Bureau of the Public Debt, Fiscal Service, Treasury.
TreasuryDirect is an account-based, book-entry, online system for purchasing, holding, and conducting transactions in Treasury securities. An account owner currently accesses his or her account using a password to authenticate the account owner's identity. Treasury is now introducing additional customer-based authentication mechanisms for accessing accounts. This final rule provides Treasury the flexibility to require additional methods of authentication for the protection of customer accounts. Treasury is also strengthening its ability to respond to attempted fraud and abuse of TreasuryDirect. Currently, Treasury has the authority to close any account. This rule explicitly permits Treasury to liquidate the securities held in the account to be closed and pay the proceeds to the person entitled.
Effective: June 5, 2007.
ADDRESSES:Start Further Info
FOR FURTHER INFORMATION CONTACT:
Elisha Whipkey, Director, Division of Program Administration, Office of Securities Operations, Bureau of the Public Debt, at (304) 480-6319 or email@example.com.
Susan Sharp, Attorney-Adviser, Dean Adams, Assistant Chief Counsel, Edward Gronseth, Deputy Chief Counsel, Office of the Chief Counsel, Bureau of the Public Debt, at (304) 480-8692 or firstname.lastname@example.org.End Further Info End Preamble Start Supplemental Information
Treasury is committed to protecting its TreasuryDirect investors from potential losses through authentication of the investor at account access. Authentication is the process of ensuring that the person accessing his or her account is the same as the person whose identity was initially verified at account establishment. Authentication methods involve something that the user knows (such as a password), something that the user has (such as a gridcard), or something that the user is (such as a fingerprint). Multifactor authentication consists of requiring two or more methods of authentication to access an account. To date, Treasury has used single factor authentication, requiring passwords and other information that an account holder knows to conduct transactions in TreasuryDirect. Treasury now intends to introduce technology that uses multifactor authentication, which is more reliable and difficult to compromise than single factor authentication. Through this final rule, Treasury will have the flexibility to introduce additional methods of authentication for TreasuryDirect users to ensure that their accounts remain secure.
In addition, Treasury is strengthening its ability to respond to attempted fraud Start Printed Page 30978and abuse of TreasuryDirect. Treasury has the authority to refuse to open an account, to close any existing account, to suspend transactions in an account or any security held in an account, and to take any other action with regard to an account that we deem necessary, if it is not inconsistent with existing law and rights. This rule clarifies Treasury's authority to close an account, by specifically including the authority to liquidate securities held in an account to be closed and pay the proceeds to the person entitled.
This final rule also clarifies certain terms that we have used in the past. We have used the term “authentication service” to refer to the verification of the identity of the account owner at account establishment through a verification service; we have used the term “authentication” to refer to the confirmation of the identity of an account owner when accessing his or her account. We will now use the term “verification” to refer to confirmation of the identity of the account owner at account establishment; we will use the term “authentication” to refer to confirmation of the identity of the account owner when accessing his or her account after account establishment.
Because it provides multifactor authentication for transactions in TreasuryDirect accounts, this authentication enhancement has significant benefits for both investors and the government. Increasing from single to multifactor authentication will help protect investors from losses in their TreasuryDirect accounts due to identity theft and fraud. This rule will benefit the government by increasing investor confidence in the security of online transactions in the TreasuryDirect system.
This final rule does not meet the criteria for a “significant regulatory action” as defined in Executive Order 12866. Therefore, a regulatory assessment is not required.
Because this final rule relates to matters of public contract and procedures for United States securities, notice and public procedure and delayed effective date requirements are inapplicable, pursuant to 5 U.S.C. 553(a)(2).
As no notice of proposed rulemaking is required, the Regulatory Flexibility Act (5 U.S.C. 601 et seq.) does not apply.
We ask for no new collections of information in this final rule. Therefore, the Paperwork Reduction Act (44 U.S.C. 3507) does not apply.Start List of Subjects
List of Subjects in 31 CFR Part 363End List of Subjects Start Amendment Part
Accordingly, for the reasons set out in the preamble, 31 CFR Chapter II, Subchapter B, is amended as follows:End Amendment Part Start Part
PART 363—REGULATIONS GOVERNING SECURITIES HELD IN TREASURYDIRECTEnd Part Start Amendment Part
1. The authority citation for part 363 continues to read as follows:End Amendment Part Start Amendment Part
2. Amend § 363.6 by:End Amendment Part Start Amendment Part
a. Removing the definition of “Authentication service”;End Amendment Part Start Amendment Part
b. adding the definitions of “Authentication,” “Verification,” and “Verification service” to read in alphabetical order as follows:End Amendment Part
Authentication means confirming that the person accessing a TreasuryDirect account is the same person whose identity was initially verified at account establishment.
Verification means confirming the identity of an online applicant for a TreasuryDirect account at account establishment using a verification service.
Verification service means a public or private service that confirms the identity of an online applicant for a TreasuryDirect account at account establishment using information provided by the applicant.
3. Amend § 363.13 by revising the final sentence and adding a sentence at the end of the section, to read as follows:End Amendment Part
* * * We will verify your identity and send your account number to you by e-mail when your account application is approved. In addition to your password, we may require you to use any other form(s) of authentication that we consider necessary for the protection of your account.
4. Revise § 363.14 to read as follows:End Amendment Part
We may use a verification service to verify your identity using information you provide about yourself on the online application. At our option, we may require offline verification.
5. Amend § 363.15 by revising the heading and the first sentence to read as follows:End Amendment Part
In the event we require offline verification, we will provide a printable verification form. * * *
6. Revise § 363.16 to read as follows:End Amendment Part
You may access your account online using your account number, password, and any other form(s) of authentication that we may require.
7. Revise § 363.17 to read as follows:End Amendment Part
You are solely responsible for the confidentiality and use of your account number, password, and any other form(s) of authentication we may require. We will treat any transactions conducted using your password as having been authorized by you. We are not liable for any loss, liability, cost, or expense that you may incur as a result of transactions made using your password.
8. Revise § 363.19 to read as follows:End Amendment Part
If you become aware that your password has become compromised, that any other form of authentication has been compromised, lost, stolen, or misused, or that there have been any unauthorized transactions in your account, you may place a hold on your account so that it cannot be accessed by anyone, and you should notify us immediately by e-mail or telephone. Contact information is available on the TreasuryDirect Web site.
9. Amend § 363.29 by revising paragraph (b) to read as follows:End Amendment Part
(b) Close any existing account, redeem, sell, or liquidate the securities held in the account, and pay the proceeds to the person entitled;
Kenneth E. Carfine,
Fiscal Assistant Secretary.
[FR Doc. 07-2744 Filed 6-4-07; 8:45 am]
BILLING CODE 4810-39-P