[Federal Register Volume 79, Number 15 (Thursday, January 23, 2014)]
[Notices]
[Pages 3881-3882]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2014-01243]


=======================================================================
-----------------------------------------------------------------------

POSTAL SERVICE


Privacy Act of 1974; System of Records

AGENCY: Postal ServiceTM.

ACTION: Notice of modification to existing systems of records.

-----------------------------------------------------------------------

SUMMARY: The United States Postal Service[supreg] (Postal Service) is 
proposing to modify a Customer Privacy Act System of Records (SOR) to 
permit the collection and retrieval of additional categories of 
information from customers who register on usps.com. These changes will 
enable the Postal Service to verify a customer's identity online. 
Additionally, the Postal Service is amending this SOR to permit 
information in this system to be used to identify, prevent, or mitigate 
the effects of fraudulent transactions.

DATES: These revisions will become effective without further notice on 
February 24, 2014 unless comments received on or before that date 
result in a contrary determination.

ADDRESSES: Comments may be mailed or delivered to the Privacy and 
Records Office, United States Postal Service, 475 L'Enfant Plaza SW., 
Room 9517, Washington, DC 20260-1101. Copies of all written comments 
will be available at this address for public inspection and 
photocopying between 8 a.m. and 4 p.m., Monday through Friday.

FOR FURTHER INFORMATION CONTACT: Matthew J. Connolly, Chief Privacy 
Officer, Privacy and Records Office, 202-268-8582.

SUPPLEMENTARY INFORMATION: This notice is in accordance with the 
Privacy Act requirement that agencies publish their amended systems of 
records in the Federal Register when there is a revision, change, or 
addition. The Postal ServiceTM has determined that this

[[Page 3882]]

Customer Privacy Act System of Records should be revised to modify 
categories of records in the system, purpose(s), and retrievability.

I. Background

    The Postal Service Customer Registration application enables 
individual and corporate customers to conduct business online with the 
Postal Service. To date, approximately 20 million users have registered 
through the Customer Registration application. The Postal Service is 
modifying the system of records associated with this application to 
enable the Postal Service to validate the email and text message 
numbers of customers who register on usps.com. Additionally, the 
proposed modifications will enable customer-supplied information to be 
analyzed for the purposes of detecting, preventing, and mitigating 
fraudulent activity.

II. Rationale for Changes to USPS Privacy Act Systems of Records

    Currently, to register on usps.com, a customer is asked to supply 
several types of personal information, including his or her name, 
address information, phone number(s), and email address(es). Customers 
must also create a username and password which are used to authenticate 
the customer when the customer accesses his or her account. 
Additionally, customers must provide answers to two security questions 
which will be used to verify the identity of returning customers who 
have forgotten their passwords, thereby enabling them to regain access 
to their accounts.
    Customer Registration is making changes to the customer 
registration process to enhance the identity verification portion of 
the process and to provide customers with an additional option for 
accessing their accounts in the event that a customer forgets, or is 
otherwise unable to supply, his or her password. The Postal Service 
intends to ask each new and existing usps.com registrant to verify the 
email address that he or she used to create his or her account by 
responding to a communication that will be sent to the email that was 
previously supplied by the user. Customers who complete this 
verification process will be allowed to use their verified email 
address to reset their account passwords. Accordingly, the Postal 
Service is modifying the purpose of this SOR to account for these new 
uses of customer-supplied information. Because the Postal Service 
intends to establish the same verification process for text message 
numbers, the Postal Service is also modifying this SOR to include 
``text message number(s)'' among the categories of information it 
currently collects during the customer registration process.
    To protect the Postal Service and its customers from fraudulent 
activities, the Postal Service intends to analyze information received 
from the user for the purpose of detecting, preventing, and mitigating 
fraud within the Customer Registration application. Specifically, the 
Postal Service will use commercially available software to analyze 
user-supplied information for the purpose of identifying patterns of 
suspected fraudulent activity. In so doing, the Postal Service will 
obscure the original information supplied by customers when such 
information is analyzed. If the Postal Service determines that such 
activity warrants a formal criminal investigation by the Postal 
Inspection Service, then any potentially relevant information will be 
provided to the Inspection Service in its original format. Accordingly, 
amendments are being made to the purpose(s) and retrievability sections 
of the SOR.
    The Postal Service is also proposing to partner with a consumer 
credit rating company for the purpose of securely validating the 
identities of customers online, a process known as ``identity 
proofing.'' Accordingly, the Postal Service is amending this SOR to 
enable the organization to implement identity proofing for personal 
(non-business) customers who select this option. Individual (non-
business) customers who wish to validate their identities in this 
manner, and who select this option, would be required to answer 
questions submitted by a consumer credit reporting company. These 
questions would relate to the customer's history, such as past 
residences, employment, and credit data. Any answers provided by the 
customer would be sent directly to the credit reporting company. That 
company would then issue a pass/fail rating which would be sent to the 
Postal Service. The Postal Service would then store this rating in 
association with the customer's account. The pass/fail rating is the 
only information the Postal Service would store in the identity-
proofing process. Accordingly, the Postal Service is modifying this SOR 
to indicate that results of identity proofing validation would be 
stored as a record category. Identity verification using this process 
would only be a requirement for certain products and services to be 
determined by postal management.

III. Description of Changes to Systems of Records

    Pursuant to 5 U.S.C. 552a(e)(11), interested persons are invited to 
submit written data, views, or arguments on this proposal. A report of 
the proposed modifications has been sent to Congress and to the Office 
of Management and Budget for their evaluations. The Postal Service does 
not expect this amended system of records to have any adverse effect on 
individual privacy rights. The affected systems are as follows:

USPS 810.100

SYSTEM NAME: www.usps.com Registration

    Accordingly, for the reasons stated, the Postal Service proposes 
changes in the existing system of records as follows:
USPS 810.100

SYSTEM NAME:
    www.usps.com Registration

CATEGORIES OF RECORDS IN THE SYSTEM:
* * * * *
    [CHANGE TO READ]
    1. Customer information: Name; customer ID(s); company name; job 
title and role; home, business, and billing address; phone number(s) 
and fax number; email(s); URL; text message number(s) and carrier; and 
Automated Clearing House (ACH) information.
    2. Identity verification information: Question, answer, username, 
user ID, password, email address, text message number and carrier, and 
results of identity proofing validation.
* * * * *

PURPOSE:
* * * * *
    [CHANGE TO READ]
    6. To verify a customer's identity when the customer establishes, 
or attempts to access, his or her account.
    7. To identify, prevent, and mitigate the effects of fraudulent 
transactions.

RETRIEVABILITY:
    [CHANGE TO READ]
    By customer name, customer ID(s), phone number, mail, email 
address, IP address, text message number, and any customer information 
or online user information.
* * * * *

Stanley F. Mires,
Attorney, Legal Policy & Legislative Advice.
[FR Doc. 2014-01243 Filed 1-22-14; 8:45 am]
BILLING CODE 7710-12-P