As of September 2, 2016, accessing the myCGS portal is a bit more complicated. To improve security, CMS instituted two new protocols to make sure that you are who you say you are: Multi-Factor Authentication and Remote Identity Proofing. Read on to learn best practices and determine how these changes impact your access and use of the portal.
Multi-Factor Authentication
Multi Factor Authentication (MFA) restricts access to a secure system by requiring not only a username and password but also the use of a one-time, six digit code sent to that user. CMS requires users to register devices to receive the security code via an app, text, email, computer or phone system. During the logon process, users will be sent a one-time use code to a registered device of choice.
This extra security measure is becoming more commonplace in the tech market and is often utilized by banking institutions. The added security measure will delay the logon process as users will have to wait for the code to be sent, received, and then entered into the logon screen before proceeding to the site.
Users have been instructed to login to the EIDM platform to setup device preferences. If you choose to use your computer or mobile device, you will need to download free software from Symantec. However, text, voice and email options do not require additional software. Approvers, authorized officials and back-up authorized officials need to ensure they setup the MFA for their account to prevent issues with end user accounts. CGS recommends using the PC or mobile device option as a first choice (which requires the Symantec application), but only if the device is not a shared device. Text is the next fastest option, and email takes the longest to secure your validation code. If you do not have unlimited texting, charges may apply from your cell phone carrier.
Remote Identity Proofing
Also effective September 2, 2016, CMS now requires all first-time users accessing CMS systems (dBids, myCGS, HETS, etc.) to provide a higher level of personal authentication through Remote Identity Proofing (RIDP). New employees registering for the myCGS portal for the first time will likely be the first to experience this process. After creating a User ID, the individual will have to verify personal data that only the individual would likely know. CMS is using Experian data systems to authenticate identities. You may have experienced this process when requesting your annual credit report or when signing up for credit cards.
CMS will be leveraging the same software through Experian, but will not have access to the source data or any of the answers the user may provide. This authentication process will not in any way affect an individual’s credit score. Users will be asked several questions that may relate to prior addresses, their date of birth, social security numbers, phone numbers, credit card affiliations, and car or mortgage loan details. It is critical to fact check any unknown answer before submitting responses. If the user fails the authentication, it will significantly delay access to the system. This will likely force the user to complete a paper process or to resolve the authentication discrepancy with Experian prior to moving forward. Please urge your staff to use caution and advise them to not “guess” at answers. Questions will be asked based on what Experian has on file.
It may be advisable to secure an annual credit report as guaranteed by the federal government through www.annualcreditreport.com or call 877-322-8228, prior to starting the authentication. This is a free, annual service guaranteed to all consumers. The annual credit report allows users to secure copies of their reports from the three major credit reporting entities: TransUnion, Equifax and Experian. With identity theft so rampant, everyone should check their personal reports at least annually and then report errors as they are identified.
These actions were taken by CMS to help protect valuable Medicare data from security breaches. If you want to learn more about protecting your business and customers from cyber threats, download our newest on-demand training course, DME Security: Keep Current Without Breaking the Bank.
Multi Factor Authentication (MFA) restricts access to a secure system by requiring not only a username and password but also the use of a one-time, six digit code sent to that user. CMS requires users to register devices to receive the security code via an app, text, email, computer or phone system. During the logon process, users will be sent a one-time use code to a registered device of choice.
This extra security measure is becoming more commonplace in the tech market and is often utilized by banking institutions. The added security measure will delay the logon process as users will have to wait for the code to be sent, received, and then entered into the logon screen before proceeding to the site.
Users have been instructed to login to the EIDM platform to setup device preferences. If you choose to use your computer or mobile device, you will need to download free software from Symantec. However, text, voice and email options do not require additional software. Approvers, authorized officials and back-up authorized officials need to ensure they setup the MFA for their account to prevent issues with end user accounts. CGS recommends using the PC or mobile device option as a first choice (which requires the Symantec application), but only if the device is not a shared device. Text is the next fastest option, and email takes the longest to secure your validation code. If you do not have unlimited texting, charges may apply from your cell phone carrier.
Remote Identity Proofing
Also effective September 2, 2016, CMS now requires all first-time users accessing CMS systems (dBids, myCGS, HETS, etc.) to provide a higher level of personal authentication through Remote Identity Proofing (RIDP). New employees registering for the myCGS portal for the first time will likely be the first to experience this process. After creating a User ID, the individual will have to verify personal data that only the individual would likely know. CMS is using Experian data systems to authenticate identities. You may have experienced this process when requesting your annual credit report or when signing up for credit cards.
CMS will be leveraging the same software through Experian, but will not have access to the source data or any of the answers the user may provide. This authentication process will not in any way affect an individual’s credit score. Users will be asked several questions that may relate to prior addresses, their date of birth, social security numbers, phone numbers, credit card affiliations, and car or mortgage loan details. It is critical to fact check any unknown answer before submitting responses. If the user fails the authentication, it will significantly delay access to the system. This will likely force the user to complete a paper process or to resolve the authentication discrepancy with Experian prior to moving forward. Please urge your staff to use caution and advise them to not “guess” at answers. Questions will be asked based on what Experian has on file.
It may be advisable to secure an annual credit report as guaranteed by the federal government through www.annualcreditreport.com or call 877-322-8228, prior to starting the authentication. This is a free, annual service guaranteed to all consumers. The annual credit report allows users to secure copies of their reports from the three major credit reporting entities: TransUnion, Equifax and Experian. With identity theft so rampant, everyone should check their personal reports at least annually and then report errors as they are identified.
These actions were taken by CMS to help protect valuable Medicare data from security breaches. If you want to learn more about protecting your business and customers from cyber threats, download our newest on-demand training course, DME Security: Keep Current Without Breaking the Bank.