GSA defends Login.gov fraud protections, still considering biometrics
None of the employees of America’s General Services Administration that were identified as having misled customers about the identity assurance level offered by Login.gov remain employed there, an official told U.S. lawmakers.
GSA Commissioner Sonny Hashmi defended Login.gov’s fraud prevention capabilities at a hearing held by the House Subcommittee on Government Operations and the Federal Workforce.
The service uses phone and address verification, and checks third party data and state driver’s license databases.
If it used a selfie to match the face biometrics of users, it would meet the Identity Assurance Level 2 (IAL2) set by the National Institute of Standards and Technology for remote identity verifications. GSA employees had claimed that Login.gov did meet the threshold.
The revelation that it does not did not prevent the IRS from announcing Login.gov would be used for access to taxpayer accounts, but the volume of authentications it would have been needed for did.
Officials say they are unaware of any fraud directly attributable to Login.gov’s noncompliance.
The GSA “is continuing to investigate whether biometric technology is the right thing to implement at this point,” Hashmi told House representatives.
A review of the team responsible for Login.gov has identified a need for more fraud management experts.
The GSA’s Technology Transformation Services is also planning the procurement process for Login.gov’s Next Generation Identity Proofing Solutions. The agency has issued a request for information to gather feedback on its draft requirements for the procurement.
Comments are due by April 8.