eCBSV Frequently Asked Questions

eCBSV Home

Information About eCBSV

Initial Rollout

Expanded Rollout

Next Application Period

Eligibility

Methods to Access eCBSV

Fees

User Agreement

eCBSV Onboarding Process

Permitted Entity Registration

Permitted Entity Enrollment

Financial Institution Registration

eCBSV Technical Specifications

Recommended Technical Expertise

To Access Permitted Entity Registration and Enrollment

To Submit and Obtain SSN Verifications

To Access the External Testing Environment

eCBSV Guide to eCBSV Written Consent

Introduction

What is Written Consent in the eCBSV Context?

What is an Electronic Signature?

What are Acceptable Forms of Electronic Signatures?

What is Intent to Sign?

How Do I Attach or Associate the Electronic Signature to the Written Consent?

Written Consent Incorporated into the Financial Institution’s Business Process

Written Consent Template Must Haves

Putting it All Together – Compliant Examples

Putting it All Together – Non-compliant Examples

FAQs

Archive

Get Page Updates

Thank you for your interest in the electronic Consent Based Social Security Number Verification (eCBSV) service.  We are reviewing questions received and will be posting responses here periodically.  Please check this page frequently for updates.  You may submit questions to eCBSV@ssa.gov.

1. Agreements
Content archived. See Archive, Enrollment FAQ.
2. Application
Content archived. See Archive, Enrollment FAQ.
3. Consent

Section 3.01 archived. See Archive, Enrollment FAQ.

3.02 Can the electronic signature piece of the eCBSV consent process fit into existing E-Sign Act practices?
Yes, SSA designed its electronic signature requirements in accordance with the E-Sign Act.
4. Costs
Content archived. See Archive, Enrollment FAQ.
5. Current CBSV Customers
5.01 As a current CBSV enrolled company and a company who qualifies as a permitted entity, may we begin to accept electronic signatures now?
No, as a currently enrolled company in CBSV, you are not enrolled in eCBSV and are not permitted to accept electronically signed consents at this time. You must continue to adhere to all requirements in the CBSV User Agreement.
5.02 As a current CBSV enrolled company and a company who qualifies as a permitted entity, does our enrollment in the current CBSV program affect our application for eCBSV?
No, your status as a CBSV company and a company who qualifies as a permitted entity, does not affect your application for eCBSV.  SSA will consider all permitted entities for eCBSV enrollment in accordance with the process set forth in the Federal Register Notice.  You must follow the instructions as provided in the Federal Register Notice to apply for eCBSV during the upcoming enrollment period.  Companies that do not qualify as permitted entities cannot currently enroll for eCBSV. 
5.03 As a current CBSV enrolled company, what happens to our status as a CBSV enrolled company, if we are selected for the initial rollout of eCBSV in June 2020?

If you are an individual permitted entity selected for the eCBSV initial rollout in June 2020, we will terminate your CBSV User Agreement as of that date and you will no longer be a CBSV customer.  We will provide you a refund of unused CBSV funds at that time.

If you are a service provider permitted entity selected for the eCBSV initial rollout in June 2020, you may remain enrolled in CBSV to service non-permitted entities or during the initial rollout, other permitted entities beyond the 20 limited in the initial rollout.

If you are not selected for the eCBSV initial rollout, you will continue as a CBSV customer and must adhere to all requirements in the CBSV User Agreement.

5.04 We are a service provider for a handful of customers that provide SSA verifications today. Could you explain to me the difference between this new service and the existing service that we use today? Today it's an API where we pass the SSN, DOB, and name and get a yes/no/deceased response which seems to be identical to this new system. Is this new system a replacement for the one we are currently using or is there some other feature that i'm not seeing? I did not see on the site where this new service differs in any way except for new security measures.

The substantial difference between CBSV and eCBSV is that the Economic Growth, Regulatory Relief, and Consumer Protection Act, Section 215, Reducing Identity Fraud, requires SSA to confirm (or not confirm) to a "permitted entity" the validity of fraud protection data (specific information about an individual, including SSN verification) based on the individual's written consent, including by electronic signature.  An SSN verification is verification that a name, SSN, and date of birth combination matches (or does not match) our records.  The legislation requires SSA to improve our current verification system to accommodate the much larger anticipated volume of users and verifications as a result of now allowing consumer consent to be received electronically.  In addition, the Act defines permitted entities use of eCBSV for specific uses as outlined in the Act.  Therefore, for entities that do not qualify as a permitted entity, or entities who use the SSN verification for purposes outside of the Act will continue to obtain a number holder’s wet signature on the consent forms and use the current CBSV at this time.

