Notice of modification to existing systems of records.
The United States Postal Service® (Postal Service) is proposing to modify a Customer Privacy Act System of Records (SOR) to permit the collection and retrieval of additional categories of information from customers who register on usps.com. These changes will enable the Postal Service to verify a customer's identity online. Additionally, the Postal Service is amending this SOR to permit information in this system to be used to identify, prevent, or mitigate the effects of fraudulent transactions.
These revisions will become effective without further notice on February 24, 2014 unless comments received on or before that date result in a contrary determination.
Comments may be mailed or delivered to the Privacy and Records Office, United States Postal Service, 475 L'Enfant Plaza SW., Room 9517, Washington, DC 20260-1101. Copies of all written comments will be available at this address for public inspection and photocopying between 8 a.m. and 4 p.m., Monday through Friday.
Start Further Info
FOR FURTHER INFORMATION CONTACT:
Matthew J. Connolly, Chief Privacy Officer, Privacy and Records Office, 202-268-8582.
End Further Info
Start Supplemental Information
This notice is in accordance with the Privacy Act requirement that agencies publish their amended systems of records in the Federal Register when there is a revision, change, or addition. The Postal ServiceTM has determined that this Start Printed Page 3882Customer Privacy Act System of Records should be revised to modify categories of records in the system, purpose(s), and retrievability.
The Postal Service Customer Registration application enables individual and corporate customers to conduct business online with the Postal Service. To date, approximately 20 million users have registered through the Customer Registration application. The Postal Service is modifying the system of records associated with this application to enable the Postal Service to validate the email and text message numbers of customers who register on usps.com. Additionally, the proposed modifications will enable customer-supplied information to be analyzed for the purposes of detecting, preventing, and mitigating fraudulent activity.
II. Rationale for Changes to USPS Privacy Act Systems of Records
Currently, to register on usps.com, a customer is asked to supply several types of personal information, including his or her name, address information, phone number(s), and email address(es). Customers must also create a username and password which are used to authenticate the customer when the customer accesses his or her account. Additionally, customers must provide answers to two security questions which will be used to verify the identity of returning customers who have forgotten their passwords, thereby enabling them to regain access to their accounts.
Customer Registration is making changes to the customer registration process to enhance the identity verification portion of the process and to provide customers with an additional option for accessing their accounts in the event that a customer forgets, or is otherwise unable to supply, his or her password. The Postal Service intends to ask each new and existing usps.com registrant to verify the email address that he or she used to create his or her account by responding to a communication that will be sent to the email that was previously supplied by the user. Customers who complete this verification process will be allowed to use their verified email address to reset their account passwords. Accordingly, the Postal Service is modifying the purpose of this SOR to account for these new uses of customer-supplied information. Because the Postal Service intends to establish the same verification process for text message numbers, the Postal Service is also modifying this SOR to include “text message number(s)” among the categories of information it currently collects during the customer registration process.
To protect the Postal Service and its customers from fraudulent activities, the Postal Service intends to analyze information received from the user for the purpose of detecting, preventing, and mitigating fraud within the Customer Registration application. Specifically, the Postal Service will use commercially available software to analyze user-supplied information for the purpose of identifying patterns of suspected fraudulent activity. In so doing, the Postal Service will obscure the original information supplied by customers when such information is analyzed. If the Postal Service determines that such activity warrants a formal criminal investigation by the Postal Inspection Service, then any potentially relevant information will be provided to the Inspection Service in its original format. Accordingly, amendments are being made to the purpose(s) and retrievability sections of the SOR.
The Postal Service is also proposing to partner with a consumer credit rating company for the purpose of securely validating the identities of customers online, a process known as “identity proofing.” Accordingly, the Postal Service is amending this SOR to enable the organization to implement identity proofing for personal (non-business) customers who select this option. Individual (non-business) customers who wish to validate their identities in this manner, and who select this option, would be required to answer questions submitted by a consumer credit reporting company. These questions would relate to the customer's history, such as past residences, employment, and credit data. Any answers provided by the customer would be sent directly to the credit reporting company. That company would then issue a pass/fail rating which would be sent to the Postal Service. The Postal Service would then store this rating in association with the customer's account. The pass/fail rating is the only information the Postal Service would store in the identity-proofing process. Accordingly, the Postal Service is modifying this SOR to indicate that results of identity proofing validation would be stored as a record category. Identity verification using this process would only be a requirement for certain products and services to be determined by postal management.
III. Description of Changes to Systems of Records
Pursuant to 5 U.S.C. 552a(e)(11), interested persons are invited to submit written data, views, or arguments on this proposal. A report of the proposed modifications has been sent to Congress and to the Office of Management and Budget for their evaluations. The Postal Service does not expect this amended system of records to have any adverse effect on individual privacy rights. The affected systems are as follows:
SYSTEM NAME: www.usps.com Registration
Accordingly, for the reasons stated, the Postal Service proposes changes in the existing system of records as follows:
CATEGORIES OF RECORDS IN THE SYSTEM:
* * * * *
[CHANGE TO READ]
1. Customer information: Name; customer ID(s); company name; job title and role; home, business, and billing address; phone number(s) and fax number; email(s); URL; text message number(s) and carrier; and Automated Clearing House (ACH) information.
2. Identity verification information: Question, answer, username, user ID, password, email address, text message number and carrier, and results of identity proofing validation.
* * * * *
* * * * *
[CHANGE TO READ]
6. To verify a customer's identity when the customer establishes, or attempts to access, his or her account.
7. To identify, prevent, and mitigate the effects of fraudulent transactions.
[CHANGE TO READ]
By customer name, customer ID(s), phone number, mail, email address, IP address, text message number, and any customer information or online user information.
* * * * *
End Supplemental Information
Stanley F. Mires,
Attorney, Legal Policy & Legislative Advice.
[FR Doc. 2014-01243 Filed 1-22-14; 8:45 am]
BILLING CODE 7710-12-P