Statement of Marianna LaCanfora,
Acting Deputy Commissioner for Retirement And Disability Policy
Social Security Administration
Testimony before the House Committee on Ways and Mean, Subcommittee on Social Security
and Committee on Oversight and Government Reform, Subcommittee on Information Technology

May 23, 2017

Chairman Johnson, Chairman Hurd, Ranking Member Larson, Ranking Member Kelly, and Members of the Subcommittees:

Thank you for inviting me to discuss the history of the Social Security number (SSN), how the Social Security Administration (SSA) uses it to administer its benefit programs, and recent efforts to reduce the number’s use. I am Marianna LaCanfora, Acting Deputy Commissioner for Retirement and Disability Policy.

Our Programs

I want to begin by pointing out the unique role of the SSN for Social Security. We designed the SSN and SSN card in 1936 to allow employers to uniquely identify, and accurately report, an individual’s earnings covered under the new Social Security program. Today, over 80 years since the program’s inception, we have issued around 500 million unique numbers to eligible individuals.

The SSN continues to be essential to how we maintain records for our programs; without it, we could not carry out our mission. We use the number to administer the Old-Age, Survivors, and Disability Insurance program, commonly referred to as “Social Security,” which includes retirement, survivors, and disability insurance. We also use the number to administer the Supplemental Security Income (SSI) program, which provides monthly payments to people with limited income and resources who are aged, blind, or disabled.

On average, each month we pay Social Security benefits to approximately 62 million individuals, consisting of 42 million retired workers and 3 million of their spouses and children; 9 million workers with disabilities and 2 million dependents; and 6 million surviving widows and widowers, children, and other dependents of deceased workers. During fiscal year (FY) 2017, we expect to pay more than $940 billion to Social Security beneficiaries. Additionally, in FY 2017, we expect to pay nearly $55 billion in Federal benefits to a monthly average of approximately 8 million SSI recipients.

History of the SSN

When the Social Security program was enacted under the Social Security Act of 1935 (Act), the Act did not mandate the use of SSNs. However, the Act did authorize the creation of some type of record-keeping system. A 1936 Treasury Regulation provided that employees covered by the new program must apply to SSA for account numbers.

There is a rich history surrounding the development of the SSN. In brief, those responsible for implementing the new Social Security program understood that properly crediting earnings to the correct individual would be critical to the program’s success. The agency could not use names alone to ensure accurate reporting; therefore, the agency designed the nine-digit SSN. The SSN allows employers to report workers’ covered earnings accurately, and ensures that we can determine eligibility for benefits and pay the correct benefit amount. If we cannot properly record a worker’s earnings, he or she may not qualify for Social Security benefits or the amount of benefits paid may be incorrect.

We also developed the SSN card, which shows the SSN we assigned to a particular individual, and assists employers in properly reporting earnings. It is important to note that the SSN card was never intended, nor does it serve, as a personal identification document. Although we have made many changes over the years to make the card counterfeit-resistant and continue to work to strengthen its security, we encourage agencies and the public to minimize the use of SSN cards whenever possible. To this end, we continue to expand electronic verification of the number with our Federal and State partners to reduce unnecessary use of the card and provide better service to the public. I will discuss these verifications in more detail shortly.

SSN Assignment

In the 1930s, and for many years thereafter, we assigned SSNs and issued cards based solely on the applicant’s allegation of name, date of birth, and other personal information. We required no documentation to verify that information. Today, we use a robust application process requiring SSN applicants to submit evidence of age, identity, and United States citizenship or current work-authorized immigration status. In most cases, individuals (other than newborns) must come into a Social Security field office or Card Center to apply for an SSN and card. We require an in-person interview of all applicants age 12 or older. During the interview, we attempt to locate a prior SSN to help ensure that we do not assign an SSN to an individual assuming a false identity. We verify the birth records for United States citizens requesting an original card and the immigration documents presented by noncitizens requesting original or replacement cards.

Assigning SSNs and issuing SSN cards has always been one of our most significant workloads. In FY 2016, we assigned over 6 million original SSNs and issued nearly 11 million replacement SSN cards.

Expansion of SSN Use for Other Purposes

A confluence of factors led to the expanded use of the SSN over time. The universality and ready availability of the number made the SSN an incredibly convenient means of identifying people in other large systems of records. In 1943, for example, Executive Order 9397 required Federal agencies to use the SSN in any new system for identifying individuals. Then, beginning in the 1960s, SSN use expanded quickly due to advances in computer technology as government agencies and private organizations began using automated data processing and record keeping.

