Does Your Employer Still Use SSNs? 193
An anonymous reader asks: "My company, a fairly large telco, still uses social security numbers for non-financial purposes; mostly for our IT ticketing system. I find it amazing that in these times, with how easy it is to use an SSN to obtain credit, that any company still does this. I've heard talk for almost eight years that the practice is going to be stopped but little progress has been made. How many companies out there still use SSNs so openly? Since it seems that nobody is in a hurry to solve this issue, what can be done to speed the process up?"
Simple (Score:5, Funny)
Re: (Score:2)
"Nought, nought, nought. Nought, nought. Nought, nought, nought, one. Damn Roosevelt."
You think you have it bad? (Score:2, Interesting)
Re:You think you have it bad? (Score:4, Informative)
How about the law that you shall not be required to give more than the last four digits of your SSN?
No wonder there are "305 lawsuits" per average company per year...
Re:You think you have it bad? (Score:4, Informative)
A business can ask for an SSN when you attempt to buy a nine volt battery with exact change. Perfectly legal. You can, of course, refuse such a ridiculous request. Also quite legal. They can then decline to do business with you. Just as legal.
It’s only the government folks that are prohibited by law from demanding SSNs.
Re: (Score:2, Interesting)
They are critical to prevent the misuse of SSNs. Also you can't require someone to give there SSN, except for spcific situations, e.g. banks can require SSN to open an account.
Re: (Score:3, Interesting)
Re: (Score:2)
Re: (Score:2)
Actually, you need to re-check your facts (Score:2)
And it is needed in more states.
Re: (Score:2)
And yes, there are laws that restrict the use of SSN's within the private sector. If the business requests a SSN, a privacy statement must be given indicating what they are going to
Wow... that's not right... (Score:5, Interesting)
I believe that there is a Federal Regulation that intends to restrict the use of SSN/TIN numbers for identification by (guessing here) 2010. I'm certain there is such a law for banks, but I believe that it extends to any US public company. Anyone have details on this?
One last thing - I know many people who use fake SSN's for non-financial uses. For some time, Richard Nixon's SSN was very popular. Now, don't get me wrong, I'm not endorsing that practice - just sharing that it seems pretty common to me.
Re: (Score:3, Informative)
http://en.wikipedia.org/wiki/Individual_Taxpayer_I dentification_Number [wikipedia.org]
Employer Identification Number (EIN)
http://en.wikipedia.org/wiki/Employer_identificati on_number [wikipedia.org]
1. A surprising number of organizations will never check your SSN's validity
2. Try changing a digit, you might end up with a very similar & still valid SSN (that belongs to s
Re:Wow... that's not right... (Score:4, Interesting)
I strongly suggest using fake SSNs for anything possible, but of course, many times you are signing the "I verify that all this information is true to my knowledge" clause. Of course if you use it all the time, maybe you can get away with chalking it up to confusion over your actual SSN.
Re: (Score:2)
Phil
Re: (Score:2)
Well, at least he stayed true to the essense of the topic...
Re:Wow... that's not right...
Re: (Score:2)
I think your missing the point about the lesbians.
Re: (Score:3, Interesting)
As far as I know, to contradict your info (and I'd love to be corrected on this), any non-governmental company is allowed to use SSNs for whatever they want. I looked it up briefly a little while ago, and that was my understanding, but again, I hope I'm wrong.
SSN (Score:5, Insightful)
In the beginning the Social Security Number was issued by the government and is unique to each living citizen. This much still holds true.
But what was lost somewhere via the effects of Capitalism.... was that this number was supposed to be private to the individual assigned it. And, while there are laws protecting a citizens privacy. Companies were granted positions to effectively counter such laws. Only the government, state or law-enforcement officials may "demand" your Social Security Number. Visa can not demand you give it to them. Your landlord can not demand you give it to him. Private schools by law, can not demand you forfeit such information.
But no law is telling Visa or anyone else to accept alternate information for their personal records. As a result, you have to give out your Social Security Number, becuase if you don't, you can't apply for an Apartment, you can't buy a car, you can't have a credit card, you can't open a bank account, you can't get a job..... yeah, we have a choice.
