Identity Verification: GSA Needs to Address Fraud Threats and Technical Issues

Jimmc4141 pts0 comments

Identity Verification: GSA Needs to Address Fraud Threats and Technical Issues | U.S. GAO

Skip to main content

GAO-26-109261

Published: Jul 15, 2026. Publicly Released: Jul 15, 2026.

Jump To:

Elder Abuse

Services for Older Adults

State and Local-Level Drivers and Trends

State and Local Fiscal Projections

Federal Borrowing

Managing the Debt

Summary of Funding Provisions

Summary of FYs 2022-2024 Funds

Status of FYs 2022-2024 Funds

Implementation of FYs 2022-2023 Projects

Previous Tracking the Funds Reports

Auditing the Government's Books

Unpacking the Financial Report

Highlights

Recommendations

Background

About This Work

About This Work

Topics

Trends

About the Center

Why It's High Risk

What Remains To Be Done

Key Reports

Newest COVID-Related Reports

AI Use Cases

Flood Insurance

Past Pandemic-Related Reports

CARES Act Oversight Reports

All COVID-19 Reports

Report Suspected Fraud

Subjects

How to Get Notified

Past Reports

Public Health Threats

Explore the FY 2022 and 2023 Funds

Status of FY22 Projects

Lessons Learned

Agency Reports

Recent Reports

Recommendations

Supplemental Material

Full Report

Additional Data

View Decision

Downloads

Previously Identified Actions

Related Pages

Associated Agencies

Tough Choices and Opportunities Ahead

Americas Fiscal Future Key Areas

Retirement Security Key Areas

Current List

About The High Risk List

Area Ratings

Previous High Risk Products

Search Federal Vacancies

Past Federal Vacancies

Violation Letters

About the Yellow Book

Related Resources

Comment Letters

Related Publications

Contacts and Resources

Types of Changes

Listing of Key Changes

Major Issues Facing the Nation

Meeting Strategic Challenges

Additional Resources

About the Green Book

Resources

Advisory Council

Mission Teams

Operations and Staff Offices

Organization Chart

Why a Career at GAO?

Am I Qualified?

Company Culture

Reasonable Accommodations

Video Gallery

Paid Internships

Student Volunteers

Professional Development Program

Advancement

Executive Candidate Program

Summer Associates

Externships

Benefits

Contacts

Priority Open Recommendation Letters

Key Resources

Major Issues

Downloadable Resources

How Could Federal Debt Affect You?

GAO Contacts

Drivers

Interest

Sustainability

What Needs to Be Done?

Technology Assessments

Science & Tech Spotlights

Artificial Intelligence (AI)-Related Reports

Performance Audits

Blogs

Multimedia

Podcasts

Videos

Career Highlights

Tribute Videos & Statements

Testimonies

Presentations

Forums & Roundtables

Fast Facts

We testified on identity verification and the General Services Administration’s Login.gov platform.

Our testimony, given before the House Oversight Subcommittee on Government Operations, is based on:

Identity Verification: GSA Should Demonstrate Its Implementation of Polices for Testing Data Backups on Login.gov

Identity Verification: GSA Needs to Address NIST Guidance, Technical Issues, and Lessons Learned

Data Breaches: Range of Consumer Risks Highlights Limitations of Identity Theft Services

We also discuss recommendations we’ve made.

A photo of the U.S. Capitol building with the text, GAO Testimony to Congress

Skip to Highlights

Highlights

What GAO Found

The proliferation of cyberattacks on federal agencies and other organizations has led to an increased risk of stolen personally identifiable information (PII) being used to commit fraud. For example, malicious actors have used the information to fraudulently obtain government benefits and commit tax fraud, among other things. The Social Security Administration has reported that personal information of beneficiaries has been used to fraudulently redirect the beneficiary’s direct deposit benefits. Stolen PII also increases risks for financial fraud, such as fraudulent credit card applications. In this type of fraud, thieves use identifying data, such as Social Security numbers and driver’s license numbers, to open new financial accounts without a person’s knowledge. These types of attacks can result in financial loss and damage to the reputation of federal agencies and financial institutions.

To ensure that individuals accessing government services, benefits, and other resources are the individuals they claim to be, federal agencies use a variety of identity verification processes. To suppport these efforts, the General Services Adiministration (GSA) established Login.gov as a government-wide identity verification service. Login.gov uses a non-biometric, three-step process to verify an individual’s identity. In addition, to protect users’ PII, Login.gov uses security measures such as encryption, access restrictions, and monitoring capabilities.

GAO previously reported challenges in GSA’s implementation of Login.gov. These challenges involved:

ensuring that Login.gov data was backed up regularly to prevent data loss,

aligning Login.gov with federal digital...

reports identity federal login verification fraud

Related Articles