Social Security Numbers Not So Private After All

Social Security cardYour social security number should only be known to you, the government, and your employer’s Human Resources office. But did you know that social security numbers can be guessed very easily?

According to this July 2009 study Social Security numbers represent one of the great security risks in American culture today. That is because social security numbers have become almost ubiquitous as unique identifiers for American citizens. But Social Security numbers were never intended to be used to manage private, secure information. According to the report:

The predictability of Social Security numbers is an unexpected consequence of seemingly unrelated policies and technological developments that, in combination, make Social Security numbers obsolete for authentication purposes, according to Acquisti and Gross. Because many businesses use Social Security numbers as passwords or for other forms of authentication — a use not anticipated when Social Security was devised in the 1930s — the predictability of the numbers increases the risk of identity theft. ID theft cost Americans almost $50 billion in 2007 alone. The Social Security Administration could mitigate this vulnerability by assigning numbers to people based on a randomized scheme, but ultimately an alternative means of authenticating identities must be adopted, the authors conclude.

Between 8 and 10 million Americans’ identities are stolen every year. This problem becomes worse as more Americans join the Social Security system, although Social Security numbers are not the only reasons why consumer identities are stolen.

Simply filling out a credit application at your local mall may result in someone at the store selling a copy of your information to a friend or a black market identity broker. Once your private information is in the hands of criminals they systematically open up new credit accounts in your name and incur many debts that ruin your credit record.

To fight identity theft many retailers are now switching to paperless credit applications. The data is transmitted securely to closely monitored computer networks but even these may still be vulnerable to hacking attacks. It is best to not share details about where and when you were born on the Internet. Too many people are trying to find that information and if 1 in 40 Americans are victimized this way each year, it’s not a matter of “IF” your identity will be stolen but “WHEN”.