Driver's License Security: Federal Leadership Needed to Address Remaining Vulnerabilities

Obtaining a driver’s license under another’s identity can enable criminals to commit various crimes. The 9/11 terrorists, for example, possessed fraudulent licenses. The REAL ID Act sets minimum standards for states when verifying license applicants’ identity, which go into effect in January 2013. If states do not meet these requirements, their licenses will not be accepted for official purposes such as boarding commercial aircraft. The Department of Homeland Security (DHS) is responsible for establishing how states may certify compliance and for determining compliance. The Social Security Administration (SSA) helps states verify Social Security numbers (SSNs). The U.S. Government Accountability Office (GAO) was asked to examine (1) states’ identity verification procedures for license applicants, (2) the procedures’ effectiveness in addressing fraud, and (3) how federal agencies have helped states enhance procedures. To verify license applicants’ identity, all 50 states and the District of Columbia have procedures that may detect counterfeit documents. For example, all states are now verifying key personal information, such as SSNs through online queries to an SSA database, a significant increase from about a decade ago. This effort helps ensure that the identity information presented belongs to a valid identity and also is not associated with a deceased person. Additionally, most states verify non-citizen applicants’ immigration documents with the DHS to ensure these individuals have lawful status in the United States. Many states are also using facial recognition techniques to better detect attempts to obtain a license under another’s identity. While most states have taken steps required by the REAL ID Act of 2005 (Act), officials in some states indicated that they may not comply with certain provisions—such as re-verifying SSNs for license renewals—because of state laws or concerns that these requirements are unnecessary and burdensome. State officials interviewed by GAO report that identity verification procedures have been effective at combating certain kinds of fraud, but vulnerabilities remain. Officials in most of the 11 states GAO contacted reported a decline in the use of counterfeit identity documents, and officials in states using facial recognition said they detected a number of identity theft attempts. However, criminals can still steal the identity of someone in one state and use it to get a license in another because states lack the capacity to consistently detect such cross-state fraud. A system for addressing such fraud would enable states to comply with the Act’s prohibition against issuing licenses to individuals who already have a license from another state, but may not be fully operational until 2023. Furthermore, officials in many states said they have difficulties detecting forged birth certificates. Verifying date of birth is also required by the Act, and a system exists for doing so, but no licensing agencies are using it because of concerns about incomplete data, among other reasons. Partly because these two systems are not fully operational, GAO investigators were able to use counterfeit out-of-state drivers’ licenses and birth certificates to fraudulently obtain licenses in three states. By improving their respective verification systems, SSA and DHS have helped states enhance their identity verification procedures. For example, SSA has established timeliness goals for responding to state SSN queries and DHS has addressed data accuracy issues. DHS has also provided funding for states to develop new systems. However, DHS has not always provided timely, comprehensive, or proactive guidance to help states implement provisions of the Act related to identity verification. For example, DHS did not issue formal, written guidance in this area for more than 4 years after issuing final regulations, even though officials from most states GAO interviewed said they needed such guidance. Additionally, even though relevant national systems are not yet fully operational, DHS has no plans to promote certain alternatives states can use to comply with the Act’s identity verification requirements and combat cross-state and birth certificate fraud. Officials in some states indicated they needed direction from DHS in this area. GAO recommends that DHS work with partners to take interim actions to help states address cross-state and birth certificate fraud.


  • English

Media Info

  • Media Type: Web
  • Features: Appendices; Figures; Tables;
  • Pagination: 47p

Subject/Index Terms

Filing Info

  • Accession Number: 01447531
  • Record Type: Publication
  • Report/Paper Numbers: GAO-12-893
  • Files: TRIS
  • Created Date: Sep 27 2012 1:54PM