Identity Verification: GSA Needs to Address Fraud Threats and Technical Issues | U.S. GAO
Skip to main content
GAO-26-109261
Published: Jul 15, 2026. Publicly Released: Jul 15, 2026.
Jump To:
Elder Abuse
Services for Older Adults
State and Local-Level Drivers and Trends
State and Local Fiscal Projections
Federal Borrowing
Managing the Debt
Summary of Funding Provisions
Summary of FYs 2022-2024 Funds
Status of FYs 2022-2024 Funds
Implementation of FYs 2022-2023 Projects
Previous Tracking the Funds Reports
Auditing the Government's Books
Unpacking the Financial Report
Highlights
Recommendations
Background
About This Work
About This Work
Topics
Trends
About the Center
Why It's High Risk
What Remains To Be Done
Key Reports
Newest COVID-Related Reports
AI Use Cases
Flood Insurance
Past Pandemic-Related Reports
CARES Act Oversight Reports
All COVID-19 Reports
Report Suspected Fraud
Subjects
How to Get Notified
Past Reports
Public Health Threats
Explore the FY 2022 and 2023 Funds
Status of FY22 Projects
Lessons Learned
Agency Reports
Recent Reports
Recommendations
Supplemental Material
Full Report
Additional Data
View Decision
Downloads
Previously Identified Actions
Related Pages
Associated Agencies
Tough Choices and Opportunities Ahead
Americas Fiscal Future Key Areas
Retirement Security Key Areas
Current List
About The High Risk List
Area Ratings
Previous High Risk Products
Search Federal Vacancies
Past Federal Vacancies
Violation Letters
About the Yellow Book
Related Resources
Comment Letters
Related Publications
Contacts and Resources
Types of Changes
Listing of Key Changes
Major Issues Facing the Nation
Meeting Strategic Challenges
Additional Resources
About the Green Book
Resources
Advisory Council
Mission Teams
Operations and Staff Offices
Organization Chart
Why a Career at GAO?
Am I Qualified?
Company Culture
Reasonable Accommodations
Video Gallery
Paid Internships
Student Volunteers
Professional Development Program
Advancement
Executive Candidate Program
Summer Associates
Externships
Benefits
Contacts
Priority Open Recommendation Letters
Key Resources
Major Issues
Downloadable Resources
How Could Federal Debt Affect You?
GAO Contacts
Drivers
Interest
Sustainability
What Needs to Be Done?
Technology Assessments
Science & Tech Spotlights
Artificial Intelligence (AI)-Related Reports
Performance Audits
Blogs
Multimedia
Podcasts
Videos
Career Highlights
Tribute Videos & Statements
Testimonies
Presentations
Forums & Roundtables
Fast Facts
We testified on identity verification and the General Services Administration’s Login.gov platform.
Our testimony, given before the House Oversight Subcommittee on Government Operations, is based on:
Identity Verification: GSA Should Demonstrate Its Implementation of Polices for Testing Data Backups on Login.gov
Identity Verification: GSA Needs to Address NIST Guidance, Technical Issues, and Lessons Learned
Data Breaches: Range of Consumer Risks Highlights Limitations of Identity Theft Services
We also discuss recommendations we’ve made.
A photo of the U.S. Capitol building with the text, GAO Testimony to Congress
Skip to Highlights
Highlights
What GAO Found
The proliferation of cyberattacks on federal agencies and other organizations has led to an increased risk of stolen personally identifiable information (PII) being used to commit fraud. For example, malicious actors have used the information to fraudulently obtain government benefits and commit tax fraud, among other things. The Social Security Administration has reported that personal information of beneficiaries has been used to fraudulently redirect the beneficiary’s direct deposit benefits. Stolen PII also increases risks for financial fraud, such as fraudulent credit card applications. In this type of fraud, thieves use identifying data, such as Social Security numbers and driver’s license numbers, to open new financial accounts without a person’s knowledge. These types of attacks can result in financial loss and damage to the reputation of federal agencies and financial institutions.
To ensure that individuals accessing government services, benefits, and other resources are the individuals they claim to be, federal agencies use a variety of identity verification processes. To suppport these efforts, the General Services Adiministration (GSA) established Login.gov as a government-wide identity verification service. Login.gov uses a non-biometric, three-step process to verify an individual’s identity. In addition, to protect users’ PII, Login.gov uses security measures such as encryption, access restrictions, and monitoring capabilities.
GAO previously reported challenges in GSA’s implementation of Login.gov. These challenges involved:
ensuring that Login.gov data was backed up regularly to prevent data loss,
aligning Login.gov with federal digital...