In comments to the Federal Trade Commission, the Samuelson Clinic argued that credit grantors are using the Social Security number (SSN) both as a record locator to identify individuals, but also as a password to authenticate them. A series of cases points to credit grantors approving impostors’ applications for new accounts where the SSN matched, but other critical information, such as the date of birth and address, did not. This practice of relying heavily on SSN matches contributes to identity theft, and has led to the development of “synthetic identity theft,” a form of new account fraud where the impostor creates an entirely new identity. Synthetic identity theft is described in detail in a new article by Clinic staff attorney Chris Hoofnagle.
The comments note that reliance on the SSN to the relative exclusion of other critical information makes identity theft easy to commit, but also that simple changes in authentication practices could reduce incidence of identity theft. That is, rather than adopting expensive and more invasive authentication mechanisms, the Federal Trade Commission could explore simple steps, such as matching the SSN to basic identifiers, including the name, address, and other data, in order to prevent identity theft.
In a later phase of the project, Clinic senior staff attorney Chris Jay Hoofnagle made two presentations to the Federal Trade Commission’s workshop focusing on the use of the Social Security number. At the workshop, Hoofnagle discussed synthetic identity theft, a practice where impostors create fictitious identities for financial gain. This practice is discussed in detail in Hoofnagle’s article, “Identity Theft: Making the Unknown Knowns Known”, which was published in the Harvard Journal of Law and Technology. On the second day of the workshop, Hoofnagle joined other experts to make recommendations about the use of Social Security numbers.