Since 1936, the U.S. Government has provided a Social Security Number (SSN) for every citizen. In a world that’s radically different than it was over 80 years ago, cybersecurity professionals question the assistance SSN’s now provide to identity theft. In past years, over 400 million SSN’s have been exposed in massive data breaches and hacking events. That presents a huge problem, as these compromised SSN’s are often the gateway to identity theft. Millions of U.S. citizens and their financial security having been compromised by opened mortgages and credit cards, car purchases, and countless other crimes are perpetrated by cybercriminals with stolen SSN’s.
Originally provided as a way for the government to keep tabs on citizen benefits and never intended as an official form of identity, SSN’s have morphed into the one truly legitimate proof of who you are. In the hands of bad actors, the depth of damage can last a lifetime. Cybersecurity professional Jim Stickley of Stickley on Security agrees, “With that, you can do whatever you want…You can become that person.” He continues, “If I have your name and your Social Security Number and you haven’t frozen your credit yet, you’re easy pickings.”
Stickley should know. Businesses hire him to expose security flaws in their data systems, enabling them to be fixed before hackers do damage. Having to do with the vulnerability of a permanent nine-digit Social Security Number as a true means of identification, Stickley notes that, ‘It is truly absurd; a Social Security Number was never supposed to be your ID and it’s nuts that they are being used that way.”
The cybersecurity community is gaining steam questioning the validity of Social Security Numbers as the major form of ID for U.S. citizens. Consider most institutions and social media platforms allow account holders to change their passwords and generate unique multi-factor Identification when logging in. A permanent and unchanging form of identification like an SSN is proven time and again to be a hindrance and not a help in the hands of a hacker.
In light of the Equifax data breach in 2017 that exposed the personal data of over 140 million Americans, including their Social Security Numbers and birth dates, new security options for credit are available. The biggest of these is the ability for individuals to freeze and unfreeze their credit for free. This not only allows an individual who discovers their personal data has been compromised to stop the damage immediately, but many are choosing to keep their credit frozen until they choose to temporarily unfreeze it for their own financial purposes. It’s not difficult to do this. In fact, after the Capital One breach recently, all three of the major credit bureaus put a link to freeze your credit on the front pages of their websites. And it truly only takes a few clicks to freeze it.
Just remember that when you freeze your credit report, no one has access to it; including the owner of the report. In order to give authorization for the bureaus to release it, it will need to be unfrozen. Fortunately, you can typically do this for a limited amount of time and then it will automatically be re-frozen.
Taking all of the security vulnerabilities the digital world exposes, options for other than SSN’s as a source of identification may be on the way. Let’s hope.