• United States



Getting rid of social security numbers is not the answer

Oct 31, 20174 mins
Data and Information SecurityHackingIdentity Management Solutions

It doesn’t matter what the data is, whether it’s a nine-digit number, a biometric marker or a barcode you carry with you at all times – if it’s not protected with the highest level of security available, it’s just another item for hackers to steal.

laptop theft thief
Credit: Koldunova_Anna/iStock/Thinkstock

When the nine-digit Social Security number (SSN) was first introduced in 1936, the reaction from the public was mixed. Some felt like it was too close to an identification number issued by the government, while others were wary of having some form of imaginary account number tied to their wages and taxes. The earliest known plans for the number, though, clearly stated that the SSN would not be used as an identification number.

However, through the years, the allowable legal uses for the SSN have evolved. Your number is now required documentation for things like government benefits, collecting disability or unemployment benefits, SNAP program assistance, opening a credit card or bank account, and much more. There are also “other” uses that are not necessarily legal or illegal; you can refuse to provide your SSN to be used as an identification number at your children’s school or your doctor’s office, for example, and most facilities probably won’t have an issue with that. However, a medical office can refuse to treat you without the number—citing concerns about ensuring accurate patient identification prior to commencing treatment—and there’s no legal recourse for you to fight them on it.

That means your SSN is an integral part of your overall identity, one that has become the “Holy Grail” of identity theft. Even worse, it also means that your personal identifiable information is out there, and there’s no way of knowing who has accessed it, how it’s being stored, or how many hackers may have already made off with it behind your back. With the record-setting numbers of data breaches and compromised consumer records almost every year for more than a decade, there’s an excellent chance your SSN is already in the wrong hands.

Following the recent announcement of last summer’s Equifax data breach, which compromised more than 143 million SSNs, some high-profile officials have begun calling for an end to this profound piece of information. With the knowledge that many Americans’ numbers are in harmful circulation, it might seem logical to just do away with the whole concept and find a new way to keep tabs on taxes and employment. But while their hearts might be in the right place from a safety standpoint, the proposed solution to this problem misses the mark.

Replacing the SSN as a key identifier with some other piece of data is a band-aid solution to the overall problem of data theft. The new identifier will quickly become just as sought after—and therefore, just as targeted—as the SSNs have been, and we’ll be back at square one. Instead, it’s time to take a better look at a number of factors, like data encryption tools, oversharing of personal identifiable information, mindless data gathering and failure to store that data securely, and more.

Layering our security is another vital step in protecting our data. Multi-factor authentication for our most sensitive information is a step toward locking it up, as are automatic freezes and alerts on our credit reports. Requiring authentication before a new account can be opened—with stiff penalties for creditors who don’t obtain verified permission before opening new accounts and lines of credit—would help make stolen data useless to an identity thief.

It doesn’t matter what the data is, whether it’s a nine-digit number, a biometric marker or a barcode you carry with you at all times – if it’s not protected with the highest level of security available, it’s just another item for hackers to steal. If we hope to make a dent in this multi-billion-dollar a year crime, we must do a better job protecting our data at every level.

Eva Velasquez is the President/CEO at the Identity Theft Resource Center. Eva previously served as the Vice President of Operations for the San Diego Better Business Bureau and spent 21 years at the San Diego District Attorney’s Office. She has a passion for consumer protection and educating the public about identity theft, privacy, scams and fraud, and other related issues and is recognized as a nationwide expert on these topics.

Eva has been featured on such outlets as the CNBC Nightly Business Report, Huffington Post Live, Forbes, Bloomberg, Kiplinger’s and numerous other outlets. She is the driving force behind the first free ID Theft Help App and the ITRC Hands-On Privacy Program which aims to empower our community to protect their mobile data. Eva is regularly invited to speak at events nationwide and has recently had the privilege to present at such forums as Twitter’s National Cybersecurity Awareness Month’s Event, the Victims Of Crime Act (VOCA) National Training Conference, the Privacy Xchange Forum, and the National Association of Area Agencies on Aging’s annual N4A conference with the Federal Trade Commission. As the head of The Identity Theft Resource Center, Eva has co-hosted events with Google and Lexis Nexis.

Eva is a recipient of awards such as The Stevie Award for Women in Business recognizing women internationally and the 2016 Women Who Mean Business Award for her contribution to San Diego’s business, civic and cultural landscape.

The opinions expressed in this blog are those of Eva Velasquez and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.