*Some places do accept alternate information such as Drivers License Numbers.*
Re: (Score:3, Interesting)
Perhaps the EFF could step in.
Re: (Score:2)
Your landlord can not demand you give it to him.
And your landlord doesn't have to give you a lease if you don't provide him with a SSN either. My landlord wanted all this crazy information about me. SSN, monthly income, drivers license #, my checking and savings account numbers. Way more information you'd ever need to do some very easy identify theft. He may not be a crook, but how do I know he keeps the information secure? How do I know no one he employees is a crook, or any future people he employees
Re: (Score:2)
Did you pay your rent by check?
Re: (Score:2)
Re: (Score:3, Interesting)
WRONG, and that's why this is a problem. The SSN was designed to identify you to the government for tax purposes. Everyone who reported your money to the government needs it: your employer, your bank, mortage officers, loan officers, casinos and so on and so forth. Someone stole your SSN? Oh noes! They can pay your taxes for you! The horror!
It wasn't until other companies decided that they could use the SSN to identify you to
Correct, and furthermore... (Score:3, Interesting)
I've written before [ath0.com] that there's actually a free market solution to the problem. What it needs is for some well-funded activists (Gilmore?) to put together a nice big database of SSN info. We know all that info is available to any company that wants it.
Then, public announcements are prominently made in the press (NYT ads,
Re:SSN (Score:5, Informative)
Completly false. Employers are REQUIRED BY LAW to take your social security number to handle SS deductions. Banks and credit card companies are REQUIRED BY LAW to retain your social security number in order to do financial reporting (so the IRS can check and make sure you aren't spending more than your reported earnings). Gun shops are REQUIRED BY LAW to take your social security number as part of criminal background checks. There are a whole slew of situations where, not only can a company ask you for your SSN, but they are required to take your SSN!
Visa can not demand you give it to them.
Visa IS REQUIRED BY LAW to take your social security number, or a tax ID number if it is a corporation, as part of their financial reporting requirments.
Private schools by law, can not demand you forfeit such information.
Private schools BY LAW ARE REQUIRED to take your SS number if the private school accepts federal government loans or grants for students.
Don't try to obscure the blame that the government bears for your SSN being your ID number. Aside from the fact that they have made legislation making SSN the de-facto ID number (Real ID Act), it was the government that decided that you would have one single number that would follow you for the rest of your life as your unique identity (as opposed to the system they used for passports, where your passport is given a unique ID, but that number will change over the course of your life... your passport is assigned a number, not the person)
Re: (Score:3, Informative)
Not true. There is a field for the SSN on a Form 4473, but it's not required that it be filled in.
Re: (Score:2)
Re: (Score:2)
Except that the gun shop is required to keep the 4473 on file, and gun shops tend to be attractive burglary targets. I would imagine that anyone breaking in would be more interested in heisting the inventory rather than paperwork, but it's still safer to not have your SSN anywhere it doesn't absolutely have to be.
You're breezing over the issue (Score:2)
Visa IS REQUIRED BY LAW to take your social security number, or a tax ID number if it is a corporation, as part of their financial reporting requirments.
There's a big difference between being required by law to collect your SSN AFTER/b> you have applied for the card and been accepted, and collecting your SSN BEFORE you have accepted in order to do a credsit check.
There is no need for anyone to ever give their SSN to a company to do a credit check. However, most do anyway to save time.
Re: (Score:2)
I stand corrected.
However, what laws, laws that are actively and vehemently enforced, or systems and measures are in place to invalidate the seemingly end-all-be-all of identification as the SSN, and for companies to protect those numbers exclusively with outrageous fines should they be leaked or the source for an identity compromise? None!
As far as I'm concerned, it's meant to be
Re: (Score:2)
http://www.patriotnetwork.info/Social_Security_Num ber_Case.htm [patriotnetwork.info]
http://www.vcdl.org/pdf/PA_SummaryJudgmentDecision
http://www2.vcdl.org/cgi-bin/wspd_cgi.sh/vcdl/vade tail.html [vcdl.org] (see item #11)
Bottom line the guy who said you need to provide an SSN to purchase a gun is full of crap. Unless he proves his other points we should assume he's wrong there too.
