The eCBSV Product Guide: Consent Requirements

In September 2019, SentiLink was selected by the SSA to participate in the June eCBSV pilot, an electronic version of the SSA’s existing CBSV program. This new product offering presents several compelling options for risk teams in terms of preventing synthetic fraud as well as validating identities of applicants who may have been incorrectly declined or flagged by legacy KYC solutions. Over the next several weeks and through the pilot period, SentiLink will be providing learnings, insights, and updates into this new product offering.

The current CBSV program requires organizations to obtain a customer’s wet signature on a physical SSA-89 form in order to perform identity verifications against the SSA’s databases. eCBSV would streamline the process by accepting electronic consents. Both “electronic” and “consent” are defined in the SSA’s Draft User Agreement and are summarized below.

Electronic

Electronic signature is a sound, symbol, or process logically associated with a contract, as defined in Section 106 of the E-SIGN Act. Specific technology is not required to implement the signature, and viable examples include a typed name, an audio recording of consent, and checking an “I AGREE” box.

Consent

Adequate consent that clearly demonstrates intent to sign is required by the SSA in order to process eCBSV requests and can be provided as:

1) a wet-signed SSA-89 form,

2) an electronically signed SSA-89 form, or

3) part of existing customer onboarding processes.

While the first two options are rather similar to existing CBSV processes, the third gives organizations more flexibility and control over the user experience, provided they stay within SSA guidelines.

In order to incorporate eCBSV consent into existing processes, organizations must include the following text verbatim with no change to the font weight:

Authorization for the Social Security Administration to Disclose Your Social Security Number Verification. I authorize the Social Security Administration (SSA) to verify and disclose to [FINANCIAL INSTITUTION] through [SERVICE PROVIDER, their service provider, (if applicable)] for the purpose of [TRANSACTION PURPOSE] whether the name, Social Security Number (SSN) and date of birth I have submitted matches information in SSA records. My consent is for a one-time validation within the next [NUMBER OF DAYS].

Acceptable purposes include the extension of credit to a consumer, the underwriting of insurance involving the consumer, and any other circumstances described in Section 604 of the Fair Credit Reporting Act.

Organizations can either include this as another checkbox on their applications form (Option A) or as a separate screen altogether (Option B) depending on how they would like to interact with and use the service. They will also need to establish sufficient “intent to sign” (implement via language above the SUBMIT button in the examples below).

 

While incorporating eCBSV into existing onboarding processes is not frictionless, it is much more user friendly than the legacy CBSV service. Multiple consent options also offer companies more flexibility for strategic product implementation. The new program will decrease the operational burden for existing CBSV users, aid in stopping synthetic fraud, and reduce friction for some “new to credit” consumers.