BACK

Legal, Regulatory, and Privacy Issues

Will companies ever stop using your Social Security number as an identifier?

To increase security, companies like Equifax are looking for alternatives

Summary

Companies are looking to increase security and Equifax has announced its commitment to do so. Will they find a different way to identify people than using SSNs?

The editorial content below is based solely on the objective assessment of our writers and is not driven by advertising dollars. However, we may receive compensation when you click on links to products from our partners. Learn more about our advertising policy.

The content on this page is accurate as of the posting date; however, some of the offers mentioned may have expired. Please see the bank’s website for the most current version of card offers; and please review our list of best credit cards, or use our CardMatch™ tool to find cards matched to your needs.

Do you cringe every time you enter your Social Security number on a website as a form of ID?

Does it feel invasive to enter those 10 numbers that a thief could use to steal your identity?

In November 2018, Equifax reaffirmed its pledge to go beyond the Social Security number to find a more secure way to verify identity. Is it a sign that using Social Security numbers as identifiers might soon be a thing of the past? And if it does, might that stop thieves from stealing your card info and ruining your credit?

Read on to find out what industry experts think about using SSNs for identity verification and what changes they feel might be coming down the line.

See related: Abolish the password? Card issuers are working on that

How to keep your information safe

The potential end of SSNs as an identifier may not mean the demise of identity theft, but there are way to keep yourself safe.

  • Consider offering an alternative to a company that’s asking for your SSN, such as your driver’s license number, passport, proof of your address or even a student ID. Also, you might ask a company why it needs your SSN, how it will be stored, with whom it might be shared and who will cover your losses if your number is stolen.
  • Obviously, don’t ever use your number as a password and don’t broadcast it via email or instant message. And last – and perhaps most important – monitor everything.
  • Keep close tabs on your credit card balances and see if your issuer allows you sign up for account alerts – that way, you can receive a text or call if transactions exceed a specified amount or if someone tries to use your SSN to access your account.

Taking these steps won’t guarantee your safety, but they’ll go a long way toward making things much more difficult for theives to compromise it.

Social Security numbers as identifiers may be here to stay

Using Social Security numbers as identifiers is not a thing of the past, but displaying them freely is, according to Samuel Zhou, financial blogger at CreditCardio.

For example, credit card companies used to print your SSN and your credit card number on statements. Now that identity theft is rampant, they don’t put your SSN and credit card number on anything that might be stolen.

Zhou maintains that you will still need to input your SSN when you apply for credit cards, mortgages or anything else financially
related. But if they ever do get phased out, Zhou said thieves will still be able to steal your information.

George Earl is the founder of Corsair’s Ventures, a company that analyzes and delivers consumer insights to its clients. And he agrees with Zhou that SSNs aren’t going away anytime soon.

“No one is close to replacing SSNs as identifiers,” Earl said.

Over the past five to seven years, lenders have experimented with cellphone numbers and other identifiable information, but thieves have been able to hack those easily, Earl added.

Some lenders, such as PayPal, might make smaller loans – around $500 – to applicants based on alternative identification. But because default rates on alternatively unwritten segments tend to range from 9 percent to 12 percent – as a benchmark, prime
lending is 4 percent to 6 percent – few lenders are likely to move away from SSN identifiers any time soon, Earl said.

When they do move away from using SSNs, it will likely be to use surrogate IDs, Earl said. A surrogate ID involves a credit card company assigning you a unique identifier that it cross-references to your SSN in its database. And although that might create the appearance of moving away from using SSNs, it ultimately won’t happen, Earl said.

For example, Earl said, companies have been providing single-use credit card numbers for online transactions for quite a while. Unfortunately, those numbers – although they aren’t reusable – still create hackable records at both the merchant and the bank.

See related: Poll: Americans leave their personal info open to thieves

Lenders are required to keep your information on file

There is also the issue of Know Your Customers compliance, Earl pointed out.

KYC is an offshoot of the Patriot Act, and it effectively bans blind lending. All banks must have a record of their customers’ personally identifiable information (PII), which includes name, address, phone, etc.

And because all PII lists inevitably have some gaps, the SSN is considered one of the strongest ways to ensure compliance, and that will present major bureaucratic hurdles for anyone seeking to shift the paradigm.

Right now, Earl said, significant lending without SSNs would put lenders in a bad place with their financial regulators.

Earl also noted that startups experimenting with artificial intelligence are attempting to build devices that allow customers to use
encrypted identifiers.

“Unfortunately, these devices would totally destroy the credit lending process. They just aren’t scalable or timely,” Earl said.

“I suspect Equifax will one day laud some new process. But any analysis will reveal a lack of volume or meaningful usage,” he added.