Re:SSN (Score:4, Interesting)
I had all sorts of issues including (a small sample):
Eventually I got a fake SSN from a website that has lists of unused SSNs and everything went a lot smoother.
Re: (Score:3, Insightful)
Yup, and for the life of me I can't figure that one out. Every bank I've done business with has asked me what I wanted my starting check number to be, which makes the check number completely useless.
Re: (Score:2)
It's probably just a programmatic way to avoid starter checks. Those usually start at something ridiculous like 1 or 101.
Re: (Score:3, Informative)
However, not all banks are equal. The credit union at work absolutely refused to give me an account because they said they got fined if they gave accounts to people and didn't take their SSN. Bank of America, on the other hand, told me that was bullshit and had no problem in opening an account for me. All they wanted was a letter from my employer saying that I was
Re: (Score:2)
Re: (Score:3, Funny)
having my passport labelled a forgery at a bank because the date was 14/6/68. To quote the teller "there's no 14th month". Let me tell you - that creates an interesting scene in a busy bank.
Let me apologize for the increased restrictions on the ownership and use of firearms in the United States that have allowed an ignoramus so massive to continue to walk about.
Re: (Score:3, Informative)
Re: (Score:2)
No.
Apparently everyone is overlooking the incredibly obvious reason why SSNs even exist. It is your SOCIAL SECURITY ACCOUNT NUMBER. Your employer MUST have your SSN, or it cannot send your Social Security tax withholding to the US Treasury, the number is used to direct those funds to your personal retirement benefits account. Additionally, it is your Taxpayer ID Number, so it is used for other tax withholding,
Re:SSN (Score:5, Insightful)
A SSN is a perfectly fine and perfectly way to establish that we're talking about the same person. Names, adresses, birthdates whatever all break down here. (there is more than one "John Smith", there could even be more than one with the same birthdate, furthermore it's perfectly possible that "Ann Smith" is the same person as "Ann Kulstad", she could've married.)
For this purpose, making certain that two records really refer to the same person, SSN is fine. A unique key that refers to an individual.
Now, where you guys went wrong where in confusing this with authenthication.
The very fact that you use your SSN to *identify* which person you're talking about means that lots of different organisations and individuals *MUST* know your SSN. That ain't a problem. The problem is in assuming that whoever is aware of your SSN *IS* you, or is authorized to order credit-cards in your name, or whatever else.
We've got SSNs in Norway too. They're not particularily secret. The tax-people have them. Your employer has it. Your bank has it. They all even *need* to have it, to *identify* you. Your employer, for example, pays taxes, and uses your SSN when communicating with the tax-people so that it's clear for which individual these taxes are.
But here's the rub: Knowing the SSN is never *ever* considered authentication. You cannot order a credit-card in someones name just by knowing it. Nor access their bank-account, or infact do *anything* you couldn't just aswell have done without it. Except for ONE thing: If you know the SSN, you can use it to refer to an individual, in such a way that all involved will know for sure precisely *which* individual you're talking about.
The account is owned by individual X, the taxes are paid by individual X, the drivers-licence was issued to individual X, and we all (the bank, the employer, the drivers-license-people, etc) agree that this is infact one and the same individual, despite the fact that one of us spelled his name wrong, he has married, he has moved, and there's 17 other people with that precise name in Norway.
*THAT* is the point of a SSN.
You cannot at the same time give your SSN to dozens of different organisations (which you need to do if using it as an identificator shall work) and at the SAME time pretend that it's a secret that only the individual himself would ever know.
I dunno why USA persists in the stupidity.
Re: (Score:2)
Point out to your local normalization DBA (Score:4, Interesting)
Re: (Score:3, Interesting)
Re: (Score:3, Informative)
Not yet [ssa.gov], but they will eventually. That or add another digit.
Less than a century until we run out of our billion or so possible SSNs. Expect the next method to just have a new digit thrown in.
