Social Security numbers are 80 years old — here’s how America could replace them
The Equifax hack raises timely questions about whether these numbers are obsolete
The Equifax EFX, -2.56% breach exposed the data of potentially 143 million people, putting them at high risk of identity theft and fraud. The devastating hack has underscored what many security experts have been arguing for years: We shouldn’t be using Social Security numbers for authentication in the first place.
“We are now at a point where our hands are tied: We can no longer conscientiously use this as an authentication and be taken seriously by consumers,” Seth Ruden, senior fraud consultant at global payments systems company ACI Worldwide, said of the Social Security number.
A lifelong, unchanging identifier like a Social Security number makes hacks more appealing to scammers and inevitably puts consumers at high risk. “Today, the Social Security number may be the most commonly used numbering system in the United States,” according to the Social Security Administration. That’s good news for hackers, bad news for consumers.
The Social Security number was created in 1936 to keep track of earnings and was never meant to be an independent identifier, according to Sam Rehman, chief technology officer of Arxan. In fact, until 1972, it said “not for identification” at the bottom of all cards.
“We need to find a way like most other systems that require true consent to authorize,” Rehman said. He suggested a new public key infrastructure for the U.S., which is a set of policies to manage digital certificates that correspond with people and use encryption for more security.
Put simply, the new identifier would be a unique number known only to the user that changes periodically and automatically. Replacing the Social Security number, this could be layered with additional forms of security like biometric identification or non-numerical identifiers like birth date, occupation, and other unique facts about an individual. This is the case in India, where an effort was launched in 2010 to create biometric identifiers for each of the 1.2 billion people in the country to crack down on welfare fraud.