Good morning, Chairman McNulty, Mr. Johnson, and members of the Subcommittee. It's a pleasure to be here today to provide the Social Security Administration (SSA), Office of the Inspector General's (OIG) perspective on Employment Eligibility Verification Systems (EEVS).
Each agency involved in EEVS has its own contribution to make to the system's success. The SSA-OIG's role is to evaluate the use of SSA data within the EEVS process and recommend improvements with respect to the accuracy and security of such data. SSA's information constitutes the foundation of EEVS.
The OIG is a strong supporter of employer verification. Many of the challenges that confront us on a daily basis stem from the lack of a widely-used universal verification system, and I will address these challenges momentarily. The OIG is also, however, charged with preventing and detecting fraud, waste, and abuse in SSA programs and operations, including any verification systems that utilize SSA data. Thus, our concern rests not only with the ability of such systems to resolve issues like Social Security number (SSN) misuse and erroneous wage reporting, but with the accuracy and security of the verification systems themselves. If verification systems rely on inaccurate information, the verifications they provide are of no value; if access to verification systems is not secure, and controls over their operation are not strong, the cost (in the loss of personally identifiable information) could be significant.
As such, the OIG is working hard to support SSA and Congress' efforts to create, implement, and broaden meaningful, accurate, and secure employer verification systems, and we welcome the Subcommittee's support.
As stated earlier, each participant in today's hearing brings his or her own goals and perspectives to the table. Immigration issues are not, by themselves, part of the OIG's mission, appearing nowhere in our statutory mandate. That said, however, the immigration issue is inextricably linked to SSN misuse and SSA program integrity, which are at the heart of the OIG's mission. These issues take on several forms, each of which poses a significant challenge to SSA and the OIG, and each of which would be significantly aided by broader, more reliable, more secure verification systems. Specifically, there are two closely linked areas relative to EEVS in which our mission overlaps with that of the Department of Homeland Security (DHS):
- Ensuring accurate wage reporting and minimizing SSN misuse; and
- Ensuring that verification systems are accurate and secure.
I will touch briefly on some of our work in each of these areas.
Accurate Wage Reporting and SSN Misuse
Accurate wage reporting is critical to the determination of individuals' eligibility for, and amount of, various Social Security benefits and payments.
First, we need to keep in mind the types of wage reporting problems encountered by SSA:
- An invalid name and SSN combination is reported, causing the earnings to be placed into the Earnings Suspense File (ESF) until resolved;
- A valid name and SSN is reported, but the earnings do not belong to the SSN owner and therefore needs to be removed from the Master Earnings File and placed in the ESF at a later time; and
- An SSN issued for nonwork purposes is used for work, in which case SSA is required to post the earnings and report the instance to DHS, even though the earnings may not qualify the worker for future benefits.
The ESF, SSA's repository for misreported wages, has been a frequent topic of testimony before this Subcommittee. As of October 2006, the ESF had accumulated about $586 billion in wages and 264 million wage items for Tax Years (TY) 1937 through 2004. In TY 2004 alone, the ESF grew by $66 billion in wages and 9.5 million wage items. Each wage item posted to the ESF represents a possible error in the calculation of someone's Social Security benefits or payments, and each represents a cost to the taxpayer incurred in trying to correct the misreported wage item. Our Office of Audit has conducted numerous studies touching on the ESF issue, including in-depth studies of industries particularly prone to misreporting, such as the agricultural, restaurant, and service industries. We continue to seek ways to help SSA stem the tide of erroneous wage reporting; none of our recommendations, however, will ever be as effective as truly meaningful verification of employees.
In addition to the ESF, the Master Earnings File (MEF), SSA's repository of theoretically correct wage reports, is also affected by misreported wage items. An ongoing audit, which we anticipate will be issued later this year, seeks to determine whether:
- wage items associated with SSN misuse are being posted to the Master Earnings File; and
- the Agency has established effective controls to detect such postings and prevent future occurrences.
Early work in this area has identified a number of cases where the valid name and SSN of individuals has been used by another party to work in the economy. This type of misuse is difficult to detect under the current verification systems and SSA will learn about it only when the SSN owner reports this misuse of their information.
We have a second audit, also to be released later this year, reviewing cases referred to SSA from the Internal Revenue Service (IRS) after individuals have disclaimed wages at an IRS office. We believe valid names and SSNs are being misused for work purposes.
SSA also encounters wages reported under "nonwork" SSNs assigned to noncitizens. While SSA has dramatically reduced the issuance of nonwork SSNs over the years, millions of nonwork SSNs are still in circulation. Each year employers report earnings to SSA under these nonwork SSNs and SSA is required to post them to the MEF. SSA is also required by law to annually report work activity under nonwork SSNs to DHS to assist DHS in its worksite enforcement efforts. Currently, SSA is reporting over half a million such individuals each year, with each reported case representing a potential violation of both Social Security and immigration laws. Recent changes in SSA's programs under the Social Security Protection Act of 2004 further complicate this situation, since work reported under a nonwork SSN will be posted to the Master Earnings File but may not always qualify the earner for future benefits.
The OIG has conducted a number of audits on the nonwork SSN process. Overall, we have found that while SSA's data on noncitizens' work authorization status is not always current, the majority of the earnings items reported to the Agency under nonwork SSNs appear to relate to noncitizens working in the economy without proper work authorization. For example, our June 2006 audit on the top 100 employers reporting earnings under nonwork SSNs found that during TYs 2001 through 2003, a total of 109,064 noncitizens worked under nonwork SSNs for these 100 employers. The employer categories with the most nonwork wage postings were government, retail, and universities. After reviewing a sample of these nonwork SSNs, we found that we could not confirm work authorization for 63 percent of the individuals in our sample.
