Voices

May I have your SSN? Too many of us are saying 'yes'

Identity thieves are on the prowl, and one of the main treasures they seek is Social Security numbers.

Data breaches in financial services firms that leave Social Security numbers and other personally identifiable information (PII) exposed are increasingly common. As just one example from this year, Voya Financial Advisors notified clients in March that their records had been the subject of a data breach, with an unauthorized party gaining access to consumers' names, addresses and Social Security numbers.

Raj Ananthanpillai
Raj Ananthanpillai, CEO and founder of Trua.

Such episodes serve as reminders to all of us how careful we need to be with our PII — especially those Social Security numbers.

But just how careful are we? Often the answer is: not very.

That's because, from gym memberships to job applications, we're routinely asked for those crucial digits. Most of us just comply without wondering why it's needed. So it's worth asking: Why do so many businesses or private agencies ask for the number in the first place –– and is their nosiness allowed by law?

The short answer is that SSNs are often used as just another way to verify identity. And yes, any entity can ask for the number and use it for any purpose that doesn't violate federal law, according to the Social Security Administration. You can refuse, but then they have the right to deny you services.

On its website, the Social Security Administration discusses how the use of SSNs has evolved since the agency was created in the 1930s. The card was not initially intended as a personal identification document; its original purpose was simply to allow the government to maintain records of the earnings of workers covered under the program. 

Over time, though, that changed. Businesses, government agencies and other groups discovered that the unique identifying number was a handy alternative to creating a separate identifier for their own recordkeeping purposes.

"Use of the SSN as a convenient means of identifying people in large systems of records has increased over the years and its expanded use appears to be an enduring trend," the Social Security Administration reports. "Generally, there are no restrictions in federal law precluding the use of the SSN by the private sector, so businesses may ask individuals for an SSN whenever they wish."

Sometimes it is even required by law. Employers need the number to report employees' earnings to the government. Banks and credit card issuers also have a legitimate need. So do financial professionals who have an obligation to protect any PII they gather from clients. Financial advisors are also in an excellent position to remind clients about the dangers of being loose with their Social Security numbers, and to be as diligent as possible in protecting them. 

Encourage clients to ask these three questions of anyone who requests their Social Security number:

  • What is the purpose of having the number, and who will they share the information with?
  • How long will the information be stored on their servers?
  • Is there another way to establish identity without the Social Security number? 

Unfortunately, too many people automatically comply when asked for their data. To put an end to that, all of us can decide to share the information more sparingly, to ask more questions and to demand to know exactly how it will be used.
Another way is to create better safeguards around the information itself. Reusable verified digital identifications, such as the one my company provides, gather an individual's sensitive information — government-issued IDs, date of birth, aliases, addresses and, yes, Social Security numbers. After a verification process, a unique identification is issued, one that can be shared by the individual over email, phone or QR code, or which can be embedded in a financial institution's onboarding application. The PII is never shared and is always under the individual's control. 

An all-in-one digital ID means the user does not have to share diverse pieces of personal information over and over, while the business or agency does not have to worry about the liability and expense involved in storing and protecting the information. 

Everyone wins — except, of course, the identity thieves.

For reprint and licensing requests for this article, click here.
Technology Cyber security Identity theft protection Identity theft Social Security Administration Fraud prevention Fintech Financial crimes
MORE FROM FINANCIAL PLANNING