[Federal Register Volume 72, Number 107 (Tuesday, June 5, 2007)]
[Rules and Regulations]
[Pages 30977-30978]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 07-2744]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Fiscal Service

31 CFR Part 363


Regulations Governing Securities Held in TreasuryDirect

AGENCY: Bureau of the Public Debt, Fiscal Service, Treasury.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: TreasuryDirect is an account-based, book-entry, online system 
for purchasing, holding, and conducting transactions in Treasury 
securities. An account owner currently accesses his or her account 
using a password to authenticate the account owner's identity. Treasury 
is now introducing additional customer-based authentication mechanisms 
for accessing accounts. This final rule provides Treasury the 
flexibility to require additional methods of authentication for the 
protection of customer accounts. Treasury is also strengthening its 
ability to respond to attempted fraud and abuse of TreasuryDirect. 
Currently, Treasury has the authority to close any account. This rule 
explicitly permits Treasury to liquidate the securities held in the 
account to be closed and pay the proceeds to the person entitled.

DATES: Effective: June 5, 2007.

ADDRESSES: You can download this final rule at the following Internet 
addresses: http://www.publicdebt.treas.gov or http://www.gpoaccess.gov/ecfr.

FOR FURTHER INFORMATION CONTACT:

Elisha Whipkey, Director, Division of Program Administration, Office of 
Securities Operations, Bureau of the Public Debt, at (304) 480-6319 or 
[email protected].
Susan Sharp, Attorney-Adviser, Dean Adams, Assistant Chief Counsel, 
Edward Gronseth, Deputy Chief Counsel, Office of the Chief Counsel, 
Bureau of the Public Debt, at (304) 480-8692 or 
[email protected].

SUPPLEMENTARY INFORMATION: Treasury is committed to protecting its 
TreasuryDirect investors from potential losses through authentication 
of the investor at account access. Authentication is the process of 
ensuring that the person accessing his or her account is the same as 
the person whose identity was initially verified at account 
establishment. Authentication methods involve something that the user 
knows (such as a password), something that the user has (such as a 
gridcard), or something that the user is (such as a fingerprint). 
Multifactor authentication consists of requiring two or more methods of 
authentication to access an account. To date, Treasury has used single 
factor authentication, requiring passwords and other information that 
an account holder knows to conduct transactions in TreasuryDirect. 
Treasury now intends to introduce technology that uses multifactor 
authentication, which is more reliable and difficult to compromise than 
single factor authentication. Through this final rule, Treasury will 
have the flexibility to introduce additional methods of authentication 
for TreasuryDirect users to ensure that their accounts remain secure.
    In addition, Treasury is strengthening its ability to respond to 
attempted fraud

[[Page 30978]]

and abuse of TreasuryDirect. Treasury has the authority to refuse to 
open an account, to close any existing account, to suspend transactions 
in an account or any security held in an account, and to take any other 
action with regard to an account that we deem necessary, if it is not 
inconsistent with existing law and rights. This rule clarifies 
Treasury's authority to close an account, by specifically including the 
authority to liquidate securities held in an account to be closed and 
pay the proceeds to the person entitled.
    This final rule also clarifies certain terms that we have used in 
the past. We have used the term ``authentication service'' to refer to 
the verification of the identity of the account owner at account 
establishment through a verification service; we have used the term 
``authentication'' to refer to the confirmation of the identity of an 
account owner when accessing his or her account. We will now use the 
term ``verification'' to refer to confirmation of the identity of the 
account owner at account establishment; we will use the term 
``authentication'' to refer to confirmation of the identity of the 
account owner when accessing his or her account after account 
establishment.
    Because it provides multifactor authentication for transactions in 
TreasuryDirect accounts, this authentication enhancement has 
significant benefits for both investors and the government. Increasing 
from single to multifactor authentication will help protect investors 
from losses in their TreasuryDirect accounts due to identity theft and 
fraud. This rule will benefit the government by increasing investor 
confidence in the security of online transactions in the TreasuryDirect 
system.

