Should Social Security numbers be replaced by modern, more secure identifiers?

See the article"Predicting Social Security numbers from public data" on page 10975.

Social Security numbers (SSNs) were originally developed as unique identifiers well before recent times when sophisticated methods of using and combining data files became available. Although the main legislated uses of SSNs are by the Social Security Administration (SSA) and the Internal Revenue Service (IRS), SSNs have become ubiquitous as identifiers in both credit files and even health-related files. With many files, the SSN, along with other identifying information such as name, address, telephone number, and date-of-birth, is the primary means of corroborating that an individual from one data source is the same individual in another data source (

The following popper user interface control may not be accessible. Tab to the next button to revert the control to an accessible version.

In our credit-driven society, individuals often want their applications for new credit to be approved as quickly as possible. Approval is often accomplished by comparing information on the credit application with an appropriately designed external database. Speed of linkage may be improved by using only SSN and date-of-birth. Because typographical error is common (say, from keying a hand-written form), the linkage procedures may only require that 7 of 9 characters in the SSN agree and the components of date-of-birth (day-of-birth, month-of-birth, and year-of-birth) approximately agree. The linkage may also use names in a procedure that accounts for minor typographical error. If name is not used in the linkage, then, as noted by Acquisti and Gross (

The following popper user interface control may not be accessible. Tab to the next button to revert the control to an accessible version.

Destroy user interface control) in this issue of PNAS, an identify thief can use a new name and mailing address along with the “verified” SSN–date-of-birth combination to obtain new credit.

Acquisti and Gross (

The following popper user interface control may not be accessible. Tab to the next button to revert the control to an accessible version.

Destroy user interface control) demonstrate that it is possible to predict SSNs for a moderately large proportion of the population. This is particularly true for individuals who received SSNs via the Enumeration-At-Birth (EAB) procedure that began in 1993. The prediction models are greatly facilitated by SSA's own documented procedures for creating SSNs and publicly available SSA Death Master File (DMF) information that was intended to help prevent fraud and identify theft. To clarify and provide a precursor to later arguments, I repeat some of the description of Acquisti and Gross. The first 5 digits of the SSN are assigned geographically with certain states getting known sets of digits. The precise ordering and specific values have been available in public documents for years (

The following popper user interface control may not be accessible. Tab to the next button to revert the control to an accessible version.

The following popper user interface control may not be accessible. Tab to the next button to revert the control to an accessible version.

Destroy user interface control). The first five digits are assigned in known order (not consecutive) and, within each set of the specific values of the first five digits, the last four digits are assigned consecutively from 0001 to 9999. Although SSA documentation (

The following popper user interface control may not be accessible. Tab to the next button to revert the control to an accessible version.

The following popper user interface control may not be accessible. Tab to the next button to revert the control to an accessible version.

Destroy user interface control) specifically states that the last four digits of SSN are randomized, Acquisti and Gross disprove that valid randomization occurs.

The Acquisti–Gross procedures (

The following popper user interface control may not be accessible. Tab to the next button to revert the control to an accessible version.

Destroy user interface control) allow them to predict the first five digits of the SSN with high accuracy. Acquisti and Gross refine their model using the DMF information about the patterns present in the SSNs and dates-of-birth. With the refined model, it is possible to predict the last four digits with accuracy within a range of 100 for individuals born in 1993 or later. The accuracy is much lower for other years. Many of the web-based “identity-verifying” sources allow typographical error in the SSN and a number of verification queries up to a fixed upper bound from a given computer. By varying the guess of the SSN in a range of 100 (or even greater ranges) and using queries from several computers, it is possible to verify a given combination of SSN and date-of-birth to compromise the identity of an individual.

The SSN is not a secure identifier, particularly for individuals born in 1993 and later.

The main issue is that, as Acquisti and Gross demonstrate (

The following popper user interface control may not be accessible. Tab to the next button to revert the control to an accessible version.

Destroy user interface control), the SSN is not a secure identifier, particularly for individuals born in 1993 and later. If the SSN is not secure in the sense that it is straightforward to associate it with an individual for whom a name and date-of-birth are available, then it can be very easy to steal such an individual's identity.

Having one's identity stolen can be exceptionally costly (1–3 years, $30,000 or more in expenses) (

The following popper user interface control may not be accessible. Tab to the next button to revert the control to an accessible version.

The following popper user interface control may not be accessible. Tab to the next button to revert the control to an accessible version.

The following popper user interface control may not be accessible. Tab to the next button to revert the control to an accessible version.