While DHS has primary jurisdiction over immigration matters, our jurisdiction over SSN misuse is in many ways parallel to DHS's worksite enforcement efforts, and we have worked with Immigration and Customs Enforcement (ICE) on a number of joint investigative projects. In these cases, the OIG's role is often limited, but can result in significant accomplishments, particularly when the employer is the target. When we can stop employers from hiring individuals who may be using others' SSNs or working under a nonwork SSN, the impact on SSA programs and operations can be significant.
In past hearings, DHS officials have noted that SSA earnings data can assist their Agency with its mission. However, restrictions on data sharing related to the Internal Revenue Code and Privacy Act limit our ability to provide this assistance to DHS.
Ensuring the Accuracy and Security of Verification Systems
A year ago, the former Chairman of this Subcommittee, Jim McCrery, asked the OIG to look at three aspects of SSN verification systems-the accuracy of the data upon which the verification systems are based, the controls over the verification programs, and the experiences of the employers who use the verification systems.
In our first review, we looked at SSA's Numident file, which contains relevant information about Social Security numberholders, including name, date of birth, place of birth, and citizenship status. These data are used in the EEVS. Mr. McCrery asked us to assess the accuracy of SSA Numident fields that are relied on by EEVS, for each of the following U.S. populations: (1) native-born citizens, (2) foreign-born citizens, and (3) non-citizens.
We reviewed 810 randomly-selected Numident records in each of the three populations for a total of 2,430 records. Although we found SSA's information to be generally accurate, we identified some discrepancies that could result in incorrect feedback to employers attempting to determine the employment eligibility of their workers. Specifically, of the 2,430 Numident records reviewed, 136 contained discrepancies in the name, date of birth or citizenship status of the numberholder or we determined that the numberholder may be deceased. As a result, we estimated that discrepancies in approximately 17.8 million (4.1 percent) of the 435 million Numident records could result in incorrect feedback when submitted through EEVS.
Because our tests included SSNs that were assigned decades ago, we recognize that some numberholders would no longer be working and would not attempt to correct their SSA and/or immigration records. However, if even a portion of the estimated numberholders whose Numident records contained discrepancies were required to visit an SSA office to correct their information, the Agency's workload may significantly increase until such time as the affected records were corrected.
In our second review, we gathered information on the experiences of employers who had used SSA's Social Security Number Verification Service (SSNVS) and EEVS. We interviewed program users at 100 employers-50 each from SSNVS and EEVS-to assess their satisfaction with the two programs. The 100 employers were in industries such as temporary employment, food, retail, and government. We found that 92 percent of the SSNVS users and 100 percent of the EEVS users interviewed rated the programs as "Excellent," "Very Good," or "Good." In addition, at least 98 percent of the users from both programs indicated their employers were very likely to continue using the programs.
About 14 percent of the SSNVS users and 10 percent of the EEVS users we interviewed reported that they experienced minor problems using the two programs. In most of these cases, the users reported that SSA and/or DHS staff were able to resolve their problems timely. We also found that approximately 42 percent of EEVS users we interviewed were not using the program as intended. While the program is intended to verify the work authorization of newly-hired employees within 3 days after they are hired, some employers conducted verifications for longstanding employees or individuals who were not yet hired. We could not determine whether these employers misunderstood EEVS requirements or just simply ignored the policy. If DHS determines these other types of verifications should be allowed, legislative changes may be needed.
In our third review, we assessed controls over SSA's SSNVS and EEVS to monitor potential abuse by employers as well as SSA and DHS's experience to date with this monitoring. We found that SSA had established effective controls over access and use of sensitive data in its SSNVS program. For example, SSNVS had controls over the application process to verify (1) the applicant's personal information, (2) the company's Employer Identification Number, (3) the applicant's authorization to use the service on behalf of the company, and (4) the applicant's employment with the company. SSNVS also had controls to detect anomalies in SSNVS usage and potential misuse of the program. For example, SSA's monitoring resulted in four investigations of misuse of the program as well as the deactivation of one user's access to the program. EEVS did not have the same level of controls, in part because (1) the application process did not request some of the identifiers used by SSNVS to monitor the applicants, and/or (2) the information provided by the applicant during the registration process was not validated.
We also reported that DHS officials have met with officials from SSA and the IRS to discuss potential enhancements to EEVS as well as avenues for greater cooperation. DHS officials also stated that future meetings will discuss some of the monitoring and applicant verification activities already being performed under SSNVS. We believe continued coordination between DHS, SSA, and IRS would lead to more effective controls to minimize the potential misuse of EEVS.
We are also completing a fourth review in which we are assessing controls over all of SSA's employee verification programs, be they electronic, paper, or via phone and fax, as well as EEVS. This review will also highlight best practices. As part of this audit, we will ensure that employers are receiving a consistent reply from all of the verification services. In addition, our review will determine whether SSA knows who is requesting the verification when it receives a telephone call or fax, and the level of monitoring performed to ensure that problem employers cannot access SSA's data. We expect to issue this report in the next few months and as always, will share a copy with the Subcommittee.
It is critical that any verification system used to combat SSN misuse, inaccurate wage reporting, unauthorized work, SSA program fraud, and immigration violations be accurate and secure. Through reports such as those I've discussed today, our efforts to ensure the reliability of the data used by EEVS and the functionality and security of EEVS help employers report accurate wages to SSA and minimize the improper use of SSNs.
Thank you, and I'd be happy to answer any questions.