• LinkedIn
  • YouTube
  • Twitter
  • Facebook
  • Google+

Putting The “Security” Back In Social Security Numbers

by on
in Office Management

Because the Social Security number (SSN) is the only permanent, unique piece of information that most Americans have about themselves, businesses both large and small have increasingly depended on it, using it as an employee identifier, or customer authenticator. Unfortunately, as the private sector's use of the SSN has grown, so too has the SSN's availability and value for identity thieves. To combat this trend, the Federal Trade Commission (FTC) has issued a new report, "Security in Numbers: SSNs and ID Theft," recommending to Congress five specific measures to help prevent Social Security numbers from being used for identity theft. The FTC believes these measures would make SSNs less available to identity thieves, and would also make it more difficult for thieves to misuse any numbers they are still able to obtain.


We've listed the five recommendations to Congress below. We've also included advice for what you can do to help safeguard your organization in the meantime.


1) Improve customer authentication. "Stronger authentication would make it more difficult for criminals to use stolen information, including SSNs, to impersonate consumers, thus devaluing the SSN to identity thieves and reducing the demand for it," the report explains. The FTC is urging Congress to adopt nationwide standards for how businesses and other organizations verify the identity of new and existing customers.

In the meantime: Don't use SSNs as the sole consumer authenticator. Consider using knowledge-based authentication in which you ask "challenge questions," the answers to which are likely to be known only by the correct individual.

2) Restrict the public display and the transmission of SSNs. "Restricting the display of SSNs on publicly-available documents and identification cards, and limiting the circumstances and means by which they can be transmitted, would make it more difficult for thieves to obtain SSNs, without hindering their use for legitimate identification and data matching purposes," says the report. Some states already have laws limiting the display and/or transmission of SSNs, but the FTC recommends adopting national standards.

In the meantime: Stop using SSNs as employee or customer numbers, and stop printing them on identification cards or on account statements, paychecks, applications, or other documents that are sent through the mail, if you haven't already. Or at least use truncated SSNs for all displays and transmissions. And never e-mail unencrypted SSNs.

3) Establish national standards for data protection and breach notification. The FTC supports adopting "national data security standards that would cover SSNs in the possession of any private sector entity," as well as "national data breach notification standards requiring private sector entities to provide public notice when the entity suffers a breach of consumers' personal information and the breach creates a significant risk of identity theft or other harms."

In the meantime: If your state already has data breach notification laws on the books, make sure you are in compliance. If your state doesn't have these laws, look to other states' standards for establishing company guidelines.

4) Conduct outreach to businesses and consumers. The report states that the FTC "anticipates disseminating additional guidance to businesses on what they can do to reduce their use of SSNs and to safeguard SSNs when they are used."

In the meantime: Limit employee access to SSNs and carefully conduct employee screening and training.

5) Promote coordination and information sharing on use of SSNs. Many organizations are discouraged by the "difficulties and expense of removing SSNs from computer systems and files, as well as the challenges of keeping up with the sophisticated and changing methods of identity thieves," noted the report. So the FTC "recommends that appropriate governmental entities explore helping private sector organizations establish a clearinghouse of best practices, enabling those organizations to share approaches and technologies on SSN usage and protection, fraud prevention, and consumer authentication."

Like what you've read? ...Republish it and share great business tips!

Attention: Readers, Publishers, Editors, Bloggers, Media, Webmasters and more...

We believe great content should be read and passed around. After all, knowledge IS power. And good business can become great with the right information at their fingertips. If you'd like to share any of the insightful articles on BusinessManagementDaily.com, you may republish or syndicate it without charge.

The only thing we ask is that you keep the article exactly as it was written and formatted. You also need to include an attribution statement and link to the article.

" This information is proudly provided by Business Management Daily.com: http://www.businessmanagementdaily.com/19712/putting-the-security-back-in-social-security-numbers "

Related Articles...

    No matches

Leave a Comment