Blog

The Failure of Social Security Numbers

socialsecuritynumbersblog

As I’ve been out and about talking to people about our solution to protect credit card numbers, the topic of protecting social security numbers has come up several times.

The recent spike in tax fraud and the theft of millions of government employee records has given the problem of social security number theft a new urgency.

When I was first asked about this, I joked that I’d tackle that one with my next company. But after a while, I started thinking about what was wrong with social security numbers, what a mess we’ve gotten ourselves into by relying on them, and how it could be fixed.

We’ve all known for quite some time that credit card numbers are too easy to steal, and that motivated hackers and thieves were finding countless ways to break into systems and grab that information.

The only relatively good thing is that a credit card number can be replaced. It’s a hassle and it’s costly to banks and merchants, but we’ve all cycled through enough cards to know that it’s not the end of the world.

Social Security Numbers are a nightmare by comparison.  As far as the government is concerned, and credit agencies, and insurance companies, and employers, this one number is your identity.

Yeah, a New Social Security Number

The government has a process to replace your social security number if it’s stolen, and it’s relatively straight forward.  It requires proving your identity with supporting documentation and then filing out some paperwork.

Assuming you can prove who you are (in person or through a notary), you’ll have a new number in a couple of weeks.

Ok, so you’ve got a new number. Now what?

Have you been keeping track of which organizations track you buy your social security number?  Do you know how many of these places have a process in place to update your number, and what type of documentation they require to make this type of change?

How many months will it take to wade through request forms for bank accounts, credit cards, credit agencies, schools, insurance companies, doctor’s offices, stock brokers, employers, 401k accounts, car loans, home loans, etc.?

And once it’s updated, tomorrow’s data breach is just going to use your new number to steal your identity, and the cycle starts over…

SSN Requests like Payments

Part of the solution is to start thinking of social security numbers in a different way than we’re used to.  Instead of thinking that the number itself is important, we should think about the transactions that we allow people to do with this number.

With a credit card purchase, you want to give a specific merchant permission to make an approved funds request from your bank.  

With your SSN, you want to give a merchant or agency permission to make an identity request from the government, for a specific purpose.

You might give someone permission to access information about you, like your credit report, your tax return, or your medical records. Or you might give permission to report about you, such as your wages or loan payment status.

When you give permission to make an identity request, you want to be sure that the request can only be made by the person you approve, and it can’t later be stolen and used by someone else to falsely identify themselves as you.

For example, if I give permission to Bob’s Used Cars to check my credit report one time when I apply for a loan.  Bob should not be able to file my tax return.

For the same reason that generating dynamic card numbers for each merchant prevents credit card theft, a similar approach could generate a “Virtual Social Security Number” for each one-time request.

The government in this case acts like a bank, generating temporary numbers and approving these requests.

If a request is made from a different person, or for a different purpose, it is blocked.  So Bob can approve my loan, but not file my tax return.

The Wheels on the Bus

All of this is an interesting thought exercise, but it would take a monumental effort for the government, credit agencies and thousands of merchants and lenders to change their process in such a significant manner.

But, we might be close to a point where the wheels are about to fall off the bus, and the Chip Shield (Social Security Edition) might be just the thing we all need to get the bus on the road again.

2 Comments Published

P P-H Jun 13, 2016 Reply

Two questions:
1. Are you aware of the credit freeze process? doesn’t this minimize the credit fraud consequences of someone(unauthorized) trying to establish credit using your ssn ? or has credit freeze been circumvented by businesses no longer using credit agencies like equifax, transunion or experian?

2. i signed up for early access to the card reader. will i get a coupon in the email response?

David Marsyla, CEO Chip Shield Jun 26, 2016 Reply

Freezing your credit report is definitely the best way to stop someone from applying for credit using your SSN. It won’t stop someone filing a tax return under your name (which actually happened to one of the guys on the team this year).

We have all of the signup information in our database and will be sending updates soon and letting everyone know when the first devices are available.

We should have the fist batches out in August.

Leave a Comment