Friday, July 07, 2006

Stopping Misuse of Social Security Numbers

There have been too many recent reports of Social Security numbers being stolen and possibility falling into the hands of identity thieves. While most of the Social Security numbers that have been stolen have not been used by identity thieves to open fraudulent accounts, that possibility is present.

(see Washington Post story 7/12/06)

Given the number of people who have access to our Social Security numbers, there is always the possibility that someone will gain access to the number and use it fraudulently. I doubt if it is really possible to completely protect the numbers if they can be used by criminals to open accounts and borrow money in other people's names.

The Social Security number was originally intended to be an identification used to keep social security accounts and income tax accounts. It was to be the same as a name, only without duplications. However, the social security number has become an identifier for many purposes, including credit reporting and credit accounts. Some businesses even use the social security number as a form of a password--if you know a person’s “social” you must be that person.

Attempts to keep fraudsters from learning of people's Social Security number are probably futile. The number of cases of fraudulent uses may be reduced, but not eliminated.

Apparently it is now possible to apply for and receive a credit card account on-line or by phone with only a name, address, and Social Security number. With the SSN and other publicly available information one person can obtain credit in another person’s name. The victim is then left with a bad credit record and difficulty obtaining loans or even jobs.

Perhaps a better approach would be to eliminate the use of the Social Security number as a confidential identifier for credit applications. If this is done, there would not be a need to keep the SSN confidential. We could carry social security cards in our billfolds, and we could stop worrying about theft of the numbers.

A credit application may still require the SSN to allow the credit of the applicant to be checked, but it would be no different from the applicant's name, address, phone number, and other non-confidential information. There should be no assumption that knowledge of this number is proof that a person is the person he says he is.

If a credit granter wanted to protect against fraudsters pretending to be other persons, then he could keep photographs, fingerprints, or even DNA to assist in the arrest of the applicant if the application later turned out to be fraudulent.

If a lender is liable to the victim for the cost resulting from credit card fraud, certainly the lender will be more careful to be sure that a borrower is who he says he is.