Identity Verification and the Social Security Number: Is There a Future?

Posted December 5, 2017

Identity Verification and the Social Security Number: Is There a Future?

They are just nine little digits, but they have become some of the most important numbers in the digital economy – at least when it comes to identity verification.

In the U.S., the Social Security number has become the de facto national identification number for a host of activities, including transacting on the web. Think about it. How often have you been on the phone or online with a business and been asked to provide the last four digits of your SSN?

Of course, this was never its intended purpose. But, as our economy evolved, businesses searched for a way to accurately identify customers who wanted to, for example, open a new bank account. And the SSN seemed the most accurate and expedient way to achieve this. In fact, it’s a procedure that has become so commonplace, most people don’t even think twice about listing those nine numbers on a job or driver’s license application or in an online form.

And, why not. After all, the strength of this number as an identifier is that each citizen is assigned his or her own individual number, and that number stays attached to you even after your death.

It does have a weakness, and that weakness has made it vulnerable in the anonymous online world – it is a static piece of information that can easily be stolen. Based on the 1,172 data breaches in 2017 and 171,687,965 personal records exposed, there’s a very good chance your SSN is already available on the dark web.

Out with the Old

While the Social Security number has nobly served as an identifier for countless years, many experts believe it is time to look for a new alternative.

“Social Security numbers should not serve as the core of our identities,” said Todd Wilkinson, CEO of Entrust Datacard. “Our Social Security number worked for the U.S. for 50 years, but it’s no longer secure.”

Richard Smith, former CEO of Equifax, said during a recent Senate committee hearing on “Protecting Consumers in the Era of Major Data Breaches” that the social security number has “outlived” its usefulness as a way to verify user identity.

“We should consider the creation of a public-private partnership to begin a dialogue on replacing the Social Security number as the touchstone for identity verification in this country,” Smith said in his testimony.

Rip and Replace?

Along with the obvious personal and financial problems, individuals are left with few, if any, remedies when a Social Security number is stolen.

For example, if a credit card number is stolen, the bank cancels the card and issues a new number. The old number is now obsolete and can’t be used anymore.

Unfortunately, the same doesn’t apply to Social Security numbers. In fact, if your Social Security number is stolen, you can pretty much forget about getting a new one.

In 2015, it was estimated that up to 60 percent of Social Security numbers had been stolen in cyberattacks. Yet, the Social Security Administration only assigned 274 new numbers.

As the Social Security number is assigned to an individual for life, the agency has some pretty stringent guidelines when it comes to getting a new SSN.

Fraud is among the limited set of circumstances under which someone can be assigned a new number. But you have to submit proof of continuing harassment and other documents that prove who you are. Applicants for a new number must provide “current, credible, third-party evidence documenting the reasons for needing a new number,” and the agency stresses that a new card by no means guarantees a fresh start.

Designed for the Digital World

“It is time to have identity verification procedures that match the technological age in which we live,” Smith said during his testimony.

And we agree.

The digital economy needs a solution that is custom-fit for its identity verification, authentication and security requirements. It needs a solution that doesn’t rely on static information that can easily be stolen or compromised.

Digital Identities are exactly what Smith and other experts are calling for.

With a Digital Identity, businesses get a complete fraud, identity verification and authentication solution that can genuinely distinguish between trusted users and potential threats by combining all aspects of a user’s unique digital footprint. It’s a dynamic and real-time solution for the evolving digital world. And, the social security number can go back to its original purpose – helping people obtain Social Security benefits.

Alisdair Faulkner

Alisdair Faulkner

Chief Products Officer, ThreatMetrix

close btn