Modern computer environments and capabilities necessitate a secure, accurate, unique, and verifiable identifier. I suggest three changes to existing SSN-assignment procedures that are reasonably straightforward to implement and that may serve as a precursor to more appropriate procedures. The first is to use a different random ordering of the last four digits of the SSN within each group as determined by the first five digits of the SSN. This straightforward change does not affect any of the subsequent legitimate uses of the SSN and should be implemented. Equally easy to implement and even more secure would be for SSA to issue SSNs in a given state at random from the entire set of remaining SSNs that are available to the state. The second change is to add a check digit as an extra field in the SSN (

The following popper user interface control may not be accessible. Tab to the next button to revert the control to an accessible version.

Destroy user interface control). Check digits ensure that a set of integers are keyed correctly 90% of the time. The procedure does this by computing a verifying check digit from the existing 9 digits that must agree with the keyed or available check. The “check digit” can be stored in a separate location although, ideally, it might be stored in a location that is adjacent to the SSN. If two check digits were used, then it would be possible to ensure that 99% of SSNs were keyed correctly.

The third change would be to add a pair of digits to deal with the vintage of SSNs. The current 9-digit SSN does not have sufficient numbers for 300+ million Americans, deceased individuals, and others such as certain foreign nationals who need SSNs as part of their U.S. employment. The pair “00” might be associated with most current SSNs and could again be stored in a nonadjacent location. Because some individuals already have two assigned SSNs (

The following popper user interface control may not be accessible. Tab to the next button to revert the control to an accessible version.

Destroy user interface control), identical SSNs are sometimes assigned to different individuals, and some geographic regions may be close to running out of SSNs, the SSA could use “01,” “02,” and so on to disambiguate other sets of SSNs. The third change seems crucial because SSA will possibly be running out of sufficient, unassigned SSNs within 70 years (

The following popper user interface control may not be accessible. Tab to the next button to revert the control to an accessible version.

Destroy user interface control). The second change facilitates verifying that a transcribed/keyed SSN agrees with SSA's main Numident database containing all verified SSNs and associated information. A third-party group (or individual) with suitable expertise would need to verify that the SSA procedures were properly implemented.

There are two questions related to the general privacy of individuals. First, will SSA be able to issue new, replacement SSNs to individuals from 1993 until the time when SSA implements more secure procedures? Many individuals born from 1993 have significantly increased risk of identity theft. Second, will the credit-granting industry and other groups that need to verify identities adopt procedures that somehow significantly reduce the possibility of identity theft for most individuals? Because millions of individuals are affected by identity theft annually (

The following popper user interface control may not be accessible. Tab to the next button to revert the control to an accessible version.

The following popper user interface control may not be accessible. Tab to the next button to revert the control to an accessible version.

The following popper user interface control may not be accessible. Tab to the next button to revert the control to an accessible version.

Destroy user interface control), the ease with which identity-verifying procedures are compromised needs to be reduced.

Sign-Up |

Services & Home Study Products

Seasoned Tradeline Links

Credit Profile Number Links

What You Should Know

SSN Numbers as soon to be replaced by modern CPN type identifiers!

credit profile number information | about us | disclaimer | user agreement | legal cpn guarantee | contact us | purchase athorized user primary tradelines | purchase cpn numbers | cpn credit business credit ebook information | piggybacking tradelines | ftc adding seasoned tradelines to improve credit score | fico will keep scoring authorized user accounts | results of fico 08 on authorized users | federal reserve bank rules in favor of authorized user tradelines | advantages of being a authorized user | piggybacking beats FICO | how to build credit by adding authorized user tradelines | how can adding authorized user tradelines affect my credit score | how many hard pull credit pulls is bad for my credit | authorized user tradeline scams | authorized user tradeline scam schemers gets arrested | buying a better credit score with athorized users tradelines | primary tradelines are a scam and a instant trip to jail | obtaining a new cpn credit file | how to create an alternate credit file | why or how to get a new credit profile or a new ssn number | Setting up a new cpn business profile | how to create a new credit file for your company | irs reasons for you needing a new ein | the fico beacon score scam | credit report errors hurting fico clients | complain then sue the credit reporting agency | 6 steps to sueing a credit bureau | what not to do with your cpn number | social security numbers will be replaced by modern more secure identifiers | new laws limit the use of ssn numbers | db pay to play scam | dunn and bradstreet phone and scare tactics | the fico hoax home study guild | experian credit agency scams | seasoned tradeline fico business credit videos

Site Map

aaaaaaaaaaaaiii