Companies are looking to increase security and Equifax has announced its commitment to do so. Will they find a different way to identify people than using SSNs?
Do you cringe every time you enter your Social Security number on a website as a form of ID?
Does it feel invasive to enter those 10 numbers that a thief could use to steal your identity?
In November 2018, Equifax reaffirmed its pledge to go beyond the Social Security number to find a more secure way to verify identity. Is it a sign that using Social Security numbers as identifiers might soon be a thing of the past? And if it does, might that stop thieves from stealing your card info and ruining your credit?
Read on to find out what industry experts think about using SSNs for identity verification and what changes they feel might be coming down the line.
See related: Abolish the password? Card issuers are working on that
How to keep your information safe
The potential end of SSNs as an identifier may not mean the demise of identity theft, but there are way to keep yourself safe.
- Consider offering an alternative to a company that’s asking for your SSN, such as your driver’s license number, passport, proof of your address or even a student ID. Also, you might ask a company why it needs your SSN, how it will be stored, with whom it might be shared and who will cover your losses if your number is stolen.
- Obviously, don’t ever use your number as a password and don’t broadcast it via email or instant message. And last – and perhaps most important – monitor everything.
- Keep close tabs on your credit card balances and see if your issuer allows you sign up for account alerts – that way, you can receive a text or call if transactions exceed a specified amount or if someone tries to use your SSN to access your account.
Taking these steps won’t guarantee your safety, but they’ll go a long way toward making things much more difficult for theives to compromise it.
Social Security numbers as identifiers may be here to stay
Using Social Security numbers as identifiers is not a thing of the past, but displaying them freely is, according to Samuel Zhou, financial blogger at CreditCardio.
For example, credit card companies used to print your SSN and your credit card number on statements. Now that identity theft is rampant, they don’t put your SSN and credit card number on anything that might be stolen.
Zhou maintains that you will still need to input your SSN when you apply for credit cards, mortgages or anything else financially
related. But if they ever do get phased out, Zhou said thieves will still be able to steal your information.
George Earl is the founder of Corsair’s Ventures, a company that analyzes and delivers consumer insights to its clients. And he agrees with Zhou that SSNs aren’t going away anytime soon.
“No one is close to replacing SSNs as identifiers,” Earl said.
Over the past five to seven years, lenders have experimented with cellphone numbers and other identifiable information, but thieves have been able to hack those easily, Earl added.
Some lenders, such as PayPal, might make smaller loans – around $500 – to applicants based on alternative identification. But because default rates on alternatively unwritten segments tend to range from 9 percent to 12 percent – as a benchmark, prime
lending is 4 percent to 6 percent – few lenders are likely to move away from SSN identifiers any time soon, Earl said.
When they do move away from using SSNs, it will likely be to use surrogate IDs, Earl said. A surrogate ID involves a credit card company assigning you a unique identifier that it cross-references to your SSN in its database. And although that might create the appearance of moving away from using SSNs, it ultimately won’t happen, Earl said.
For example, Earl said, companies have been providing single-use credit card numbers for online transactions for quite a while. Unfortunately, those numbers – although they aren’t reusable – still create hackable records at both the merchant and the bank.
Lenders are required to keep your information on file
There is also the issue of Know Your Customers compliance, Earl pointed out.
KYC is an offshoot of the Patriot Act, and it effectively bans blind lending. All banks must have a record of their customers’ personally identifiable information (PII), which includes name, address, phone, etc.
And because all PII lists inevitably have some gaps, the SSN is considered one of the strongest ways to ensure compliance, and that will present major bureaucratic hurdles for anyone seeking to shift the paradigm.
Right now, Earl said, significant lending without SSNs would put lenders in a bad place with their financial regulators.
Earl also noted that startups experimenting with artificial intelligence are attempting to build devices that allow customers to use
“Unfortunately, these devices would totally destroy the credit lending process. They just aren’t scalable or timely,” Earl said.
“I suspect Equifax will one day laud some new process. But any analysis will reveal a lack of volume or meaningful usage,” he added.
Joe Whitchurch, head of CreditWise for Capital One, said SSN numbers as identifiers will “absolutely not” be phased out, at least any time soon.
“Social Security numbers have been widely used as the de facto identifier – from your credit history to your taxes to your driver’s license. Creating a new identifier would be a huge undertaking, and there is no guarantee that fraudsters couldn’t get their hands on the new identifying information,” Whitchurch said.
SSN identifiers don’t always help thieves access credit card info
Nathan Grant, financial analyst at Credit Card Insider, said that once a thief gets your SSN, he or she can use it to impersonate you over the telephone, in person or online to retrieve your personal information.
But, Grant said, simply having access to your SSN isn’t the only thing that helps thieves gain access to your credit card information.
“They can utilize other methods, such as ‘skimming’ technologies, to steal your credit card information,” Grant said.
“Even if SSNs eventually get phased out, thieves will still skim your credit card and create a clone of it. Thieves will still go phishing and steal your information online,” Zhou said.
Thieves attach skimmers to gas pumps, ATMs and card reader pin pads to steal your information.
And cybercrooks are also busy coming up with new ways to lift your credit card information, such as using near-field, communication-enabled devices that record your contactless card’s RFID chip without even touching the card.
Companies are constantly fighting fraud
The good news is, companies are always on the lookout for ways to reduce fraud.
“There are many companies – in addition to the major credit bureaus – that are committed to finding alternative solutions to reduce fraud,” said Robert Siciliano, security awareness expert and CEO of Safr.Me.
And Siciliano feels that when and if companies do find those solutions, consumers will be relatively unaware of the switch unless the technologies require some form of opt-in.
“Companies can’t stop using SSNs for identifiers fast enough, as far as I’m concerned,” Siciliano said.
“Right now, using Social Security numbers as primary identifiers – and essentially our national ID – makes it very easy for criminals to engage in fraud,” he added.
Siciliano acknowledged that many of the new developing “identity“ technologies are being deployed alongside an SSN, which he feels will eventually phase out the SSN.
But if a switch does happen, he doesn’t see it taking place for at least a decade or more.
New ways companies are fighting back
Thankfully, organizations are not just looking for new ways to fight fraud, they’re finding them.
Some card issuers offer virtual credit card numbers customers can use. If yours does, use them, Grant recommended.
Virtual card numbers are connected to your physical card and you can use them to prevent fraud and identity theft while shopping online or over the phone.
And there’s a bonus to using them.
“If anything happens to your virtual card, you can delete it and get a new one without having to get your physical card reissued,” Grant said.
CreditWise from Capital One is also helping consumers fight back. It introduced three new features to help users keep better tabs on their Social Security numbers, according to Whitchurch.
CreditWise is the first app that sends users credit alerts from Experian and TransUnion, tracks their Social Security numbers and scans the dark web all in one place, for free.
“And that’s whether you’re a Capital One customer or not. These alerts can be sent via email or directly to one’s mobile phone,” Whitchurch said.
Discover also offers a free service that “will notify you if your Social Security number is found on any of thousands of risky websites.”
See related: Credit freezes are now free, but do you need one?
Thieves will find a way to steal
Stacy Caprio, blogger at Fiscal Nerd, says thieves will be thieves, even if SSNs disappeared completely.
No matter what identifier a website uses, thieves will always be able to steal your information, Caprio believes.
For example, if you use your voice as an identifier, a thief could record you speaking and use a copy of your voice to steal your
information. If you use your fingerprint, a thief can also copy that, Caprio added.
“There are ways to circumvent any type of unique identification process, but some processes might be more secure than others,”