[Federal Register: June 5, 2007 (Volume 72, Number 107)]
[Rules and Regulations]
[Page 30977-30978]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr05jn07-11]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF THE TREASURY
Fiscal Service
31 CFR Part 363
Regulations Governing Securities Held in TreasuryDirect
AGENCY: Bureau of the Public Debt, Fiscal Service, Treasury.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: TreasuryDirect is an account-based, book-entry, online system
for purchasing, holding, and conducting transactions in Treasury
securities. An account owner currently accesses his or her account
using a password to authenticate the account owner's identity. Treasury
is now introducing additional customer-based authentication mechanisms
for accessing accounts. This final rule provides Treasury the
flexibility to require additional methods of authentication for the
protection of customer accounts. Treasury is also strengthening its
ability to respond to attempted fraud and abuse of TreasuryDirect.
Currently, Treasury has the authority to close any account. This rule
explicitly permits Treasury to liquidate the securities held in the
account to be closed and pay the proceeds to the person entitled.
DATES: Effective: June 5, 2007.
ADDRESSES: You can download this final rule at the following Internet
addresses: http://www.publicdebt.treas.gov or http://www.gpoaccess.gov/ecfr
.
FOR FURTHER INFORMATION CONTACT:
Elisha Whipkey, Director, Division of Program Administration, Office of
Securities Operations, Bureau of the Public Debt, at (304) 480-6319 or
elisha.whipkey@bpd.treas.gov.
Susan Sharp, Attorney-Adviser, Dean Adams, Assistant Chief Counsel,
Edward Gronseth, Deputy Chief Counsel, Office of the Chief Counsel,
Bureau of the Public Debt, at (304) 480-8692 or
susan.sharp@bpd.treas.gov.
SUPPLEMENTARY INFORMATION: Treasury is committed to protecting its
TreasuryDirect investors from potential losses through authentication
of the investor at account access. Authentication is the process of
ensuring that the person accessing his or her account is the same as
the person whose identity was initially verified at account
establishment. Authentication methods involve something that the user
knows (such as a password), something that the user has (such as a
gridcard), or something that the user is (such as a fingerprint).
Multifactor authentication consists of requiring two or more methods of
authentication to access an account. To date, Treasury has used single
factor authentication, requiring passwords and other information that
an account holder knows to conduct transactions in TreasuryDirect.
Treasury now intends to introduce technology that uses multifactor
authentication, which is more reliable and difficult to compromise than
single factor authentication. Through this final rule, Treasury will
have the flexibility to introduce additional methods of authentication
for TreasuryDirect users to ensure that their accounts remain secure.
In addition, Treasury is strengthening its ability to respond to
attempted fraud
[[Page 30978]]
and abuse of TreasuryDirect. Treasury has the authority to refuse to
open an account, to close any existing account, to suspend transactions
in an account or any security held in an account, and to take any other
action with regard to an account that we deem necessary, if it is not
inconsistent with existing law and rights. This rule clarifies
Treasury's authority to close an account, by specifically including the
authority to liquidate securities held in an account to be closed and
pay the proceeds to the person entitled.
This final rule also clarifies certain terms that we have used in
the past. We have used the term ``authentication service'' to refer to
the verification of the identity of the account owner at account
establishment through a verification service; we have used the term
``authentication'' to refer to the confirmation of the identity of an
account owner when accessing his or her account. We will now use the
term ``verification'' to refer to confirmation of the identity of the
account owner at account establishment; we will use the term
``authentication'' to refer to confirmation of the identity of the
account owner when accessing his or her account after account
establishment.
Because it provides multifactor authentication for transactions in
TreasuryDirect accounts, this authentication enhancement has
significant benefits for both investors and the government. Increasing
from single to multifactor authentication will help protect investors
from losses in their TreasuryDirect accounts due to identity theft and
fraud. This rule will benefit the government by increasing investor
confidence in the security of online transactions in the TreasuryDirect
system.
Procedural Requirements
This final rule does not meet the criteria for a ``significant
regulatory action'' as defined in Executive Order 12866. Therefore, a
regulatory assessment is not required.
