Passwords and Social Insecurity

[big_bad_al]

Why do private companies treat your social security number like a personal ID number? The government doesn't do this: the only federal paper that will have your SSN on it is your Social Security Card. It does not appear on your passport, your drivers license, or your birth certificate. and yet, the last 4 digits of your SSN is the default PIN for

Comments

[janna]

Yeah, I've heard rants about this for years. The problem is I don't know what I can do about it. I mean, yes, I can avoid using it sometimes, but when banks and credit cards use it, you often dont have a choice not to. Just recently my mom was using a Kohl's credit card that she did not have with her, so she had to give her SSN. I've even heard cashiers ask for it out loud!

The one thing is that the SSN does provide (theoretically) a unique identifier. So, for things like banks it kind of makes sense. But you ought to be able to provide enough other information to make idenify yourself.

[dhalps]

1) I had a similar thing happen with a new credit card, and it wasn't actually an identity theft thing. It was just them being stupid.

2) "When social security was created" isn't a great argument for something, because social security is a moronic pyramid scheme. Sounds like the Republican argument about "When this country was created" while trying to defend composition of church and state. (state $\cdot$ church). Or slavery

[macdaddyfrosh]

To summarize (part) of this: Your social security number is your UID because it was the first numeric identifier everybody got that didn't change. (Address? Phone Number? Those change)

So everybody started using it, because it was easy. The fact that it has something to do with social security is tangential, really; it's just a UID.

Luckily, there is legal recourse for identity theft, unlike computer security, where it is (usually) roughly impossible to catch the bad guy.

My Dad points out that it could be that you checked a box somewhere that signed you up for a credit card implicity; overdraft protection, various other things...

[big_bad_al]

You and Dan make good points.

I'm almost positive I didn't do anything to get this card; before this morning I hadn't actually been to a bank in months, except to get a cashier's check for the down payment on the apartment. If I checked some box several years ago, the card is a bit late getting here...

I guess at least part of it is that I've always thought that identity theft happened to people who weren't careful about stuff like this and used the same password on every website, people who buy stuff from spam advertisements, and who fall for phishing schemes. Reading how easy it was for Dan to find his own information in publicly accessible places (even outside of the whole grad school application thing, over which I hope someone was severely chastised, if not fired) and realizing that even if you're careful this information isn't in the least secure is a bit of a kick in the teeth for me.

[big_bad_al]

I'm surprised to hear that the government puts my SSN on all it's documents: lawmakers for quite some time argued against using SSNs as National ID numbers. To quote from the Privacy Act of 1974,

It shall be unlawful for any Federal, State or local government agency to deny to any individual any right, benefit, or privilege provided by law because of such individual's refusal to disclose his social security account number [except for laws Congress may pass in the future that explicitly talk about SSN use].

I have always thought that I could get a drivers lisence, file my tax returns, etc. without giving anyone my SSN, so long as I was willing to stick to my guns and go through a bit of a hassle. Hearing otherwise makes me even more uneasy---there are a lot of underlings in the government that I don't think are trustworthy enough to handle everyone's personal information (just as in the Veteran's Affairs mishap you mentioned).

Otherwise, you make some excellent points.

[riccobot]

Did you apply for the credit card? I had a credit card appear on my list of BofA accounts that I never applied for. Non-ideal, I say.

[big_bad_al]

Yeah, that sounds similar. I never applied for the card. Near as I can tell, someone else applied for the card and then sent me the letter, hoping I'd call the number and give them my new credit card information.

I went to the bank today, and they referred me to their fraud hotline (which is the same phone number their website suggests I call about fraud), which won't be open again until Monday. I'll see if I can track this down more in a few days...