Writing in the CNN Money web site, Jose Pagliery asks the question, “Why are we still using Social Security numbers to identify ourselves?” Good question. However, I think Pagliery overlooked the reality of those numbers.
Hackers have stolen more than 6.5 million Social Security numbers so far this year, according to a different report on CNN Money. The biggest hacks included the 750,000 that were exposed with the recent U.S. Postal Service data breach, 1.3 million stolen from Montana’s health department in June, and 4.5 million from a nationwide hospital network in August. Cybersecurity breaches at Target, Sony, Home Depot, Staples, CVS, K-Mart, JP Morgan Chase, Global Payment Systems, Adobe, eBay, PayPal, UPS, and other prominent companies have leaked some combination of consumer Social Security Numbers, credit card data (including billing address), email addresses, and passwords.
Does a Social Security Number provide a very good ID? No! Anyone can obtain that number and impersonate the true holder.
In fact, Social Security Numbers were never intended to be identification numbers. Starting in 1946, all Social Security cards were issued with the following warning clearly displayed: “FOR SOCIAL SECURITY PURPOSES — NOT FOR IDENTIFICATION.” Even with that warning, many banks, government agencies and corporations used the number as an identification number.
In fact, the earliest violators of this directive were the various agencies of the U.S. government itself, not hackers. Jose Pagliery writes, “In 1961, the federal government started using it for employees, even though most are not eligible to collect Social Security. In 1962, the IRS used it for taxpayers. Law then compelled banks to join in.”
The Social Security Administration finally changed its policy in 1972. The warning has not been on any new cards issued since 1972 and the use of those numbers for identification purposes has continued to mushroom. Today, there are no laws or regulations prohibiting the use of a Social Security Number for identification purposes.
Many other countries do issue unique identification numbers to their citizens. The numbers are used for many purposes and are indeed widely available to hackers, thieves, and even to law-abiding citizens. However, most other countries do not issue credit cards, give loans, or open bank accounts based solely on the use of a single government-issued ID number. They do require that number plus more proof that the applicant is really the person he or she claims to be.
Again, I think Jose Pagliery missed the point. He asked, “Why are we still using Social Security numbers to identify ourselves?” I would ask, “Why not?”
Let’s stop pretending otherwise. Like it or not, until a better system is invented, a Social Security Number IS your government-issued identification number, even with all its disadvantages.
You can read Jose Pagliery’s article at http://money.cnn.com/2014/11/11/technology/security/social-security-number-hack.