With a new mandate to stop sending Social Security Numbers (SSNs) through the mail unless absolutely necessary, the Social Security Administration (SSA) issued a request for information (RFI) for a solution to replace them with a tokenization solution. Vendors have until February 1 to submit their responses.
In response to the Social Security Number Fraud Prevention Act of 2017, SSA is looking to vendors to see if an existing solution can help them comply with the law.
The agency noted that any solution must be able to support cloud and mainframe, allow for multiple keys, allow for key management, and make sure the tokenized value does not go beyond 13 digits. The token must also be unique and able to handle 1,391 notices per second.
Moving from the must-haves to the wants, SSA is looking for a solution that can be converted back to an SSN in perpetuity by the agency, even if the vendor relationship ends. SSA is also requesting that the “tokenization process is open and available for inspection so that the agency can ensure that the tokenized value is always unique.”