Re: (Score:3, Interesting)
Re: (Score:3, Informative)
10^9 = 1 billion possibilities. If the current system has used up 415 million, and SSNs are being added at a rate of 5.5 million a year.... that's around a hundred years to use up the remaining possibilities. I call that more than "a few decades"
Re: (Score:3, Informative)
Re: (Score:2)
(1000000000 - 415000000) / 5500000 = 106.36 years?
*sigh*
Re: (Score:2)
Re: (Score:2)
As I mentioned, you have quite a few invalid numbers... The ones I mentioned alone drop that down by 12,100,001. Also, several other "valid" ranges have closed, such as the 700-733 range for railroad workers, despite that range not having come even close to fully used. Then 800 to 999 also count as invalid (you have 200 million numbers wasted right there).
SSNs are being added at a rate of 5.5 million a year.... that's around a hundred years to use up the remaining pos
Re: (Score:2)
Re: (Score:2)
The SSN is divided as follows: the area number (first three digits), group number (fourth and fifth digits), and serial number (last four digits).
From SSA.gov
To determine if an SSN is invalid consider the following: No SSNs with an area number in the 800 or 900 series, or "000" area number, have been assigned. No SSNs with an area number above 772 have been assigned in the 700 series.
No SSN's with a "00" group num
Re: (Score:2)
They actually indicate the location of residence at the time of submission.
I know this because my first three digits indicate the state of CA which is where I was living when I got my SSN but it is not where I was born. I had occasion to speak with an IRS employee at a later date and they confirmed.
Thought it was actually illegal (Score:3, Informative)
From the Social Security Administration [ssa.gov]:
even more outrageous (Score:3, Interesting)
It appalls me how irresponsible this is. I have to write out my social security number down for the desk worker if I lock myself out of my room, to log-in to view my classes and grades, and all the time online to manage my account.
I cannot believe that such a highly accalimed university promotes such reckless actions. SSN's are basically our national ID number, and the fact that I have to throw it around all the time scares me.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Good thing federal law prevents that. (Score:5, Interesting)
Not as bad (Score:2)
The wrong way to speed up the process - post SSN of your CEO and higher management on the web or even sell them.
Do some research. See if there are any lawsuits holding companies responsible. Check for hard info on identity theft. Express your concerns to management in a documented fashion. If you can involve lawyers, HR, and the right
You might be surprised... (Score:5, Interesting)
...that my employer [irs.gov], a place flat-out driven by SSNs in many aspects of our work, wouldn't think of using them for anything internal that isn't mandated by law. We issue to everyone a 5-character ID that's used for signons and all sorts of IDs. We used to use a contraction of the user name, but even that has been 95% phased out for years.
It's not that difficult to quit using SSNs and it's just good policy. I'm surprised that they are still so commonly used in situations where they might be disclosed to anyone but the person to whom it belongs.
Re: (Score:2)
It is how the SSN is being misued by banks, and other agencies when it is not what it was established to be used for.
What about the Military? (Score:2)
USPS still uses em (Score:3, Interesting)
Leak (Score:2)
Leak it.
What happens if someone publishes all SSNs? (Score:2)
It's only a matter of time before someone gets their hands on the SSN:name database and posts it for all to see.
What the fuck happens then?
That'd be the best identity-theft reform EVER! (Score:2)
Currently, the weakness in the system is that a SSN and publicly-available information is still being treated as secure enough to be useful for identification, despite being demonstrably insecure for nearly all individuals (I'm sure there are a few people out there who have never had a job, but they probably don't need to worr
Re: (Score:2)
My idea, though, is that we have a widely published campaign with a set starting date that's at least a year in the future. So organizations have absolutely no excuse.
Old Employer 8 years ago (Score:3, Funny)
That said, Larry Wise's last four SSN numbers are 2795.
Solution (Score:2)
There needs to be a way to uniquely identify someone, and verify that identity. What does not need to be done is make that id public. That is the whole point of PGP encryption. An national ID number needs to be assigned. I hate the thought, but I finally gave in that it is a necessity. We already have a SSN, so it isn't something new. It just needs to be seperate from your SSN. I
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Which, of course, means that they will do everything in their power (and in the power of whatever politicians that they own) to make it not happen.
