U.S. House of Representatives
- June 7, 2007
Committee
on Ways and Means
Subcommittee on Social Security
Statement for the
Record
Employment
Eligibility Verification Systems
Steven
L. Schaeffer
Assistant Inspector General for Audit
Office of the Inspector General
Social Security Administration
June 7, 2007
Good morning, Chairman McNulty, Mr. Johnson, and members
of the Subcommittee. It's a pleasure to be here today to provide the
Social Security Administration (SSA), Office of the Inspector General's
(OIG) perspective on Employment Eligibility Verification Systems (EEVS).
Each agency involved in EEVS has its own contribution to make to the
system's success. The SSA-OIG's role is to evaluate the use of SSA data
within the EEVS process and recommend improvements with respect to the
accuracy and security of such data. SSA's information constitutes the
foundation of EEVS.
The OIG is a strong supporter of employer verification. Many of the
challenges that confront us on a daily basis stem from the lack of a
widely-used universal verification system, and I will address these
challenges momentarily. The OIG is also, however, charged with preventing
and detecting fraud, waste, and abuse in SSA programs and operations,
including any verification systems that utilize SSA data. Thus, our
concern rests not only with the ability of such systems to resolve issues
like Social Security number (SSN) misuse and erroneous wage reporting,
but with the accuracy and security of the verification systems themselves.
If verification systems rely on inaccurate information, the verifications
they provide are of no value; if access to verification systems is not
secure, and controls over their operation are not strong, the cost (in
the loss of personally identifiable information) could be significant.
As such, the OIG is working hard to support SSA and Congress' efforts
to create, implement, and broaden meaningful, accurate, and secure employer
verification systems, and we welcome the Subcommittee's support.
As stated earlier, each participant in today's hearing brings his or
her own goals and perspectives to the table. Immigration issues are
not, by themselves, part of the OIG's mission, appearing nowhere in
our statutory mandate. That said, however, the immigration issue is
inextricably linked to SSN misuse and SSA program integrity, which are
at the heart of the OIG's mission. These issues take on several forms,
each of which poses a significant challenge to SSA and the OIG, and
each of which would be significantly aided by broader, more reliable,
more secure verification systems. Specifically, there are two closely
linked areas relative to EEVS in which our mission overlaps with that
of the Department of Homeland Security (DHS):
Ensuring accurate wage reporting and minimizing SSN misuse; and
Ensuring that verification systems are accurate and secure.
I will touch briefly on some of our work in each of these areas.
Accurate Wage Reporting and SSN Misuse
Accurate wage reporting is critical to the determination of individuals'
eligibility for, and amount of, various Social Security benefits and
payments.
First, we need to keep in mind the types of wage reporting problems
encountered by SSA:
An invalid name and SSN combination is reported, causing the earnings
to be placed into the Earnings Suspense File (ESF) until resolved;
A valid name and SSN is reported, but the earnings do not belong to
the SSN owner and therefore needs to be removed from the Master Earnings
File and placed in the ESF at a later time; and
An SSN issued for nonwork purposes is used for work, in which case SSA
is required to post the earnings and report the instance to DHS, even
though the earnings may not qualify the worker for future benefits.
The ESF, SSA's repository for misreported wages, has been a frequent
topic of testimony before this Subcommittee. As of October 2006, the
ESF had accumulated about $586 billion in wages and 264 million wage
items for Tax Years (TY) 1937 through 2004. In TY 2004 alone, the ESF
grew by $66 billion in wages and 9.5 million wage items. Each wage item
posted to the ESF represents a possible error in the calculation of
someone's Social Security benefits or payments, and each represents
a cost to the taxpayer incurred in trying to correct the misreported
wage item. Our Office of Audit has conducted numerous studies touching
on the ESF issue, including in-depth studies of industries particularly
prone to misreporting, such as the agricultural, restaurant, and service
industries. We continue to seek ways to help SSA stem the tide of erroneous
wage reporting; none of our recommendations, however, will ever be as
effective as truly meaningful verification of employees.
