Identity thieves are
Such episodes serve as reminders to
But just how careful are we? Often the answer is: not very.
That's because, from gym memberships to job applications, we're routinely asked for those crucial digits. Most of us just comply without wondering why it's needed. So it's worth asking: Why do so many businesses or private agencies ask for the number in the first place –– and is their nosiness allowed by law?
The short answer is that SSNs are often used as just another way to verify identity. And yes, any entity can ask for the number and use it for any purpose that doesn't violate federal law, according to the Social Security Administration. You can refuse, but then they have the right to deny you services.
On its
Over time, though, that changed. Businesses, government agencies and other groups discovered that the unique identifying number was a handy alternative to creating a separate identifier for their own recordkeeping purposes.
"Use of the SSN as a convenient means of identifying people in large systems of records has increased over the years and its expanded use appears to be an enduring trend," the Social Security Administration reports. "Generally, there are no restrictions in federal law precluding the use of the SSN by the private sector, so businesses may ask individuals for an SSN whenever they wish."
Sometimes it is even required by law. Employers need the number to report employees' earnings to the government. Banks and credit card issuers also have a legitimate need. So do financial professionals who have an obligation to protect any PII they gather from clients. Financial advisors are also in an excellent position to remind clients about the dangers of being loose with their Social Security numbers, and to be as diligent as possible in protecting them.
Encourage clients to ask these three questions of anyone who requests their Social Security number:
- What is the purpose of having the number, and who will they share the information with?
- How long will the information be stored on their servers?
- Is there another way to establish identity without the Social Security number?
Unfortunately, too many people automatically comply when asked for their data. To put an end to that, all of us can decide to share the information more sparingly, to ask more questions and to demand to know exactly how it will be used.
Another way is to create better safeguards around the information itself. Reusable verified digital identifications, such as the one my company provides, gather an individual's sensitive information — government-issued IDs, date of birth, aliases, addresses and, yes, Social Security numbers. After a verification process, a unique identification is issued, one that can be shared by the individual over email, phone or QR code, or which can be embedded in a financial institution's onboarding application. The PII is never shared and is always under the individual's control.
An all-in-one digital ID means the user does not have to share diverse pieces of personal information over and over, while the business or agency does not have to worry about the liability and expense involved in storing and protecting the information.
Everyone wins — except, of course, the identity thieves.
