eCBSV Frequently Asked Questions

Thank you for your interest in the electronic Consent Based Social Security Number Verification (eCBSV) service.  We are reviewing questions received and will be posting responses here periodically.  Please check this page frequently for updates.  You may submit questions to eCBSV@ssa.gov.

1. Agreements
1.01 Will a draft User Agreement be available for review?
No. The eCBSV User Agreement will be available in Spring 2020.
1.02 The Reimbursable Memorandum of Understanding’s period of performance is August 1, 2019 through September 30, 2019. Is the expectation that participating firms will integrate to the eCBSV service and submit production transactions during the course of this 2-month period?
No. The period of performance for the Reimbursable Memorandum of Understanding represents the remaining portion of the fiscal year during which SSA will collect each participating permitted entity’s 50 percent program startup costs. SSA will not begin providing eCBSV transactions until the June 2020 initial rollout.
3. Consent
3.01 Can any detail be provided regarding how the consent from the consumer needs to be presented, captured, stored, and presented as evidence?

Consent must be captured in accordance with the requirements SSA will set forth in the User Agreement. SSA will require consent be captured (1) on a properly-signed SSA-89, Authorization for SSA to Release SSN Verification in either paper format, fillable-PDF or other electronic format, or (2) in some other electronic process consistent with the permitted entity’s existing business process and SSA’s Privacy Act-compliant template language, provided in the eCBSV User Agreement. Moreover, SSA’s signature – including electronic signature requirements will be set forth on SSA’s website and incorporated by reference into the User Agreement.

The eCBSV user must retain the signed consent for a period of five (5) years from the date of the verification request in its original format.

3.02 Can the electronic signature piece of the eCBSV consent process fit into existing E-Sign Act practices?
Yes, SSA designed its electronic signature requirements in accordance with the E-Sign Act.
4. Costs - UPDATED
4.01 Are volume estimates for the initial rollout period, or for a forward-looking year when eCBSV is fully operational?
Permitted entities will select an estimated annual transaction volume for a full year (365-day period) regardless of whether they participate in the initial or expanded rollout.
4.02 If an entity is selected for the initial rollout, pays the startup costs, but then decides to withdraw, what is the off-ramp and refund process.
Once the permitted entity signs the Reimbursable MOU and remits payment, no refunds can be issued. SSA is required to collect 50 percent of the program startup costs in accordance with P.L. 115-174, before we can build the verification system. Once funds are collected and we begin building the system, we cannot issue refunds.
4.03 When will more accurate startup cost details be provided to the initial rollout selected permitted entities?
When a permitted entity is notified of their selection for the initial rollout around the close of the enrollment period, SSA will include the amount of their 50 percent program startup costs for payment with their notification.
4.04 Can SSA estimate what it will charge permitted entities for each validation/ping, based on provided numbers, once the system is built?
Not at this time. It is too early to provide the exact costs; however, estimates will be available in the October/November 2019 timeframe. In addition, SSA will not charge users on a per transaction basis, instead users will select an annual tier-based transaction level with one cost regardless of the number of transactions submitted by the permitted entity within that tier level.
4.05 Will SSA provide regular updates on startup costs incurred as compared to the estimates?
SSA will review actual costs annually as compared to estimates, and will adjust tier level charges appropriately to ensure we are only recovering actual costs.
4.06 What additional costs will the selected permitted entities for the initial rollout be required to pay?

Every permitted entity selected will pay a portion of the 50 percent of the program startup costs, and an initial administrative fee of $3,693. SSA will apply all program startup costs collected to each permitted entity’s annual tier-based subscription fee each year until recouped by the permitted entity.

The permitted entities participating in the initial rollout may be charged additional costs at rollout, if their initial contribution was not sufficient to cover their selected tier-based transactions charge. Again, this is dependent upon the number of permitted entities selected, the estimated annual transaction volumes, and the associated costs at the time of rollout.

