Ubiquitous Use of Social Security Numbers Leads to Identity Theft

 Robert Siciliano Identity Theft Expert 

A patient at a Washington state medical clinic was asked for his
Social Security number numerous times. Many of us have endured this
familiar process. Considering the recent buzz about identity theft,
this patient became concerned about releasing his own sensitive
personal data, and requested that the facility remove his Social
Security number from their records. The clinic refused, the patient put
up a stink, and was ultimately ejected from the facility. The clinic
considered his request unreasonable, and a violation of their rules and
regulations. So, who’s right and who’s wrong in this scenario?


One Saturday afternoon, years ago, my spouse and I went to a major
chain that rents videos. Without naming them, let’s just say they rent
some block buster movies. The account was under my wife’s name, but she
didn’t have her card with her that day. Upon checkout, the pimply faced
17-year-old clerk said, “No problem,” and asked for her Social Security
number, which appeared on the screen in front of him. I freaked out and
was ejected from the store. So, who’s right and who’s wrong? p2p-image1

In both cases, the customer is wrong. That may not be the answer you were expecting. I was wrong and the patient was wrong.

In general, routine information is collected for all hospital
patients, including the patient’s name, address, date of birth, Social
Security number, gender and other specific information that helps them
verify the individual’s identity, as well as insurance enrollment and
coverage data. And due to federally mandated laws like HIPAA, they are careful to maintain confidentiality of all patient information in their systems.

Corporations such as banks, credit card companies, automobile
dealers, retailers and even video rental stores who grant credit in any
form are going to ask for your name, address, date of birth, Social
Security number and other specific information that helps them verify
your identity and do a quick credit check to determine their risk level
in granting you credit.

The Social Security Administration
says, “Show your card to your employer when you start a job so your
records are correct. Provide your Social Security number to your
financial institution(s) for tax reporting purposes. Keep your card and
any other document that shows your Social Security number on it in a
safe place. DO NOT routinely carry your card or other documents that
display your number.” But beyond that they have no advice and frankly,
no authority.

Over the past fifty years, the Social Security number has become our
de facto national ID. While originally developed and required for
Social Security benefits, “functionality creep” occurred. Functionality
creep occurs when an item, process, or procedure designed for a
specific purpose ends up serving another purpose, which it was never
intended to perform.

Here we are decades later, and the Social Security number is the key
to the kingdom. Anyone who accesses your number can impersonate you in
a hospital or bank. So what do you do when asked for your Social
Security number? Many people are refusing to give it out and quickly
discovering that this creates a number of hurdles they have to overcome
in order to obtain services. Most are often denied that service, and
from what I gather, there is nothing illegal about any entity refusing
service. Most organizations stipulate access to this data in their
“Terms of Service” that you must sign in order to do business with
them. They acquire this data in order to protect themselves. By making
a concerted effort to verify the identities of their customers, they
establish a degree of accountability. Otherwise, anyone could pose as
anyone else without consequence.

So where does this leave us? I have previously discussed “Identity Proofing,”
and how flawed our identification systems are, and how we might be able
to tighten up the system. But we have a long way to go before we are
all securely and effectively identified. So, in the meantime, we have
to play with the cards we are dealt in order to participate in society
and partake in the various services it offers. So, for the time being,
you’re going to have to continue giving up your Social Security number.

I give up mine often. I don’t like it, but I do things to protect myself, or at least reduce my vulnerability:

How to protect yourself;

  • You can refuse to give your Social Security number out. This may
    lead to a denial of service or a request that you, the customer, jump
    through a series of inconvenient hoops in order to be granted services.
    When faced with either option, most people throw their arms in the air
    and give out their Social Security number.
  • You can invest in identity theft protection. There are dozens of
    companies offering a variety of services to protect you in different
    ways. These services can monitor credit reports, set fraud alerts or
    credit freezes, restore damaged credit, and sweep the net looking for
    stolen data.  I’m working with Intelius Identity Protect and like them. Secure and cost effective.
  • You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. You can use Google news alerts to sweep the net and take precautions to prevent social media identity theft.
  • Protect your PC. Regardless of what others do with your Social
    Security number, you still have to protect the data you have immediate
    control over. Make sure to invest in Internet security software.

Robert Siciliano, identity theft speaker, discusses the ubiquitous use of Social Security numbers.

What have you done in the past when asked for your SSN? Did you refuse? What happened?


In order to comment on BlogHer.com, you'll need to be logged in. You'll be given the option to log in or create an account when you publish your comment. If you do not log in or create an account, your comment will not be displayed.

Recent Posts by RobertSiciliano