Slashdot Mirror

← Back to Stories (view on slashdot.org)

Congress To Restrict Social Security Number Use

Posted by ryuzaki0 on from the they're-not-toys-you-know dept.

diverge_s writes "News.com.com has an article detailing a long overdue attempt Congress is making to restrict the use of Social Security Numbers. From the article: 'In both the House and the Senate, there are at least three pieces of pending legislation that propose different approaches to restricting the use and sale of SSNs. Politicians have expressed astonishment at what they see as a rising identity fraud problem, frequently pointing to a 2003 Federal Trade Commission survey that estimated nearly 10 million consumers are hit by such intrusions each year.'"

1 of 280 comments (clear)

  1. Re:Band-aid on a gunshot wound. by Gonarat · · Score: 5, Interesting

    Exactly. It shouldn't matter if I know your SSN. There should be a private key part of the equation required for a transaction that requires an SSN to take place. This token should be a pass phrase, not just a password or PIN. Verification can be done electronically by the Social Security Administration.


    For example, if I sign up for a credit card, the application would not be processed until I give my valid pass phrase and it was verified. This way, someone could find out my SSN, date of birth, Mother's maiden name, shoe size, or whatever else, but could not do anything with it without knowing my pass phrase. Credit cards themselves should at least require a PIN to complete a transaction. This could be done without a major overhaul of the financial network -- the ISO 8583 specs supports PINs.


    You could support several pass-phrases. One pass phrase would be for applying for credit and such, giving a Bank or Credit institution this pass phrase would allow them to not only access your credit report, but would give them authorization to update it as they do today. A second pass phrase could be given to just allow read access to a credit report. This could be used for your own access, access by landlords, or any other situation where you need to give out that information without giving the ability to update it. One time use read pass phrases could even be supported. Pass phrases could be changed by visiting the Social Security Office or online. Any forgotten pass phrases would require a visit to the Social Security Office.


    A system like this would massively cut down on fraud and identity theft without too massive of a change to the current system flow.


    --
    Beware of Sleestak