UPDATED 4.07 What are the total estimated program startup costs for the initial rollout in June 2020?
SSA estimates program startup costs for the initial rollout in June 2020 of $18.47 million; therefore, the 50 percent program startup cost that must be collected is $9.2 million.
4.08 What does the startup contribution guarantee?
If you are selected as a participant in the small rollout during the initial enrollment period, you will be charged a prorated portion of the estimated 50 percent startup costs based on your estimated volume of transactions for an annual agreement period.  Your initial contribution will be credited to your future years’ subscription and administrative fees.  If you are required to contribute more than the cost for one year, it will be credited towards future years.  SSA will draw down from your initial contribution for as many years necessary to diminish all the initial contribution funds.
4.09 Will permitted entities selected for the small rollout be required to pay the remaining 50 percent startup costs?

Permitted entities selected for the small rollout will be required to submit their prorated portion of the estimated 50 percent startup costs once they are notified by SSA.  Prior to rollout in June 2020, the permitted entity will be required to submit the annual subscription fee for their transaction tier selected plus administrative fees as necessary, if greater than their initial 50 percent program startup costs contribution (see previous FAQ).

The annual subscription fee includes the remaining 50 percent startup costs plus other costs the agency will incur for eCBSV services.  The permitted entity will not be expected to submit any other fees beyond these noted here for their first year of enrollment. 

UPDATED 4.10 Do you have an estimate of the tier level subscriptions fees SSA will charge permitted entities for the small and expanded rollouts?

The subscription fees will be announced in a Federal Register Notice this fall. The Notice will explain the fees in detail.

4.11 If a permitted entity in the initial rollout finds over that period that its volume estimates were too high, can the permitted entity drop to a lower volume tier? If so, how? Same question for the expanded rollout.

Once a permitted entity selects a tier level in either the initial or expanded rollout, executes a reimbursable agreement, and pays the tier level fee, no refunds will be provided. Therefore, they cannot drop to a lower volume tier during any 365-day period. They can move up a tier level by starting a new agreement with a new 365-day period. They can also select a lower tier in the following year.

4.12 Do you have any general information on using pay.gov? We’re looking to see if we would use a credit card or ACH and if there is a fee involved for using the system. Any information you can offer is greatly appreciated.

General information on pay.gov can be found on their website at https://www.pay.gov/public/home. If you are selected as an initial rollout participant, SSA will connect to Pay.gov to generate a bill for you from Pay.gov. It will provide specific instructions. Credit cards will be accepted for up to $24,999.99, and ACH can be accepted for any dollar amount. There are no fees associated with using Pay.gov.

4.13 The FRN gives ranges of costs based on estimated volume tiers. Are those fee ranges for the entire transaction band or is it consistent with the transaction volume?

The estimated fee range is for the entire “transaction band”. In other words, once we finalize the fees, there will be one fee for each transaction range to include any volume within that range.

5. Current CBSV Customers
5.01 As a current CBSV enrolled company and a company who qualifies as a permitted entity, may we begin to accept electronic signatures now?
No, as a currently enrolled company in CBSV, you are not enrolled in eCBSV and are not permitted to accept electronically signed consents at this time. You must continue to adhere to all requirements in the CBSV User Agreement.
5.02 As a current CBSV enrolled company and a company who qualifies as a permitted entity, does our enrollment in the current CBSV program affect our application for eCBSV?
No, your status as a CBSV company and a company who qualifies as a permitted entity, does not affect your application for eCBSV.  SSA will consider all permitted entities for eCBSV enrollment in accordance with the process set forth in the Federal Register Notice.  You must follow the instructions as provided in the Federal Register Notice to apply for eCBSV during the upcoming enrollment period.  Companies that do not qualify as permitted entities cannot currently enroll for eCBSV. 
5.03 As a current CBSV enrolled company, what happens to our status as a CBSV enrolled company, if we are selected for the initial rollout of eCBSV in June 2020?

If you are an individual permitted entity selected for the eCBSV initial rollout in June 2020, we will terminate your CBSV User Agreement as of that date and you will no longer be a CBSV customer.  We will provide you a refund of unused CBSV funds at that time.

