Getting rid of social security numbers is not the answer

It doesn’t matter what the data is, whether it’s a nine-digit number, a biometric marker or a barcode you carry with you at all times – if it’s not protected with the highest level of security available, it’s just another item for hackers to steal.

laptop theft thief
Koldunova_Anna/iStock/Thinkstock

When the nine-digit Social Security number (SSN) was first introduced in 1936, the reaction from the public was mixed. Some felt like it was too close to an identification number issued by the government, while others were wary of having some form of imaginary account number tied to their wages and taxes. The earliest known plans for the number, though, clearly stated that the SSN would not be used as an identification number.

However, through the years, the allowable legal uses for the SSN have evolved. Your number is now required documentation for things like government benefits, collecting disability or unemployment benefits, SNAP program assistance, opening a credit card or bank account, and much more. There are also “other” uses that are not necessarily legal or illegal; you can refuse to provide your SSN to be used as an identification number at your children’s school or your doctor’s office, for example, and most facilities probably won’t have an issue with that. However, a medical office can refuse to treat you without the number—citing concerns about ensuring accurate patient identification prior to commencing treatment—and there’s no legal recourse for you to fight them on it.

That means your SSN is an integral part of your overall identity, one that has become the “Holy Grail” of identity theft. Even worse, it also means that your personal identifiable information is out there, and there’s no way of knowing who has accessed it, how it’s being stored, or how many hackers may have already made off with it behind your back. With the record-setting numbers of data breaches and compromised consumer records almost every year for more than a decade, there’s an excellent chance your SSN is already in the wrong hands.

Following the recent announcement of last summer’s Equifax data breach, which compromised more than 143 million SSNs, some high-profile officials have begun calling for an end to this profound piece of information. With the knowledge that many Americans’ numbers are in harmful circulation, it might seem logical to just do away with the whole concept and find a new way to keep tabs on taxes and employment. But while their hearts might be in the right place from a safety standpoint, the proposed solution to this problem misses the mark.

Replacing the SSN as a key identifier with some other piece of data is a band-aid solution to the overall problem of data theft. The new identifier will quickly become just as sought after—and therefore, just as targeted—as the SSNs have been, and we’ll be back at square one. Instead, it’s time to take a better look at a number of factors, like data encryption tools, oversharing of personal identifiable information, mindless data gathering and failure to store that data securely, and more.

Layering our security is another vital step in protecting our data. Multi-factor authentication for our most sensitive information is a step toward locking it up, as are automatic freezes and alerts on our credit reports. Requiring authentication before a new account can be opened—with stiff penalties for creditors who don’t obtain verified permission before opening new accounts and lines of credit—would help make stolen data useless to an identity thief.

It doesn’t matter what the data is, whether it’s a nine-digit number, a biometric marker or a barcode you carry with you at all times – if it’s not protected with the highest level of security available, it’s just another item for hackers to steal. If we hope to make a dent in this multi-billion-dollar a year crime, we must do a better job protecting our data at every level.

This article is published as part of the IDG Contributor Network. Want to Join?

New! Download the State of Cybercrime 2017 report