Those same companies want to be able to datamine your life to a greater extent than they do now.
Their concern about your privacy is "less than none".
Re: (Score:2)
Re: (Score:2)
2) Leaving the "party" blank was also intentional, because I don't think that either of the two major options is a real option. I am hoping that we end up with enough 3rd party and independents that they band together and can get the Democrates to help, I'll let them. Anything is better than what we have now.
Re: (Score:2)
So now the DoI has a long list of your every attempt at being certified for something - buying booze, viewing adult movies and other heathen activities. Who do you trust with that list? (Or do you really believe it will not somehow be rolled into the no fly list system?)
The current system sucks, but at least there is n
Re: (Score:2)
SSNs? (Score:5, Funny)
Funny or Interesting? (Score:2)
the only reason I ask is because I know of several US Citizens that don't have SSNs.
After all, there's no law saying you have to have one.
Re: (Score:2)
Re: (Score:2)
this is not necessarily true.
Re: (Score:2)
I suppose you can find some accounts that are not tied to the federal reporting statues, but those would not be the typical accounts that are offered by any banks that are federally or state chartered.
Of course, if the bank you are talking about is "off shore" that is a different issue altogether,
and just to show what can happen... (Score:2, Informative)
Re: (Score:2, Informative)
Not trying to scare anyone here...but...my wife works in this field (no not stealing identities, helping people resolve issues arising from stolen identities!) and unfortunately it is not just about your credit. If someone gets hold of your SSN together with your name they can 'become you' in many different ways.
One of the scariest things is when your number gets used for reporting income by many people. Even if income tax is withheld on the wages of these imposters guess what happens when you work 20 dif
crazy (Score:2)
i'm a victim (Score:3, Informative)
I have the original SS card in its original envelope from 2 months after I was born.
I had a hard time explaining things to employers when I was a teenager because they'd do checks of some sort and find this other guy's name.... notably Radio Shack and Menards (Like Home Depot) were the main ones causing problems over it.
Re: (Score:3, Informative)
Individual Unique ID (Score:2)
It's not a problem if you are dealing with one location or a small set of locations, but if you deal with state-wide or federal data it gets to be an issue to have a good unique ID for everyone.
The idea of a national ID would be an alternative (as SSNs go up to 999,999,999 we are running out). ANother would
You're looking at it from the wrong direction (Score:3, Informative)
The problem is that banks etc. use knowledge of SSN for authentication. If someone accumulates debt in your name, based only on their knowledge of your SSN and other readily available data (DOB, mother's maiden name) then you should be able to simply disown those debts, sticking the problem back on the people who accepted inadequate ID.
Re: (Score:2)
Quattuor res in hoc mundo sanctae sunt: libri, liberi, libertas et liberalitas.
Translation? :)
Excellent information about SSNs and privacy (Score:2)
From the Privacy Rights Clearinghouse: Your Social Security Number: How Secure Is It? [privacyrights.org]
SSN equivalent public in some countries (Score:2, Informative)
One may argue that having compatible unique keys in almost all databases enables or at least simplifies abuse by correlating various databases. But as far as identity
What exactly is the problem? (Score:2)
I would say that the problem is not that your company uses the numbers for non-financial purposes, but that it is easy to use it to obtain credit.
*that* is the thing that should be fixed. Don't attempt to keep something like an SSN a secret, because th
It's a big project (Score:2)
The otherway around (Score:2)
SSNs are the perfect single sign on.
I don't see the problem at all...
Re: (Score:2)
If a SSN is used in any other context or manner, it is that context that is out of line. The same should be said for a mother's maiden name or any other "proof of identity" that is suggested. Instead, identify needs to be established with some sort of "trusted" group that makes a re
Googling Revealed This Nice Government Report (Score:2)
Basically, federal and state laws have all sorts of different restrictions. Related to this topic, it says:
SSNs at my work (Score:2)
Seriously, though, this is
Finacial Records (Score:2)