If you are a service provider permitted entity selected for the eCBSV initial rollout in June 2020, you may remain enrolled in CBSV to service non-permitted entities or during the initial rollout, other permitted entities beyond the 20 limited in the initial rollout.

If you are not selected for the eCBSV initial rollout, you will continue as a CBSV customer and must adhere to all requirements in the CBSV User Agreement.

5.04 We are a service provider for a handful of customers that provide SSA verifications today. Could you explain to me the difference between this new service and the existing service that we use today? Today it's an API where we pass the SSN, DOB, and name and get a yes/no/deceased response which seems to be identical to this new system. Is this new system a replacement for the one we are currently using or is there some other feature that i'm not seeing? I did not see on the site where this new service differs in any way except for new security measures.

The substantial difference between CBSV and eCBSV is that the Economic Growth, Regulatory Relief, and Consumer Protection Act, Section 215, Reducing Identity Fraud, requires SSA to confirm (or not confirm) to a "permitted entity" the validity of fraud protection data (specific information about an individual, including SSN verification) based on the individual's written consent, including by electronic signature.  An SSN verification is verification that a name, SSN, and date of birth combination matches (or does not match) our records.  The legislation requires SSA to improve our current verification system to accommodate the much larger anticipated volume of users and verifications as a result of now allowing consumer consent to be received electronically.  In addition, the Act defines permitted entities use of eCBSV for specific uses as outlined in the Act.  Therefore, for entities that do not qualify as a permitted entity, or entities who use the SSN verification for purposes outside of the Act will continue to obtain a number holder’s wet signature on the consent forms and use the current CBSV at this time.

6. Enrollment
6.01 Can you give a better sense of how many participants you expect to be in the first small group for the initial rollout?
SSA’s goal is to provide equal opportunity for any type and size of permitted entity to participate in the initial rollout, while providing the ability to test our system’s capacity and performance under controlled circumstances.  The number of permitted entities selected for the initial rollout will depend on how many permitted entities apply and their anticipated volumes.
6.02 When will SSA notify firms that are selected for the expanded rollout?
Upon completion of selection of the initial rollout group, all other permitted entities who submitted a complete application during the enrollment period will be notified of their non-selection for the initial rollout. We are anticipating that all permitted entities who submitted a complete application during the enrollment period will be invited to participate in the expanded rollout. Those permitted entities will receive an invitation in the summer of 2020 to complete their application for the expanded rollout.
6.03 Will permitted entities be selected on a first come/first served basis or are there other criteria for selection into the initial rollout?
Selections are determined based on the earliest date and time of receipt by SSA of a fully completed application from a permitted entity based on the five categories identified in the FRN. SSA will select the first permitted entities that apply in each category and that meet all requirements up to the number of entities needed in each category to provide 50 percent of the program startup costs.
6.04 If SSA chooses a permitted entity to participate in the initial rollout, but the permitted entity declines, can that permitted entity still participate in the expanded rollout?
