Slashdot Mirror

← Back to Stories (view on slashdot.org)

Identity Theft-What Can Really be Done w/o a SSN?

Posted by Cliff on from the protecting-your-data dept.

TheItalianGuy asks: "Many of us that work in the financial sector are bombarded with daily security threats. One of the biggest these days is Identity Theft. My fellow comrades and I have been really grilling each other on differing scenarios on what could be done with what information. However, it all seems to come back the the Social Security Number. Financial companies have other controls in place (customer service verification checking, account passwords, etc) to ensure identification. But in order to be of any use, a bad guy would really need someone's SSN. Absent of that, other information would be useless. Right? That's what I would like to ask Slashdot folks. What could be realistically done with customer information without a SSN? Account numbers, address, maybe a phone or payment amount. Is that really dangerous to the customer if only those get compromised?"

2 of 533 comments (clear)

  1. Considering... by Jace+of+Fuse! · · Score: 5, Insightful

    Considering so many uses only request the last four digits, that makes the SSN a really insecure PIN in some cases. Insecure because it's only 4 digits, and because it never changes.

    --

    "Everything you know is wrong. (And stupid.)"

    Moderation Totals: Wrong=2, Stupid=3, Total=5.
  2. Re:SSN by happynut · · Score: 5, Insightful
    It's actually never legally allowed to require a social security number; "they" can request it, but not demand it, unless "they" are a government agency
    This is somewhat true, but pretty misleading. Private companies cannot require a social security number, but they can make providing it a condition of doing business with you.

    For more info, see:

    http://www.faqs.org/faqs/privacy/ssn-faq/
    http://archive.cpsr.net/cpsr/privacy/ssn/SSN-Priva te.html