In addition to the ESF, the Master Earnings File (MEF), SSA's repository
of theoretically correct wage reports, is also affected by misreported
wage items. An ongoing audit, which we anticipate will be issued later
this year, seeks to determine whether:
wage items associated with SSN misuse are being posted to the Master
Earnings File; and
the Agency has established effective controls to detect such postings
and prevent future occurrences.
Early work in this area has identified a number of cases where the
valid name and SSN of individuals has been used by another party to
work in the economy. This type of misuse is difficult to detect under
the current verification systems and SSA will learn about it only when
the SSN owner reports this misuse of their information.
We have a second audit, also to be released later this year, reviewing
cases referred to SSA from the Internal Revenue Service (IRS) after
individuals have disclaimed wages at an IRS office. We believe valid
names and SSNs are being misused for work purposes.
SSA also encounters wages reported under "nonwork" SSNs assigned
to noncitizens. While SSA has dramatically reduced the issuance of nonwork
SSNs over the years, millions of nonwork SSNs are still in circulation.
Each year employers report earnings to SSA under these nonwork SSNs
and SSA is required to post them to the MEF. SSA is also required by
law to annually report work activity under nonwork SSNs to DHS to assist
DHS in its worksite enforcement efforts. Currently, SSA is reporting
over half a million such individuals each year, with each reported case
representing a potential violation of both Social Security and immigration
laws. Recent changes in SSA's programs under the Social Security Protection
Act of 2004 further complicate this situation, since work reported under
a nonwork SSN will be posted to the Master Earnings File but may not
always qualify the earner for future benefits.
The OIG has conducted a number of audits on the nonwork SSN process.
Overall, we have found that while SSA's data on noncitizens' work authorization
status is not always current, the majority of the earnings items reported
to the Agency under nonwork SSNs appear to relate to noncitizens working
in the economy without proper work authorization. For example, our June
2006 audit on the top 100 employers reporting earnings under nonwork
SSNs found that during TYs 2001 through 2003, a total of 109,064 noncitizens
worked under nonwork SSNs for these 100 employers. The employer categories
with the most nonwork wage postings were government, retail, and universities.
After reviewing a sample of these nonwork SSNs, we found that we could
not confirm work authorization for 63 percent of the individuals in
our sample.
While DHS has primary jurisdiction over immigration matters, our jurisdiction
over SSN misuse is in many ways parallel to DHS's worksite enforcement
efforts, and we have worked with Immigration and Customs Enforcement
(ICE) on a number of joint investigative projects. In these cases, the
OIG's role is often limited, but can result in significant accomplishments,
particularly when the employer is the target. When we can stop employers
from hiring individuals who may be using others' SSNs or working under
a nonwork SSN, the impact on SSA programs and operations can be significant.
In past hearings, DHS officials have noted that SSA earnings data can
assist their Agency with its mission. However, restrictions on data
sharing related to the Internal Revenue Code and Privacy Act limit our
ability to provide this assistance to DHS.
Ensuring the Accuracy and Security of Verification Systems
A year ago, the former Chairman of this Subcommittee, Jim McCrery,
asked the OIG to look at three aspects of SSN verification systems-the
accuracy of the data upon which the verification systems are based,
the controls over the verification programs, and the experiences of
the employers who use the verification systems.
In our first review, we looked at SSA's Numident file, which contains
relevant information about Social Security numberholders, including
name, date of birth, place of birth, and citizenship status. These data
are used in the EEVS. Mr. McCrery asked us to assess the accuracy of
SSA Numident fields that are relied on by EEVS, for each of the following
U.S. populations: (1) native-born citizens, (2) foreign-born citizens,
and (3) non-citizens.
We reviewed 810 randomly-selected Numident records in each of the three
populations for a total of 2,430 records. Although we found SSA's information
to be generally accurate, we identified some discrepancies that could
result in incorrect feedback to employers attempting to determine the
employment eligibility of their workers. Specifically, of the 2,430
Numident records reviewed, 136 contained discrepancies in the name,
date of birth or citizenship status of the numberholder or we determined
that the numberholder may be deceased. As a result, we estimated that
discrepancies in approximately 17.8 million (4.1 percent) of the 435
million Numident records could result in incorrect feedback when submitted
through EEVS.