Yes, if SSA selects a permitted entity for the initial rollout, but the permitted entity declines participation, the permitted entity will be added to the list of permitted entities invited for the expanded rollout.
6.05 For financial institutions with subsidiaries, will SSA allow different subsidiaries to apply individually or does a subsidiary need to apply at the higher financial institution level?
Financial institutions’ subsidiaries are, by definition, permitted entities under the law. Permitted entities must provide an EIN with their application. Only one application will be accepted per EIN. So if a financial institution has the same EIN as its subsidiaries, the subsidiaries must apply at the financial institution level.
6.06 Some permitted entities are both a financial institution and a service provider to financial institutions. Would SSA require that each permitted entity submit separate applications for its activities as a financial institution and as a service provider to the financial institution, or would that permitted entity be able to serve in both capacities under the single application?
A financial institution’s service provider should only submit one application. Each SSN verification request submitted by a service provider must include an identifier, so that SSA can identify transactions by each financial institution the service provider services, and to identify the service provider for their own permitted entity transactions. Remember, a service provider can only accept electronic signatures on consents for transactions when servicing a financial institution.
6.07 Who decides the amount of queries for each permitted entity in the initial rollout? SSA or the permitted entity? How are the queries prorated?
Permitted entities will select an estimated annual transaction volume. For the initial period and until the expanded rollout, permitted entity’s volumes will be limited to a quarterly (1/4) prorated amount of their estimated annual transaction volume.
6.08 Once fully implemented, is a permitted entity restricted to the amount of queries used during the initial rollout phase?
Permitted entities will enroll and sign a User Agreement for a 365-day period, which specifies their estimated annual transaction volume, whether they begin in the initial rollout or the expanded rollout. Permitted entities must stay within their assigned tier level based on the estimated volume. If a permitted entity reaches the maximum volume of their tier level, no further transactions will be processed unless the permitted entity enters into a new User Agreement with a new 365-day period and a higher tier level.
6.09 What happens if the number of queries exceed the specified limits established for any given permitted entity? How will limits be calculated/enforced? Will it be daily, weekly, monthly, or some other specified time horizon?
The eCBSV system will monitor transactions in real time, and provide an alert when a permitted entity nears their tier level transaction limit. If no action is taken by the permitted entity to establish a new tier level and user agreement, no transactions will be processed over their tier level.
6.10 If I am a company that supports financial institutions with decision management solutions, that includes the opening of new accounts, and determine that I qualify as a permitted entity, do I need to apply for eCBSV? Do I need to apply if I am not requesting the SSN verification directly from SSA?
You should apply for eCBSV if you wish to obtain SSN verifications directly from SSA.  Each SSN verification request submitted to SSA must be supported by an individual consent, including electronic consent.  If you are supporting financial institutions by obtaining information from another service provider who is already an eCBSV customer, please be aware that the other service provider may not share with you the results of its SSN verification request.
7. Initial Rollout (NEW)
7.01 Is this the final list of those selected for the initial rollout? I wasn’t on the list of companies selected. Does that mean that I am not selected for the initial rollout?

