Projects and Cases
Clinic Comments on Private Sector Use of the Social Security Number
In comments to the Federal Trade Commission, the Samuelson Clinic argued that credit grantors are using the Social Security number (SSN) both as a record locator to identify individuals, but also as a password to authenticate them. A series of cases points to credit grantors approving impostors’ applications for new accounts where the SSN matched, but other critical information, such as the date of birth and address, did not. This practice of relying heavily on SSN matches contributes to identity theft, and has led to the development of “synthetic identity theft,” a form of new account fraud where the impostor creates an entirely new identity. Synthetic identity theft is described in detail in a new article by Clinic staff attorney Chris Hoofnagle.
The comments note that reliance on the SSN to the relative exclusion of other critical information makes identity theft easy to commit, but also that simple changes in authentication practices could reduce incidence of identity theft. That is, rather than adopting expensive and more invasive authentication mechanisms, the Federal Trade Commission could explore simple steps, such as matching the SSN to basic identifiers, including the name, address, and other data, in order to prevent identity theft.