Because this final rule relates to matters of public contract and
procedures for United States securities, notice and public procedure
and delayed effective date requirements are inapplicable, pursuant to 5
U.S.C. 553(a)(2).
As no notice of proposed rulemaking is required, the Regulatory
Flexibility Act (5 U.S.C. 601 et seq.) does not apply.
We ask for no new collections of information in this final rule.
Therefore, the Paperwork Reduction Act (44 U.S.C. 3507) does not apply.
List of Subjects in 31 CFR Part 363
Bonds, Electronic funds transfer, Federal Reserve system,
Government securities, Securities.
0
Accordingly, for the reasons set out in the preamble, 31 CFR Chapter
II, Subchapter B, is amended as follows:
PART 363--REGULATIONS GOVERNING SECURITIES HELD IN TREASURYDIRECT
0
1. The authority citation for part 363 continues to read as follows:
Authority: 5 U.S.C. 301; 12 U.S.C. 391; 31 U.S.C. 3102, et seq.;
31 U.S.C. 3121, et seq.
0
2. Amend Sec. 363.6 by:
0
a. Removing the definition of ``Authentication service'';
0
b. adding the definitions of ``Authentication,'' ``Verification,'' and
``Verification service'' to read in alphabetical order as follows:
Sec. 363.6 What special terms do I need to know to understand this
part?
Authentication means confirming that the person accessing a
TreasuryDirect account is the same person whose identity was initially
verified at account establishment.
* * * * *
Verification means confirming the identity of an online applicant
for a TreasuryDirect account at account establishment using a
verification service.
Verification service means a public or private service that
confirms the identity of an online applicant for a TreasuryDirect
account at account establishment using information provided by the
applicant.
* * * * *
0
3. Amend Sec. 363.13 by revising the final sentence and adding a
sentence at the end of the section, to read as follows:
Sec. 363.13 How can I open a TreasuryDirect [supreg] account?
* * * We will verify your identity and send your account number to
you by e-mail when your account application is approved. In addition to
your password, we may require you to use any other form(s) of
authentication that we consider necessary for the protection of your
account.
0
4. Revise Sec. 363.14 to read as follows:
Sec. 363.14 How will you verify my identity?
We may use a verification service to verify your identity using
information you provide about yourself on the online application. At
our option, we may require offline verification.
0
5. Amend Sec. 363.15 by revising the heading and the first sentence to
read as follows:
Sec. 363.15 What is the procedure for offline verification?
In the event we require offline verification, we will provide a
printable verification form. * * *
0
6. Revise Sec. 363.16 to read as follows:
Sec. 363.16 How do I access my account?
You may access your account online using your account number,
password, and any other form(s) of authentication that we may require.
0
7. Revise Sec. 363.17 to read as follows:
Sec. 363.17 Who is liable if someone else accesses my TreasuryDirect
[reg] account using my password?
You are solely responsible for the confidentiality and use of your
account number, password, and any other form(s) of authentication we
may require. We will treat any transactions conducted using your
password as having been authorized by you. We are not liable for any
loss, liability, cost, or expense that you may incur as a result of
transactions made using your password.
0
8. Revise Sec. 363.19 to read as follows:
Sec. 363.19 What should I do if I become aware that my password or
other form of authentication has become compromised?
If you become aware that your password has become compromised, that
any other form of authentication has been compromised, lost, stolen, or
misused, or that there have been any unauthorized transactions in your
account, you may place a hold on your account so that it cannot be
accessed by anyone, and you should notify us immediately by e-mail or
telephone. Contact information is available on the TreasuryDirect Web
site.
0
9. Amend Sec. 363.29 by revising paragraph (b) to read as follows:
Sec. 363.29 May Treasury close an account, suspend transactions in an
account, or refuse to open an account?
* * * * *
(b) Close any existing account, redeem, sell, or liquidate the
securities held in the account, and pay the proceeds to the person
entitled;
* * * * *
Kenneth E. Carfine,
Fiscal Assistant Secretary.
[FR Doc. 07-2744 Filed 6-4-07; 8:45 am]
BILLING CODE 4810-39-P