The current issue of Mental Floss (http://www.mentalfloss.com/) has an interesting story about the origin of Social Security numbers and what the different parts of the number mean.

According to Mental Floss, the first three digits are assigned based on the zip code where you applied for the number, the second two digits are group numbers and are not assigned sequentially but rather according to a rather complicated sequencing scheme which goes something like, a) odd numbers between 01 and 01 b) even numbers from 10 to 98 c) even numbers from 02 through 08, and d) odd numbers from 11 through 99. The last for digits are simple sequence numbers

The Mental Floss article has an interesting story about accidental misuses of the social security numbers in the early days of the system . . .

In 1938, a Mr. Douglas Patterson owned a company that sold wallets. As part of creating a display for the wallets, he wanted to show some demos of typical things that coul dbe carried in a wallet. So he had some fake social security cards printed up and included in every single wallet that was put on display. His secretary, Ms. Hilda Scrader Whitcher, not knowing any better. put her own social security number on the card.

Not a good idea. Thousands of people bought Mr. Patterson’s wallets thinking that it included a social security number just for them. The government estimates that around 40,000 people used Ms. Whitcher’s social security number as their own. What a mess.

Fast forward to the year 2004. Incredibly, the situation has not improved any. Despite government encouragement against it, social security numbers are used for thousands of purposes beyond just keeping track of how much money you have paid into the social security system. For decades now, SSNs have been used to index everything abut us from out library check-out history to our medical records.

The problem is that anyone can still use anyone else’s SSN any time they want. Virtually no checking is ever done on the validity of social security numbers. Ever. This is one of the funadmental causes of identiy theft in the United States.

There have been good efforts in industry to try to minimize the exposure and risk of stealing SSNs. Some of these are driven by legislation that bans the printing and display of SSNs in situations where they might easily be seen or stolen. And many companies are spending hundreds of millions of dollars to re-tool their IT systems to eliminate the use of SSNs as indexes. Likewise, some larger companies are including language in outsourcing contracts and other business documents to require the business partner to adopt similar restrictions on how and when social security numbers are used and displayed.

These measures are welcome and helpful, but they address the symptoms, not the root problem. The fundamental problem is that Social Security Numbers are not being validated on a routine basis. The Social Security Administration provides a variety of services to enable people to validate social security numbers and there is a mini-industry of service providers that offer SSN based services to others.

Some of these services simply tell you whether a given SSN is valid and when it was issued and the state it was issued from. Some of these services can look up public records and tell you the name of the person that a social security number is for. Other services will search public records and find past addresses of the person associated with a social security number.

But for whatever reason, these sorts of services are not routinely used to validate SSNs. By contrast, it’s virtually impossible to use a credit card number without it being validated at the time it’s collected. The Credit Card industry has done a terrific job of assessing risks of all the different transactions that can occur with a credit card number and instituting a validation process worthy of the risk involved. And as a result hundreds of millions of credit card transactions are run every day and each and everyone of them validates the use of the card number.

Instead of focusing on band-aid fixes such as tracking when and where social security numbers are printed and displayed, industry and government need to be focusing on making the validation of social security numbers as routine, simple, and inexpensive as validating credit card numbers.

–Calvin Powers

This entry was posted by Calvin () on Sunday, November 14th, 2004 at 9:20 am and is filed under Government Programs. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Note: Blog posts are the opinions of their authors and do not reflect the official opinion of the National Science Foundation or North Carolina State University.