SSA has made selections for the initial rollout of eCBSV. Each company selected must complete a reimbursable agreement and pay their portion of the 50 percent program startup costs to be fully enrolled. If any company selected opts not to complete the agreement and payment, SSA will select another company to replace them in the initial rollout. Therefore, we must wait until all selected companies finalize their enrollment before we can notify you of your status. We anticipate completing the enrollments by November 2019, at such time we will send you an individual notification if you are ultimately not selected.

If you are not selected and you have received notification from us of your complete application, you will be invited to participate in the expanded rollout approximately 6 months following the initial rollout. We thank you for your continued interest.

8. Other
8.01 Is there a process or timeline available?
Yes, see below.  Please note, these are estimated dates and are subject to change.  SSA will provide selected permitted entities with the most up-to-date information.
  • June 7, 2019: Federal Register Notice published
  • July 17 – July 31, 2019: Initial enrollment period and 50 percent cost collection
  • August 2019: Industry Day including high-level draft technical requirements
  • April 2020: User agreement and eSignature requirements posted
  • May 2020: Selected permitted entities receive agreement package to submit to SSA
  • June 2020: Implementation for selected permitted entities
  • September 2020: Notification of expanded rollout
  • October – December 2020: Expanded rollout implementation
8.02 If a consumer disputes SSA’s verification response, what action should he or she take?
If the eCBSV User ensures that the data submitted to SSA matches the information provided by the consumer on the consent form, and the consumer verifies the accuracy of the consent data provided, then the eCBSV User can direct the consumer to his or her local SSA Field Office to determine the nature of the problem.
8.03 Will financial institutions’ service providers, subsidiaries, affiliates, agents, subcontractors, or assignees be able to pool and/or allocate queries across multiple financial institutions they service?
Yes, financial institutions’ service providers, subsidiaries, affiliates, agents, subcontractors, or assignees may allocate transactions any way they like. SSA will only track the number of transactions at the eCBSV User (who enters into the User Agreement with SSA) level.
8.04 Who determines if I am a permitted entity?
You must determine if you are a permitted entity.  Review all of the requirements as provided in PL 115-174, 215(b)(4), and provide a certification statement to SSA at least every two years as required by PL 115-174.  See the Eligibility tab for more details.
8.05 As a permitted entity service provider, will we be allowed to provide the eCBSV to all of our clients or just the financial institutions?
As a permitted entity, you may only use eCBSV with electronically signed consents for your approved activities as a permitted entity and for other permitted entities approved activities under PL 115-174.  You may not submit verification requests for entities that are not permitted under the definition.
8.06 Can permitted entities change their annual transaction estimates from one year to the next, or do they have to stay in the same tier or higher forever?
A permitted entity should estimate their annual transactions based on how many they anticipate requesting in the first year (365 day usage).  Every year after that, the permitted entity has the option to stay at the same tier, or go up or down in tier levels.  The only limitation imposed on a permitted entity tier level is when an entity exhausts all transactions within their year (365-day period).  In that situation, SSA requires that the permitted entity move to the next higher tier level and sign a new user agreement to continue enrollment.
8.08 What is the difference between the services provided by the eCBSV and the TIN matching program provided by the IRS? The IRS TIN matching program as outlined in Publication 2108A seems to provide similar services for TIN matching, so I am trying to determine what differences (if any) exist between the SSA and IRS services.

SSA is unable to provide you with any information regarding the IRS TIN Matching program. We can tell you that SSA is the authoritative source for the Social Security Number (SSN). eCBSV will provide SSN verifications to enrolled permitted entities. An SSN verification is verification that a name, SSN, and date of birth combination matches (or does not match) our records.

9. Technical
9.01 Is SSA planning to present information on the eCBSV system at any upcoming conferences or events?
SSA will not be presenting at any upcoming conferences or events.   However, SSA is planning an “eCBSV Industry Day” to share high-level draft technical requirements.  We anticipate holding this event in August 2019.
9.02 What sort of service level agreement does SSA envision? Will the system be available 24/7/365, or only for a certain number of hours each day?

Since we have not yet built the verification system, we cannot provide service level details at this time.  However, we anticipate providing eCBSV with the same availability or better of the existing CBSV application, which is as follows:

Day Time
Monday – Friday      5:00 AM to 1:00 AM Eastern Standard Time
Saturday 5:00 AM to 11:00 PM Eastern Standard Time
Sunday 8:00 AM to 11:30 PM Eastern Standard Time
9.03 How long will it take to get a response from the system; will it be in real-time or near real-time?
The verification system will provide a real-time response. We do not distinguish between real-time or near real-time.
9.04 How will SSN and other information be submitted for verification; will it be a website or another type of interface?
For the initial rollout in June 2020, participants will send requests via an Application Programming Interface (API).  More details regarding the API will be provided with the technical requirements.  For the expanded rollout, participants will be able to submit requests through a user interface or the API.
9.05 What data is available to set expectations around the performance of the service with respect to successfully confirming good identities and successfully refuting fraudulent/misused data?
  1. SSA’s verification of an SSN does not authenticate the identity of the individual or conclusively prove that the individual submitting the information is who he or she claims to be. SSA’s positive response on the name, date of birth, and SSN of an SSN verification only establishes that the submitted information matches the information contained in SSA’s records. The CBSV User Agreement specifically states:

    SSA’s verification of an SSN does not provide proof or confirmation of identity….CBSV does not verify employment eligibility, nor does it interface with the Department of Homeland Security’s (DHS) verification system, and it will not satisfy DHS’s I-9 requirements.

  2. SSA cannot speak to CBSV user recipients’ experience in “confirming good identities.” SSA does not collect feedback from CBSV user recipients about their success or fallout from verifying SSNs through CBSV.

9.06 Will SSA create a capability for permitted entities to test the interface to the eCBSV service in advance of the service going live?
Yes, permitted entities will have the ability to test the eCBSV interface. More details will be provided once we build the system.