In 1961, the Federal Civil Service Commission began using the SSN as the identification number for all Federal employees. The next year, the Internal Revenue Service (IRS) began using the number as its taxpayer identification number. In 1967, the Department of Defense adopted the SSN as the service number for military personnel. At the same time, use of the SSN for computer and other accounting systems spread throughout State and local governments, to banks, credit bureaus, hospitals, educational institutions, and other parts of the private sector.

In the 1970s, Congress enacted legislation requiring an SSN to receive assistance under the Aid to Families with Dependent Children program (succeeded by Temporary Assistance for Needy Families), Medicaid, and food stamps. Additional legislation authorized States to use the SSN in the administration of tax, general public assistance, driver's license, or motor vehicle registration laws within their jurisdiction. In the 1980s and 1990s, legislation required the use of the SSN in employment eligibility verification and military draft registration, among other things. The 1996 welfare reform law required the SSN to be recorded in a broad array of records—including applications for professional licenses, marriage licenses, divorce decrees, support orders, and paternity determinations—to improve child support enforcement.

SSN Verifications

As use of the SSN has expanded, so have our workloads relating to the SSN. For example, we routinely receive requests to verify the SSN in computer matching activities with other Federal and State agencies to reduce or prevent improper payments and to ensure better program integrity. We also provide SSN verifications to employers to ensure accurate wage reporting, and to private entities with consent of the SSN holder in certain circumstances. To help manage this work, and ensure it does not affect other critical workloads, we work with entities to process these requests electronically through automated data exchanges. In FY 2016, we performed over 2 billion automated SSN verifications for such varied purposes as the Department of Homeland Security’s (DHS) E-Verify program, health care programs, voter registration and drivers’ licensing, and many other government programs. Our robust verification and data exchange program, coupled with government agencies’ increasing provision of online services, may, in time, drastically reduce the need for the SSN card.

Efforts to Reduce the Use of the SSN

As the agency responsible for assigning SSNs and issuing SSN cards, we are particularly aware of the harm SSN misuse can cause members of the public. Thus, we are always looking for opportunities to increase the protection of the SSN. In the early 2000s, we began taking steps to remove or truncate the SSN where possible. For example:

  • 2001—Annual Notice Workloads. We removed the full SSN from two of our largest annual notice workloads—the Social Security Statements and Social Security Cost of Living Adjustment (COLA) notices. These notices typically account for about a third of the notices we send our beneficiaries each year. On the Statement, we began displaying the last four digits of the SSN. On Social Security COLA notice, we began displaying a Beneficiary Notice Code (BNC). The BNC is an encrypted 13-character alphanumeric code that helps our employees identify the notice and the beneficiary, and further eliminates the need to include the SSN.

  • 2004—Benefit Checks. We worked with the Department of the Treasury to remove the SSN from all Social Security and SSI benefit checks. Instead of the SSN, Treasury began including a check number assigned during payment processing.

  • 2006—President’s Identity Theft Task Force Recommendations. In September 2006, OMB released a memorandum highlighting the recommendations from the President’s Identity Theft Task Force report. Pursuant to the report recommendations, we formed the SSN Best Practices Collaborative, which included representatives from 36 Federal departments and agencies and met regularly in 2007 to explore, develop, and share best practices for reducing reliance on SSNs. The Collaborative formed a subcommittee, chaired by the IRS, and comprising agencies that handle high volumes of SSNs and personally identifiable information (PII), such as the Department of Defense, Department of Veterans Affairs, DHS, and the Centers for Medicare and Medicaid Services (CMS). We also established a clearinghouse on a bulletin board website in July 2007 that highlighted best practices for reducing the unnecessary use and display of the SSN, as well as contacts for specific programs and initiatives. While the website is no longer available, at the time over 25 agencies were registered to use it.

OMB May 2007 Memorandum

When OMB issued its May 2007 memo (M-07-16) requiring agencies to review their use of SSNs and eliminate any unnecessary uses, we immediately took a broader look at our use of the SSN, not only in Social Security programs, but also in our internal personnel practices. We recognized that, although Social Security programs rely on the necessary use of the SSN, our personnel processes could likely be refined to reduce superfluous uses of the number. Through this effort, we found opportunities to discontinue the use of the SSN in our personnel records and implemented various changes beginning in 2007, including:

  • Time and Attendance System. We now only use an employee’s SSN when we initially enter it into the system.

