Allison Gordon (not her real name) was returning from a visit with friends in Los Angeles when she found she'd lost her wallet on the trip. She promptly did all the important things she needed to do - called her bank and canceled her cards, called her state's DMV and informed them she'd need a new license, and so on.
Unfortunately, Allison's Social Security Number (SSN) ID card was also in her wallet, meaning anyone who found it could have access to her records - and any other transaction she undertook using that as an identifier.
So Allison called the Social Security Administration (SSA) and asked that her number be changed. It would be a hassle, but worth it, she thought -- better she get a new number than risk being victimized by identity thieves.
But Allison was in for a surprise. She was told she couldn't change her number under almost any circumstance. Indeed, according to the SSA, you can only change your number if it has already been used for fraudulent purposes, if you know it's about to be used against you, or if there's a verifiable threat against your life, such as a stalker.
Given the incredible amount of usage your SSN gets as an identifier, and given how easy it has become for it to fall into the hands of criminals, why is it so difficult to get a new one?
Jumping Through Hoops
According to the SSA's Publication fetchingly titled 05-10064, "Identity Theft and Your Social Security Number," if you lose your card or believe your number has been stolen, you have to take all the common-sense precautions, such as contacting the SSA, credit bureaus, and filing a police report.
However, in order to get a new number, you have to demonstrate that you've taken all of these steps and they haven't worked. The SSA also states that you cannot get a new number if "you filed for bankruptcy; you intend to avoid the law or your legal responsibility; or your Social Security card is lost or stolen, but there is no evidence that someone is using your number."
The exact criteria the SSA requires before allowing someone to create a new number include:
• Sequential SSNs assigned to members of the same family are causing problems.
• More than one person has been assigned, or is using, the same number.
• Commonly held religious or cultural objection to certain numbers/digits in the SSN
• Despite trying to resolve problems brought on by SSN misuse, such as by an identity thief, a victim continues to be disadvantaged by the continuing SSN misuse.
• Harassment, abuse or life endangerment situations (including domestic violence).
In other words, you can't actually "prevent" any identity theft or fraudulent SSN usage until after it happens, which hardly fits the definition of prevention.
Most experts agree that changing your SSN is a drastic move that should only be used if other options fail. The identity theft prevention group Victims' Assistance of America states that, "There is a lot of information linked to your Social Security number, (ie: employment records, income tax issues, etc.) and too many unforeseen possible problems down the road if you change it."
Social Security accounts that have new numbers need to link together for the account holder to receive benefits upon retirement, and changing one's SSN can also impede their ability to get credit, as your "new" profile won't have a history attached to it.
Many "credit repair" firms will claim you can change your SSN to escape debt or bankruptcy, and offer to do it for you. This is illegal and a Federal offense, which is hardly the result victims of identity theft are hoping for when they look into it.
And yet, given the exploding reports of identity theft and data loss from businesses, corporations, government agencies, and the like, shouldn't the standards be altered to better respond to this new threat? How did a number used to track your retirement benefits become such a centerpiece of your identity to begin with?
Stretched Too Thin
Part of the problem is that the SSN itself was intended to act as an individual identifier, but only for purposes of record-keeping by the Department of the Treasury.
Yet not only is the SSN required to identify you to many government agencies and services (ranging from the IRS to state child welfare), it's also asked for by banks, online shopping sites, retail stores, and creditors. How many times have you tried to pay a bill online, forgotten your password, and entered your SSN in order to get your password reset?
Not only that, employers use SSN's as tools to verify a person's identity for hiring, landlords use it for credit checks, and search sites such as NetDetective and Records-Search boast of being able to find anyone via a search through Social Security records.
All of this contributes to making the SSN into not only a personal identifier, but a dangerously easy way to steal one's identity.
Another problem is that the Social Security Administration simply isn't equipped to handle instances of identity theft. Even though the agency has 1300 field offices and over 65,000 employees, it has its hands full processing Social Security claims and benefits for its millions of recipients. The system has grown to such size and complexity that trying to add identity theft protection to SSA services would stretch the operation to the breaking point.
Of course, when identity thefts do happen, such as parents using their children's SSN's to steal money from their accounts, the agency is powerless to do anything about it. But there have been instances where the SSA has deliberately encouraged conditions to allow individual Social Security numbers to be stolen - perhaps not maliciously, but certainly with no precautions in place.
As if the normal difficulties of running such an enormous operation were not enough, the SSA has come under intense scrutiny for several political missteps of late.
In December of 2004 and early in 2005, the SSA was accused of promoting President Bush's agenda of promoting individual retirement spending accounts, via a recorded message discussing the "troubles" of the system.
Then it was revealed that the SSA had relaxed its privacy restrictions and searched its records on behalf of the FBI after the September 11th terrorist attacks.
In addition, increased attention has been drawn to the SSA's "earning suspense file," a vast record of earnings attached to Social Security Numbers that have been mistakenly issued to the wrong people, or earnings unclaimed by their recipients. Many of these earnings come from illegal immigrants who were able to receive SSN's in order to work in the country.
MSNBC's technology correspondent Robert Sullivan's January 2005 report on the issue stated that as much as $420 billion has ended up in the earnings suspense file, much of it from undocumented workers using stolen SSN's, and no one notifies the victims due to fears of violating their privacy, or, as some allege, to maintain a source of cheap labor for the country's needs.
Signs of Progress
The Social Security Administration does have an extensive, if cumbersome, set of guidelines available to victims of domestic abuse who want to change their SSN to avoid stalking, and organizations dedicated to preventing domestic abuse have information on how to change your number without endangering your credit history.
In addition, on July 12, the Wall Street Journal reported that the Social Security Administration is allowing some victims of fraud and identity theft to get new numbers.
Until the Social Security Administration establishes distinct guidelines for changing a Social Security number in case of identity theft, the best course to take is to minimize its usage whenever possible, and use common sense.
More than a credit card number, an address, or even a bank account number, your Social Security number is a key many identity thieves and con artists can use to unlock your finances for their benefit. The more that it gets used, the more likely it is it will be misused.