money, property or records" in this same court. Judge Peter Economus sentenced Mr. Collins to a period of 6 months' home confinement and 3 years' probation. Collins was also fined $1,100 and ordered to make restitution in the amount of $28,243 to SSA.

This case was initiated when the North Olmsted, Ohio Police Department discovered that Mr. Collins had two Ohio Driver Licenses listing two separate SSNs. One of the SSNs was assigned to Mr. Collins and the other was assigned in the name of his deceased brother who had died in 1943. SSA assigned the latter SSN in 1963, after the brother’s death. SSA made RSI payments in the amount of $32,723 between 1993 and 1998 to Mr. Collins in the name of his deceased brother. Mr. Collins admitted to fraudulently obtaining an SSN and title II RSI payments from SSA using his deceased brother's identity. Mr. Collins was employed full-time while collecting these SSA payments and earned substantial wages under his true SSN. It was later determined that Mr. Collins had cashed $28,243 of the SSA checks. The remaining $4,480 had been returned to SSA by the U.S. Postal Service who had been unable to deliver the checks due to a change of address.

On April 13, 2001, Mr. David Melgoza-Solis, a Mexican citizen, was sentenced to 6 months in custody of the Bureau of Prisons and ordered to pay $200 in assessment fees in violation of one count of 42 U.S.C. § 1383a, "Fraudulent acts; penalties; restitution" and one count of 42 U.S.C. § 1542 "Transfer of funds from other Federal agencies to Secretary of Housing and Urban Development." Mr. Melgoza-Solis was also sentenced to supervised release for a term of 3 years and will be subject to an INS Deportation Hearing. SSA waived restitution of the $80,485 fraud loss to the SSI program.

Since 1975, Mr. Melgoza-Solis had been fraudulently using the identity of Mr. Fred Gabes Cruz with a counterfeit New Mexico Certificate of Birth. In February 1989, Mr. Melgoza-Solis applied for and received SSI benefits in the name of Fred Gabes Cruz. SSI benefits continued through December 2000. The total SSI overpayment due to fraudulent identity information is $80,485. Mr. Melgoza-Solis was subsequently arrested and charged with violating 42 U.S.C. § 1542 and 42 U.S.C. § 1383a. On January 16, 2001 Mr. Melgoza-Solis pled guilty to both counts.

We believe that public awareness is one of the most effective tools in fighting the crime of identity fraud. To its credit, SSA has attempted to increase public awareness in several different manners, including issuing a publication related to the subject, providing information on the SSA website, holding "town hall" meetings with various entities and working with the Federal Trade Commission in developing information for the public. In addition to these measures, we believe the following suggestions may assist SSA in its efforts to inform the public of the proper use and dissemination of SSNs.

• The SSA website is an excellent tool for educating the public about the proper use of the SSN. Although already being utilized, SSA’s OIG and Communications Office could team up to provide additional information. For example, articles could be posted on the site in the form of interesting "Tips" and "Tactics," which would be designed to educate and remind the general public about the potential dangers of sharing one’s SSN with non-governmental and suspicious entities.

• SSA could include informational pamphlets when issuing SSN cards and retirement and benefits statements to the public. These pamphlets could remind the public about SSN misuse and provide them with the OIG Fraud Hotline Toll-Free Number.

• Additional "Identity Theft Awareness Workshops" or "Town Hall Meetings," could be instituted in conjunction with organizations whose clients are the elderly and/or the disabled.

SSA has a number of data matching initiatives underway to detect and/or prevent overpayments to individuals residing in nursing homes and prisons. Specifically, SSA matches its payment records with nursing home data from the Centers for Medicare and Medicaid Services (CMS), as well as with Federal, State, and local prisons. Specific initiatives are described below.

In December 1998, SSA initiated a computer match with CMS to detect instances in which SSI recipients, institutionalized in nursing homes, were being overpaid. This match, which covers all the States, was also conducted in March 1999 and again in September 1999. Then in FY 2000, the match was performed on a monthly basis and it continues to be performed today.

In October 2000, SSA’s Office of Quality Assurance and Performance Assessment (OQA) issued a report on its assessment of SSA’s match with nursing home data. OQA found that in FY 1999, the data match between SSA and CMS identified overpayment benefits of $27 million that could have been either recovered or prevented at a cost of $6.8 million.

OQA also found that nursing home data received from CMS was not sufficiently accurate for SSA to institute automatic payment changes. Specifically, some of CMS’ data fields (such as length of stay and source of payment) contained missing or inaccurate data. As such, OQA concluded that CMS needs to improve the reliability of its data before SSA could use it to suspend payments without verification. In FY 2002, OQA is scheduled to conduct a follow-up review to determine the accuracy of the CMS data and the approximate time for SSA field offices to process a case resulting from the data match.