Because our tests included SSNs that were assigned decades ago, we
recognize that some numberholders would no longer be working and would
not attempt to correct their SSA and/or immigration records. However,
if even a portion of the estimated numberholders whose Numident records
contained discrepancies were required to visit an SSA office to correct
their information, the Agency's workload may significantly increase
until such time as the affected records were corrected.
In our second review, we gathered information on the experiences of
employers who had used SSA's Social Security Number Verification Service
(SSNVS) and EEVS. We interviewed program users at 100 employers-50 each
from SSNVS and EEVS-to assess their satisfaction with the two programs.
The 100 employers were in industries such as temporary employment, food,
retail, and government. We found that 92 percent of the SSNVS users
and 100 percent of the EEVS users interviewed rated the programs as
"Excellent," "Very Good," or "Good." In
addition, at least 98 percent of the users from both programs indicated
their employers were very likely to continue using the programs.
About 14 percent of the SSNVS users and 10 percent of the EEVS users
we interviewed reported that they experienced minor problems using the
two programs. In most of these cases, the users reported that SSA and/or
DHS staff were able to resolve their problems timely. We also found
that approximately 42 percent of EEVS users we interviewed were not
using the program as intended. While the program is intended to verify
the work authorization of newly-hired employees within 3 days after
they are hired, some employers conducted verifications for longstanding
employees or individuals who were not yet hired. We could not determine
whether these employers misunderstood EEVS requirements or just simply
ignored the policy. If DHS determines these other types of verifications
should be allowed, legislative changes may be needed.
In our third review, we assessed controls over SSA's SSNVS and EEVS
to monitor potential abuse by employers as well as SSA and DHS's experience
to date with this monitoring. We found that SSA had established effective
controls over access and use of sensitive data in its SSNVS program.
For example, SSNVS had controls over the application process to verify
(1) the applicant's personal information, (2) the company's Employer
Identification Number, (3) the applicant's authorization to use the
service on behalf of the company, and (4) the applicant's employment
with the company. SSNVS also had controls to detect anomalies in SSNVS
usage and potential misuse of the program. For example, SSA's monitoring
resulted in four investigations of misuse of the program as well as
the deactivation of one user's access to the program. EEVS did not have
the same level of controls, in part because (1) the application process
did not request some of the identifiers used by SSNVS to monitor the
applicants, and/or (2) the information provided by the applicant during
the registration process was not validated.
We also reported that DHS officials have met with officials from SSA
and the IRS to discuss potential enhancements to EEVS as well as avenues
for greater cooperation. DHS officials also stated that future meetings
will discuss some of the monitoring and applicant verification activities
already being performed under SSNVS. We believe continued coordination
between DHS, SSA, and IRS would lead to more effective controls to minimize
the potential misuse of EEVS.
We are also completing a fourth review in which we are assessing controls
over all of SSA's employee verification programs, be they electronic,
paper, or via phone and fax, as well as EEVS. This review will also
highlight best practices. As part of this audit, we will ensure that
employers are receiving a consistent reply from all of the verification
services. In addition, our review will determine whether SSA knows who
is requesting the verification when it receives a telephone call or
fax, and the level of monitoring performed to ensure that problem employers
cannot access SSA's data. We expect to issue this report in the next
few months and as always, will share a copy with the Subcommittee.
It is critical that any verification system used to combat SSN misuse,
inaccurate wage reporting, unauthorized work, SSA program fraud, and
immigration violations be accurate and secure. Through reports such
as those I've discussed today, our efforts to ensure the reliability
of the data used by EEVS and the functionality and security of EEVS
help employers report accurate wages to SSA and minimize the improper
use of SSNs.
Thank you, and I'd be happy to answer any questions.