6. Enrollment

Sections 6.01-6.08 archived. See Archive, Enrollment FAQ.

6.09 What happens if the number of queries exceed the specified limits established for any given permitted entity? How will limits be calculated/enforced? Will it be daily, weekly, monthly, or some other specified time horizon?
The eCBSV system will monitor transactions in real time, and provide an alert when a permitted entity nears their tier level transaction limit. If no action is taken by the permitted entity to establish a new tier level and user agreement, no transactions will be processed over their tier level.
6.10 If I am a company that supports financial institutions with decision management solutions, that includes the opening of new accounts, and determine that I qualify as a permitted entity, do I need to apply for eCBSV? Do I need to apply if I am not requesting the SSN verification directly from SSA?
You should apply for eCBSV if you wish to obtain SSN verifications directly from SSA.  Each SSN verification request submitted to SSA must be supported by an individual consent, including electronic consent.  If you are supporting financial institutions by obtaining information from another service provider who is already an eCBSV customer, please be aware that the other service provider may not share with you the results of its SSN verification request.
7. Initial Rollout
Content archived. See Archive, Enrollment FAQ.
8. Other

Section 8.01 archived. See Archive, Enrollment FAQ.

8.02 If a consumer disputes SSA’s verification response, what action should he or she take?
If the eCBSV User ensures that the data submitted to SSA matches the information provided by the consumer on the consent form, and the consumer verifies the accuracy of the consent data provided, then the eCBSV User can direct the consumer to his or her local SSA Field Office to determine the nature of the problem.
8.03 Will financial institutions’ service providers, subsidiaries, affiliates, agents, subcontractors, or assignees be able to pool and/or allocate queries across multiple financial institutions they service?
Yes, financial institutions’ service providers, subsidiaries, affiliates, agents, subcontractors, or assignees may allocate transactions any way they like. SSA will only track the number of transactions at the eCBSV User (who enters into the User Agreement with SSA) level.
8.04 Who determines if I am a permitted entity?
You must determine if you are a permitted entity.  Review all of the requirements as provided in PL 115-174, 215(b)(4), and provide a certification statement to SSA at least every two years as required by PL 115-174.  See the Eligibility tab for more details.
8.05 As a permitted entity service provider, will we be allowed to provide the eCBSV to all of our clients or just the financial institutions?
As a permitted entity, you may only use eCBSV with electronically signed consents for your approved activities as a permitted entity and for other permitted entities approved activities under PL 115-174.  You may not submit verification requests for entities that are not permitted under the definition.
8.06 Can permitted entities change their annual transaction estimates from one year to the next, or do they have to stay in the same tier or higher forever?
A permitted entity should estimate their annual transactions based on how many they anticipate requesting in the first year (365 day usage).  Every year after that, the permitted entity has the option to stay at the same tier, or go up or down in tier levels.  The only limitation imposed on a permitted entity tier level is when an entity exhausts all transactions within their year (365-day period).  In that situation, SSA requires that the permitted entity move to the next higher tier level.
8.07 Can you clarify what the "annual number of transactions" is based on? Some of us in the bank believe that it may be implying projected use of this service (number of inquiries) while others believe that it may be implying all banking activities such as deposits, withdrawals, and others.

The annual number of transactions refers to the number of requests for verification that a permitted entity plans to send to SSA annually.

8.08 What is the difference between the services provided by the eCBSV and the TIN matching program provided by the IRS? The IRS TIN matching program as outlined in Publication 2108A seems to provide similar services for TIN matching, so I am trying to determine what differences (if any) exist between the SSA and IRS services.

SSA is unable to provide you with any information regarding the IRS TIN Matching program. We can tell you that SSA is the authoritative source for the Social Security Number (SSN). eCBSV will provide SSN verifications to enrolled permitted entities. An SSN verification is verification that a name, SSN, and date of birth combination matches (or does not match) our records.

9. Technical

Sections 9.01-9.02 and 9.04-9.06 archived. See Archive, Enrollment FAQ.

9.03 How long will it take to get a response from the system; will it be in real-time or near real-time?
The verification system will provide a real-time response. We do not distinguish between real-time or near real-time.