OIG does not have a tracking system in place to capture the amount of SSI overpayments resulting from individuals living in nursing homes. Therefore, we are unable to provide statistics for the past 5 years, and hence defer this question to SSA.

SSA receives prisoner data from approximately 5,500 Federal, State, county, and local correctional agencies. This data, which accounts for over 99 percent of the prisoner population in the United States, is matched against SSA payment records in order to identify, prevent and/or recover overpayments to prisoners. If the data matching identifies benefit payments paid to a prisoner, the appropriate SSA office is notified and staff verify the person’s identity and determine whether payments should be stopped. Once payments cease, any overpayment amounts are computed and an account is established on the individual’s record to control the return of amounts overpaid.

SSA’s Chief Actuary estimated a cost avoidance of $125 million to be realized semiannually from 1995 to 2001. Since the OIG does not have a system in place to track overpayments to prisoners, we defer to SSA to provide statistics for the past 5 years.

In 1996 and 1997, the OIG completed two audits pertaining to SSA’s prisoner matching operations. Specifically, we reported the following.

• SSA was only achieving limited success in obtaining prisoner information and using it to prohibit benefit payments. Specifically, we estimated overpayments to prisoners in Federal, State, and county or local correctional facilities in the amount of $48.8 million. These overpayments were due to the delays in receiving information from correctional facilities. Our report included recommendations to: (1) make current procedures for obtaining prisoner information more effective; (2) explore alternatives to the current system in place for obtaining prisoner information; and (3) make the administrative processes associated with prisoner information more effective.

• SSA was not always detecting and stopping benefit payments to prisoners due to control weaknesses in its prisoner record matching program and in its prisoner alert procedures. Also, we found that SSA had limited success in attempting to recover overpayments made to prisoners. Our report included recommendations for: (1) improving the matching procedures for identifying prisoners receiving benefits; (2) processing prisoner alerts more effectively; and (3) improving the collection of overpayments from prisoners.

In FY 2002, we are initiating a follow-up review to our 1996 and 1997 audit reports. We will assess SSA’s efforts to implement the recommendations made in these two reports and identify any further areas for improving prisoner data matching operations. Based on preliminary work started in FY 2001, SSA has made great strides in improving the detection and prevention of overpayments to prisoners since our work in 1996 and 1997. Once our follow-up work is completed in FY 2002/2003, we will comment in detail on the effectiveness of SSA’s prisoner operations to prevent overpayments and possible initiatives, if necessary, for further improvement.

We recognize that the issue of SSN misuse is complex and impacts many public and private programs. With the Internet as a catalyst, SSN misuse and identity fraud have soared to new heights, partially as a result of the ease in which individuals can access personal information and false documents on-line. To its credit, SSA has made strides in improving systems and processes in the fight against these abuses. However, we believe more needs to be done. We understand the need to provide timely, world class customer service, but it is important to strike a balance between expediency and stewardship responsibilities.

Recently, we provided the Acting Commissioner of Social Security with a list of prior audit recommendations that the Agency either disagreed with or had not yet implemented. In light of recent events, the Acting Commissioner planned to review these recommendations to determine whether any should be reconsidered and/or expedited. We are encouraged by this action and hope SSA will reconsider recommendations reiterated in this report that will serve to improve the integrity of the SSN.

Appendices

Scope and Methodology

Much of our work was based on published reports from the past 2 years. We performed report review work in Birmingham, Alabama. Analytical work on matching initiatives and overpayments was performed in Boston, Massachusetts. Also, other work, including interviews and observations regarding undeliverable SSNs and gathering of investigative case data was performed at SSA Headquarters in Baltimore, Maryland. We completed our field work between August 2001 and September 2001.

Appendix C

OIG Contacts and Staff Acknowledgments

OIG Contacts

Kim Byrd, Acting Director, Operations Audit Division (205) 801-1605

In addition to those named above:

Kathy Youngblood, Senior Auditor
Walter Bayer, Deputy Director
Judith Oliviera, Senior Auditor
Katie Hallock, Auditor
Tom Sipes, Special Agent-in-Charge
Tim DeHoff, Investigator

For additional copies of this report, please visit our web site at http://www.socialsecurity.gov/oig or contact the Office of the Inspector General’s Public Affairs Specialist at (410) 966-1375. Refer to Common Identification Number A-08-02-22030.