At this point, it seems like just about everyone's SSN is out there in the public domain in one form or another. What pains me is that SSN is still used like a password for many institutions. Banks will ask for SSN, birthdate, and mother's maiden name. Unfortunately all of those things can be found out with a bit of digging.
The more these breaches happen, the more apparent it is that we need a better "proof of identity" mechanism. I'm not advocating for the government to pass out universal ID cards t
I disagree, the solution is to do away with the concept of any sort of proof-of-identity mechanism. Whatever you come up with, people will always be able to forge it or fake it or commit fraud with. Banks and things like the current situation with the SSN because it gives them someone to go after in the short-term. In the long-term, of course, they have to give you back the money they took, but to do that requires the victim of fraud/identity theft to jump through quite a few bureaucratic hoops to prove they were a victim. In the meantime, the financial institution can get help from the FBI, the Secret Service, and usually the IRS to go after whoever it was that really did it. You get your money back, sans interest earned on it and less legal expenses, fees, and the time you put in. They also don't fix your credit for you, and you can bet you'll still be answering questions to the IRS about it for months, if not years.
Banks could do a lot more to prevent fraud before it happens without having a social security number, but they don't bother because they know either way they end up ahead. Putting them, and not the consumer, on the hook when they get duped by scammers will go a long way towards shoring up bank security and personal information privacy.
For every fraudulant charge by an identity thief there is a bank that willingly handed out money to someone without actually knowing who they were.
Every time they hassle the victim of identity theft for the cash, they are shaking down an uninvolved 3rd party. Since they know very well they don't have any real proof of ID, from an ethical point of view, they might as well just shake down random pedestrians outside their office.
Ban that practice and you can bet they'll stop handing out credit ca
Even easier - we should just be able to get a new SSN. Whenever a data breach occurs, you should be able to file a form with the federal government, showing your information was leaked, and get a new SSN. Better yet, any time personal information is leaked, the leaking entity must offer the victims to file with the government for new SSNs.
This identifier from cradle to grave is for the birds. It is the same for biometric stuff - once it is leaked a single time, the cat is out of the bag and you can'
"Nature is very un-American. Nature never hurries."
-- William George Jordan
Business should assume that SSN is public (Score:4, Insightful)
The more these breaches happen, the more apparent it is that we need a better "proof of identity" mechanism. I'm not advocating for the government to pass out universal ID cards t
Re:Business should assume that SSN is public (Score:3, Insightful)
Banks could do a lot more to prevent fraud before it happens without having a social security number, but they don't bother because they know either way they end up ahead. Putting them, and not the consumer, on the hook when they get duped by scammers will go a long way towards shoring up bank security and personal information privacy.
Re: (Score:2)
EXACTLY!
For every fraudulant charge by an identity thief there is a bank that willingly handed out money to someone without actually knowing who they were.
Every time they hassle the victim of identity theft for the cash, they are shaking down an uninvolved 3rd party. Since they know very well they don't have any real proof of ID, from an ethical point of view, they might as well just shake down random pedestrians outside their office.
Ban that practice and you can bet they'll stop handing out credit ca
Re: (Score:2)
This identifier from cradle to grave is for the birds. It is the same for biometric stuff - once it is leaked a single time, the cat is out of the bag and you can'