Apply to the SSA eCBSV program at ssa.gov/dataexchange/eCBSV; your organization must be a permitted entity (financial institution, fintech subject to BSA/AML requirements) and pay the annual tier-based subscription fee established in April 2025.
Complete the OIDC technical specification requirements: SSA uses OAuth 2.0 and OpenID Connect to authenticate permitted entity systems; register your system's OIDC client credentials before attempting the eCBSV online registration.
Collect explicit written or electronic consent from each individual before submitting a verification request; the consent must specifically authorize verification of the individual's SSN, name, and date of birth against SSA records.
Submit a verification request to the eCBSV API with the individual's SSN, first name, last name, and date of birth; the response returns a match (Y/N), a death indicator, and an SSN issuance indicator.
Retain the consent record and the verification response as part of your identity proofing audit trail to demonstrate compliance with the eCBSV participation agreement and applicable BSA/AML requirements.
Handle the death indicator output with care: a death flag does not definitively confirm fraud but requires additional manual review before onboarding the applicant.
Known gotchas
eCBSV began enforcing a tiered annual subscription fee model in April 2025; integrations that were previously in a lower-cost pilot pricing tier must confirm their current billing tier before the new model takes effect to avoid service interruption.
Each eCBSV request must be tied to a specific, transaction-level consent record; batch verification without individual per-transaction consent violates the participation agreement even if a blanket terms-of-service consent was obtained.
eCBSV verifies only SSN, name, and date of birth combination match — it does not verify address, confirm identity document authenticity, or check for synthetic identity patterns; it must be combined with other proofing signals for IAL2-equivalent assurance.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp