Georgia Tech Procurement Assistance Center

  • Home
  • About Us
  • Training
    • Class Registration
    • On-demand Training
  • Useful Links
  • Team Directory
    • Albany Counselor
    • Atlanta Counselors
    • Augusta Counselor
    • Carrollton Counselor
    • Columbus Counselor
    • Gainesville Counselor
    • Savannah Counselor
    • Warner Robins Counselor
  • Directions
    • Atlanta – Training Facility
    • Atlanta – Office
    • Albany
    • Augusta
    • Carrollton
    • Columbus
    • Gainesville
    • Savannah
    • Warner Robins
  • New Client Application
  • Contact Us

Tips for surviving compromise of government’s vendor database

March 26, 2018 By Nancy Cleveland

If your business is registered in the System for Award Management (SAM) – or you plan to register – there are some things you need to do NOW to protect your data security.

On March 22, 2018, the General Services Administration (GSA), the federal agency that oversees SAM’s operation, reported an “active investigation” is being conducted into alleged, third party fraudulent activity involving SAM.  GSA says it is in the process of notifying those that may have been impacted and has indicated that it will deactivate “any entity registrations that appeared to have been affected.”  GSA further stated that the deactivated “entities are being advised to validate their registration information in SAM, particularly their financial information and points of contact.”

GSA’s recent statements may have implications for all businesses, institutions, and individuals registered in SAM.  The Georgia Tech Procurement Assistance Center (GTPAC) is providing the following advice to all clients.

What To Do If You Are Already Registered in SAM

The Georgia Tech Procurement Assistance Center recommends that if your business is registered in SAM, you take the following actions:

  1. With your User Name and Password, log into your SAM account at https://www.sam.gov and navigate to the Financial Information page. There, you will find your Electronic Funds Transfer (EFT) information.  This is where you inserted your bank Routing Number and your bank Account Number as a part of the SAM registration process.  Check these numbers to make sure they are correct and have not been changed.  If you discover banking information other than your own, it is possible that federal contract payments have been or will be made to a bank other than yours.  If these numbers have been changed, this is evidence that your account has been compromised, and you should report this immediately to the Federal Service Desk at www.fsd.gov, or by telephone at 866-606-8220 (toll free) or 334-206-7828 (internationally).

    Screenshot of Financial Information page in SAM database.
  2. While you are logged-in to SAM, you also should check your Taxpayer Identification Number (TIN). Your TIN is a 9-digit Employer Identification Number (EIN) that SAM uses to uniquely identify your business, and it is validated by the Internal Revenue Service (IRS) as a part of your initial registration in SAM.  If you discover that your TIN/EIN has been changed, you should report this immediately to the Federal Service Desk at www.fsd.gov, or by telephone at 866-606-8220 (toll free) or 334-206-7828 (internationally).

    Screenshot of Taxpayer Identification page in SAM database.
  3. Important note: If you used your Social Security Number (SSN) as your EIN when you set up your account, now is a good time to obtain an EIN and insert it into SAM instead of your SSN. You can apply for and obtain an EIN on-line at: https://www.irs.gov/businesses/small-businesses-self-employed/apply-for-an-employer-identification-number-ein-online.
  4. Remember, as a SAM registrant, you are required to change your password every 180 days. In addition, you must update and renew your SAM registration annually.  You are responsible for ensuring that your information is current and correct in SAM at all times.
What To Do If You Are Not Yet Registered in SAM
  1. Both current and potential government vendors are required to register in SAM — located at https://www.sam.gov — in order to be awarded contracts by the federal government and receive contract payments. Vendors are required to complete a registration to provide basic information relevant to procurement and financial transactions. Vendors must update or renew their registration annually to maintain an active status.
  2. SAM is a public database that allows federal agencies and other contractors to search for your company based on your ability, size, location, experience, ownership, and more. (Banking information is not available in public searches.)  In addition, SAM now incorporates the Online Representations and Certifications Application (ORCA) system where the vendor provides required information about the firm (e.g., accounting procedures, travel policies, etc.) and verifies that the firm meets certain federal requirements (e.g., complies with equal employment opportunity legislation).
  3. SAM validates the vendor’s information and electronically shares encrypted data with the federal agencies’ finance offices to facilitate contract payments.
  4. Because of suspected fraudulent activity, GSA has added a step to the registration process for new SAM enrollees. You must now mail an original, signed notarized letter identifying the authorized Entity Administrator for the entity associated with your company’s DUNS number before a new SAM entity registration will be activated.
  5. This notarized letter needs to:
  • Be on your company/organization letterhead
  • Be signed by your company President, CEO, or other authorized signature authority
  • Contain your company/organization DUNS Number
  • Contain your company/organization Legal Business Name (as associated with the DUNS Number)
  • Contain your company/organization physical address (as associated with the DUNS Number)
  • Contain the new Entity Administrator’s name, phone number, address, and email address
  • Contain the following statement above the signature block of your letter with the appropriate information inserted where noted:

“The purpose of this notarized letter is to designate [insert name of Entity Administrator] as Entity Administrator for [insert Legal Business Name]. I, [insert Name and Title of signatory], hereby confirm that [insert name of Entity Administrator] is an authorized officer, agent, or representative of [insert entity Legal Business Name, or, for individuals representing themselves, say him/herself]. This letter will authorize [insert name of Entity Administrator] to have access to the System for Award Management (SAM). SAM is a computer system managed by the U.S. Government, and it is only accessible by individuals who are either authorized to represent a particular entity, or by individuals representing themselves. Accessing or using SAM, or information contained therein, for any unauthorized or illegal purposes, may have civil and criminal penalties, and may negatively impact the status of the SAM registration maintained on this entity. I, the below-signed, attest to the accuracy of all information contained in this letter.”

  1. To help you comply with the notarized letter requirement, GTPAC has created a template for new SAM registrants to use. It is available at: http://gtpac.org/wp-content/uploads/2018/03/SAM_Notary_Letter_Template_v1_GTPAC_03.23.2018.docx.

Update: GSA has prepared a template for preparation of the notarized letter.  The template is available here: SAM_Notary_Letter_Template_4.12.18_GSA_version

7. You must mail the original letter signed by the Notary to:

FEDERAL SERVICE DESK

ATTN: SAM.GOV REGISTRATION PROCESSING

100 CAPITOL COMMERCE BLVD STE 309

MONTGOMERY, AL 36117-4260

Address Update:

FEDERAL SERVICE DESK

ATTN: ​SAM.GOV​ REGISTRATION PROCESSING

460 INDUSTRIAL BLVD

LONDON, KY 40741-7285

UNITED STATES OF AMERICA

Final Words of Advice

Remember, there is no cost to register in SAM — it is free.  If your business is located in Georgia, assistance with the SAM registration process is available at no cost.  To locate a GTPAC counselor, see our team’s directory at: http://gtpac.org/team-directory.

Businesses located outside the state of Georgia may contact the Procurement Technical Assistance Center (PTAC) in their state.  A directory is at: http://www.aptac-us.org/find-a-ptac.

For more tips about the SAM registration process, read: http://gtpac.org/sam-gov-registration-is-free-and-help-with-sam-is-free-too.

 

Filed Under: Contracting Tips Tagged With: data breach, DSBS, FAPIIS, FEMA registration, fraud, free instruction, free SAM assistance, free SAM help, free SAM registration, hack, past performance, PPIRS, PTAC, SAM, SAM registration, sam.gov, scam, System for Award Management, vendor database, vendor registration

Recent Posts

  • Contractors must update EEO poster
  • SBA scorecard shows federal government continues to prioritize small business contracting
  • The risk of organizational conflicts of interest
  • The gap widens between COFC and GAO on late is late rule
  • OMB releases guidance related to small business goals

Popular Topics

8(a) abuse Army bid protest budget budget cuts certification construction contract awards contracting opportunities cybersecurity DoD DOJ False Claims Act FAR federal contracting federal contracts fraud GAO Georgia Tech government contracting government contract training government trends GSA GSA Schedule GTPAC HUBZone innovation IT Justice Dept. marketing NDAA OMB SBA SDVOSB set-aside small business small business goals spending subcontracting technology VA veteran owned business VOSB wosb

Contracting News

SBA scorecard shows federal government continues to prioritize small business contracting

OMB releases guidance related to small business goals

OMB issues guidance on impact of injunction on government contractor vaccine mandate

Changes coming to DOD’s Cybersecurity Maturity Model Certification under CMMC 2.0

Judge issues nationwide injunction halting enforcement of COVID-19 vaccine mandate

Read More

Contracting Tips

Contractors must update EEO poster

The risk of organizational conflicts of interest

The gap widens between COFC and GAO on late is late rule

Are verbal agreements good enough for government contractors?

CMMC 2.0 simplifies requirements but raises risks for government contractors

Read More

GTPAC News

VA direct access program events in 2022

Sandia National Laboratories seeks small business suppliers

Navy OSBP hosting DCAA overview (part 2) event Jan. 12, 2022

Navy OSBP hosting cybersecurity “ask me anything” event Dec. 16th

State of Georgia hosting supplier systems training on January 26, 2022

Read More

Georgia Tech News

Undergraduate enrollment growth reflects inclusive excellence

Georgia Tech delivers $4 billion in economic impact to the State of Georgia

Georgia Tech awards first round of seed grants to support team-based research

Georgia Tech announces inaugural Associate Vice President of Corporate Engagement

DoD funds Georgia Tech to enhance U.S. hypersonics capabilities

Read More

  • SAM.gov registration is free, and help with SAM is free, too
APTAC RSS Twitter GTPAC - 30th Year of Service

Copyright © 2023 · Georgia Tech - Enterprise Innovation Institute