Using Social Security Numbers to Verify Identity is Negligence

February 09, 2015

Bruce Schneier on identity theft in 2005:

The second issue is the ease with which a criminal can use personal data to commit fraud. It doesn’t take much personal information to apply for a credit card in someone else’s name. It doesn’t take much to submit fraudulent bank transactions in someone else’s name. It’s surprisingly easy to get an identification card in someone else’s name. Our current culture, where identity is verified simply and sloppily, makes it easier for a criminal to impersonate his victim.

With the recent Anthem data breach it is clear that the world is now on notice that for a significant portion of the United States population, the combination of a Social Security number and a birth date is not a secure way to verify identity. The financial services industry has thus developed new identity verification schemes and fraud detection tools. The IRS now uses big data to detect and prevent fraud. PayPal, Dropbox, and Google have all adopted two factor authentication. Stripe has adopted a machine learning model that adapts itself to your business. The tools to mitigate and prevent identity fraud exist, and companies and governments should employ them.

comments powered by Disqus
This work by Matt Zagaja is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.