  • Training. The sign-in process for our national Interactive Video training previously required employees to use their SSNs to log on to the system.

  • Labor Relations Grievance Tracking. The new system uses a combination of name and locator, rather than SSN.

  • Employee Assistance Program. We created a new application that uses the SSN only to assign a case number, which we use throughout the process.

  • Equal Employment Opportunity (EEO) Complaints. The new system masks the SSN.

We recognize there may be opportunities for us to further reduce the use of the SSN in personnel records and will continue to pursue this in the future.

We also limited our use of the SSN in other systems, such as our performance appraisal systems and forms, (e.g., the Performance Assessment and Communication System, or PACS), and in 2015, we eliminated the use of the SSN in the form used to process employee requests for systems access (SSA-120). Furthermore, we continue to work closely with other Federal agencies to remove or eliminate the SSN from their documents when possible. For example, we are currently supporting CMS’ efforts to remove the SSN from the Medicare Card, as required by the Medicare Access and CHIP Reauthorization Act of 2015 (P.L. 114-10). We also participate in ongoing discussions with IRS on its efforts to allow for truncation of SSNs on employee copies of Forms W-2, as part of the Protecting Americans from Tax Hikes (PATH) Act of 2015, (P.L. No. 114-113, div. Q, title IV, 129 Stat. 2242).

The SSN on Social Security Notices

As noted above, the SSN is integral to all our internal business processes. We must use it to administer our programs and serve over 60 million Social Security beneficiaries and 8 million SSI recipients. Historically, including the SSN on notices has ensured that our front line technicians can quickly identify notices and respond to beneficiary inquiries. In 2015, we mailed approximately 352 million notices (with nearly two-thirds containing an SSN).1 On average, we sent just over three notices containing an SSN per beneficiary and recipient per year.

Of the 233 million notices containing SSNs, approximately 64 million are Annual Benefit Statements (Form SSA-1099/1042) required by statute (Internal Revenue Code section 6050F) for tax purposes. The remaining notices comprise over 1,000 different notice types, including but not limited to award and denial notices, appeals, claims development, and many kinds of post-entitlement notices. The latter make up the bulk of our small volume notices, and relate to changes in benefits, overpayments, and certain cost of living notices. Other categories of notices include Medicare and earnings notices.

Our notice infrastructure is complex, and we draft every notice we issue to respond to an individual’s unique circumstances. There are approximately 60 programmatic applications that generate notices. A majority of these automated systems send their notices through our Target Notice Architecture for formatting. The Target Notice Architecture uses language snippets referred to as Universal Text Identifiers (UTIs) to build customized notices. These UTIs contain static language and dynamic place holders that allow for customized language, such as name, address and SSN, to be inserted into the notice for each individual.

Despite the complexities of our notices and related systems infrastructure, we continue to look proactively for opportunities to safeguard the SSN in our beneficiary notices.

Removing the SSN from Agency Notices

We take seriously public concerns related to mailing documents that include the SSN. Therefore, in 2015, we convened an intra-agency workgroup to analyze options for removing the SSN from all agency notices. Based on our review, we concluded the best option would be to replace the SSN with the BNC—the identifier we now use on the Social Security COLA notice. The BNC will allow us to identify the notice and respond to inquiries quickly—just as the SSN has. As part of our IT modernization efforts, we will begin to modernize communications (notices and mailings) in 2018. As we modify notices, or develop new ones, we will put only the BNC on such notices.

In concert with CMS’ efforts to remove the SSN from Medicare Cards, next year we plan to replace the SSN with the BNC on benefit verifications letters, which account for approximately 11 million notices. We also plan to replace the SSN with the BNC on certain notices to appointed representatives and on Social Security post-entitlement notices, which account for approximately 2.6 million and 28 million notices, respectively.


We take great care to protect the integrity of the SSN and the PII of our beneficiaries. We have committed to removing the SSN from our notices on a flow basis. Thank you for the opportunity to describe our efforts regarding these very important issues. I will be happy to answer any questions.


1 We do not routinely capture information related to notices with SSNs. The agency’s 2015 intra-agency workgroup developed these estimates.