Joe Whitchurch, head of CreditWise for Capital One, said SSN numbers as identifiers will “absolutely not” be phased out, at least any time soon.

“Social Security numbers have been widely used as the de facto identifier – from your credit history to your taxes to your driver’s license. Creating a new identifier would be a huge undertaking, and there is no guarantee that fraudsters couldn’t get their hands on the new identifying information,” Whitchurch said.

“Creating a new identifier would be a huge undertaking, and there is no guarantee that fraudsters couldn’t get their hands on the new identifying information.”

SSN identifiers don’t always help thieves access credit card info

Nathan Grant, financial analyst at Credit Card Insider, said that once a thief gets your SSN, he or she can use it to impersonate you over the telephone, in person or online to retrieve your personal information.

But, Grant said, simply having access to your SSN isn’t the only thing that helps thieves gain access to your credit card information.

“They can utilize other methods, such as ‘skimming’ technologies, to steal your credit card information,” Grant said.

“Even if SSNs eventually get phased out, thieves will still skim your credit card and create a clone of it. Thieves will still go phishing and steal your information online,” Zhou said.

Thieves attach skimmers to gas pumps, ATMs and card reader pin pads to steal your information.

And cybercrooks are also busy coming up with new ways to lift your credit card information, such as using near-field, communication-enabled devices that record your contactless card’s RFID chip without even touching the card.

Companies are constantly fighting fraud

The good news is, companies are always on the lookout for ways to reduce fraud.

“There are many companies – in addition to the major credit bureaus – that are committed to finding alternative solutions to reduce fraud,” said Robert Siciliano, security awareness expert and CEO of Safr.Me.

And Siciliano feels that when and if companies do find those solutions, consumers will be relatively unaware of the switch unless the technologies require some form of opt-in.

“Companies can’t stop using SSNs for identifiers fast enough, as far as I’m concerned,” Siciliano said.

“Right now, using Social Security numbers as primary identifiers – and essentially our national ID – makes it very easy for criminals to engage in fraud,” he added.

Siciliano acknowledged that many of the new developing “identity“ technologies are being deployed alongside an SSN, which he feels will eventually phase out the SSN.

But if a switch does happen, he doesn’t see it taking place for at least a decade or more.

See related: Data breaches dropped in 2018, but more personal information was exposed

New ways companies are fighting back

Thankfully, organizations are not just looking for new ways to fight fraud, they’re finding them.

Some card issuers offer virtual credit card numbers customers can use. If yours does, use them, Grant recommended.

Virtual card numbers are connected to your physical card and you can use them to prevent fraud and identity theft while shopping online or over the phone.

And there’s a bonus to using them.

“If anything happens to your virtual card, you can delete it and get a new one without having to get your physical card reissued,” Grant said.

CreditWise from Capital One is also helping consumers fight back. It introduced three new features to help users keep better tabs on their Social Security numbers, according to Whitchurch.

CreditWise is the first app that sends users credit alerts from Experian and TransUnion, tracks their Social Security numbers and scans the dark web all in one place, for free.

“And that’s whether you’re a Capital One customer or not. These alerts can be sent via email or directly to one’s mobile phone,” Whitchurch said.

Discover also offers a free service that “will notify you if your Social Security number is found on any of thousands of risky  websites.”

See related: Credit freezes are now free, but do you need one?

“Right now, using Social Security numbers as primary identifiers – and essentially our national ID – makes it very easy for criminals to engage in fraud.”

Thieves will find a way to steal

Stacy Caprio, blogger at Fiscal Nerd, says thieves will be thieves, even if SSNs disappeared completely.

No matter what identifier a website uses, thieves will always be able to steal your information, Caprio believes.

For example, if you use your voice as an identifier, a thief could record you speaking and use a copy of your voice to steal your
information. If you use your fingerprint, a thief can also copy that, Caprio added.

“There are ways to circumvent any type of unique identification process, but some processes might be more secure than others,”
Caprio said.

What’s up next?

In Legal, Regulatory, and Privacy Issues

Could credit bureau reforms pass in the new Congress?

A recent Congressional hearing sought more accountability for the credit reporting industry, and a legislative proposal is also seeking more consumer rights relating to credit scores.

Published: March 22, 2019

See more stories
Credit Card Rate Report Updated: July 17th, 2019
Business
15.61%
Airline
17.59%
Cash Back
17.68%
Reward
17.58%
Student
17.79%

Questions or comments?

Contact us

Editorial corrections policies

Learn more

Join the Discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, do not disclose confidential or personal information such as bank account numbers or social security numbers. Anything you post may be disclosed, published, transmitted or reused.

The editorial content on CreditCards.com is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company’s business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.