Procedural Requirements

    This final rule does not meet the criteria for a ``significant 
regulatory action'' as defined in Executive Order 12866. Therefore, a 
regulatory assessment is not required.
    Because this final rule relates to matters of public contract and 
procedures for United States securities, notice and public procedure 
and delayed effective date requirements are inapplicable, pursuant to 5 
U.S.C. 553(a)(2).
    As no notice of proposed rulemaking is required, the Regulatory 
Flexibility Act (5 U.S.C. 601 et seq.) does not apply.
    We ask for no new collections of information in this final rule. 
Therefore, the Paperwork Reduction Act (44 U.S.C. 3507) does not apply.

List of Subjects in 31 CFR Part 363

    Bonds, Electronic funds transfer, Federal Reserve system, 
Government securities, Securities.

0
Accordingly, for the reasons set out in the preamble, 31 CFR Chapter 
II, Subchapter B, is amended as follows:

PART 363--REGULATIONS GOVERNING SECURITIES HELD IN TREASURYDIRECT

0
1. The authority citation for part 363 continues to read as follows:

    Authority: 5 U.S.C. 301; 12 U.S.C. 391; 31 U.S.C. 3102, et seq.; 
31 U.S.C. 3121, et seq.


0
2. Amend Sec.  363.6 by:
0
a. Removing the definition of ``Authentication service'';
0
b. adding the definitions of ``Authentication,'' ``Verification,'' and 
``Verification service'' to read in alphabetical order as follows:


Sec.  363.6  What special terms do I need to know to understand this 
part?

    Authentication means confirming that the person accessing a 
TreasuryDirect account is the same person whose identity was initially 
verified at account establishment.
* * * * *
    Verification means confirming the identity of an online applicant 
for a TreasuryDirect account at account establishment using a 
verification service.
    Verification service means a public or private service that 
confirms the identity of an online applicant for a TreasuryDirect 
account at account establishment using information provided by the 
applicant.
* * * * *

0
3. Amend Sec.  363.13 by revising the final sentence and adding a 
sentence at the end of the section, to read as follows:


Sec.  363.13  How can I open a TreasuryDirect [supreg] account?

    * * * We will verify your identity and send your account number to 
you by e-mail when your account application is approved. In addition to 
your password, we may require you to use any other form(s) of 
authentication that we consider necessary for the protection of your 
account.


0
4. Revise Sec.  363.14 to read as follows:


Sec.  363.14  How will you verify my identity?

    We may use a verification service to verify your identity using 
information you provide about yourself on the online application. At 
our option, we may require offline verification.


0
5. Amend Sec.  363.15 by revising the heading and the first sentence to 
read as follows:


Sec.  363.15  What is the procedure for offline verification?

    In the event we require offline verification, we will provide a 
printable verification form. * * *


0
6. Revise Sec.  363.16 to read as follows:


Sec.  363.16  How do I access my account?

    You may access your account online using your account number, 
password, and any other form(s) of authentication that we may require.


0
7. Revise Sec.  363.17 to read as follows:


Sec.  363.17  Who is liable if someone else accesses my TreasuryDirect 
[reg] account using my password?

    You are solely responsible for the confidentiality and use of your 
account number, password, and any other form(s) of authentication we 
may require. We will treat any transactions conducted using your 
password as having been authorized by you. We are not liable for any 
loss, liability, cost, or expense that you may incur as a result of 
transactions made using your password.


0
8. Revise Sec.  363.19 to read as follows:


Sec.  363.19  What should I do if I become aware that my password or 
other form of authentication has become compromised?

    If you become aware that your password has become compromised, that 
any other form of authentication has been compromised, lost, stolen, or 
misused, or that there have been any unauthorized transactions in your 
account, you may place a hold on your account so that it cannot be 
accessed by anyone, and you should notify us immediately by e-mail or 
telephone. Contact information is available on the TreasuryDirect Web 
site.


0
9. Amend Sec.  363.29 by revising paragraph (b) to read as follows:


Sec.  363.29  May Treasury close an account, suspend transactions in an 
account, or refuse to open an account?

* * * * *
    (b) Close any existing account, redeem, sell, or liquidate the 
securities held in the account, and pay the proceeds to the person 
entitled;
* * * * *

Kenneth E. Carfine,
Fiscal Assistant Secretary.
[FR Doc. 07-2744 Filed 6-4-07; 8:45 am]
BILLING CODE 4810-39-P