If you’ve spent the month of September evaluating your online presence and security measures, you’re not alone. The Equifax data breach has served as an unfortunate reminder of just how public our “private” information is. This breach has also rekindled the scrutiny of Social Security as our defacto national identification system. What are our options?
Social Security Number
Even without major data breaches, your Social Security number isn’t exactly a secret. The first three digits are based on a geographical code that is determined by where you were born (or where you lived when you first registered). The last four are requested on nearly every phone call or digital login to confirm your identity. That doesn’t leave much guessing for dubious algorithms to fill in the two-digit blank. In 1936, when Social Security numbers were first issued, the aim was to track wage history for the purpose of determining benefits. Today, it has become a ubiquitous form of identification, from student ID’s to Medicare cards, though the former seems to have been phased out over the past 10 years and the latter will soon be joining. The Center for Medicare Services announced earlier this month that they’re going to mail new cards beginning April 2018 with ID numbers rather than Social Security numbers.
National Identification Number
There has been some discussion to assigning a national identification number to each citizen (much like the U.K. and Japan). But, who’s to say that won’t end up playing the same role our Social Security numbers do now, simply replacing what the hackers are after? A suggested spin on this is to assign identification numbers that would be known only to the user and would change automatically. Another alternative offered is to create identification numbers for specific purposes; one number may relate to your health care needs, another to your education needs, another to your financial institutions. Having different numbers for each need could contain the spread of identity theft, and would certainly make changing a compromised number easier than changing your Social Security number.
Another idea is putting the technological breakthroughs of the last century to use by way of biometric identifiers (finger prints, eye scan, facial recognition, etc.). Aside from the fingerprint that many of us use to unlock our smart phones, some financial institutions are getting on board too. 15 million customers in the U.K. are learning how to use Voice ID, new authentication technology rolled out by the global bank HSBC. Likewise, governmental organizations in both the U.K. and Australia have rolled out technology that allows customers the option to create a “voiceprint” to identify themselves with they call. What if someone uses computer simulation to recreate your voice, replicate your finger print or capture your face (also pretty public)? Technology is trying to keep up by creating “anti-spoofing” software that can detect fraud. And so it goes.
In 2011, President Obama established the National Strategy for Trusted Identities in Cyberspace. The effort was focused on seeking alternatives to and protection of Social Security numbers as identification. Since the Equifax data breach, security experts are suggesting a refocus (and refunding) of that program. As with any major, national overhaul, this will take time. Until then, do what you can to keep yourself safe. Check out our most recent blog post on identity safety for ideas.