Anyone can figure out your Social Security number just by guessing

July 6, 2009

So says the Washington Post:

Researchers have found that it is possible to guess many — if not all — of the nine digits in an individual’s Social Security number using publicly available information, a finding they say compromises the security of one of the most widely used consumer identifiers in the United States.

Many numbers could be guessed at by simply knowing a person’s birth data, the researchers from Carnegie Mellon University said.

Yet for some reason I always have to repeat it about 5 times to some stranger in India whenever I try to call the bank or the phone company. Why can’t they just guess? Oh wait, there’s more from the article:

The results come as concern grows over identity theft and lawmakers in Washington push legislation that would bar businesses from requiring people to supply their Social Security number when purchasing a good or service.

“Our work shows that Social Security numbers are compromised as authentication devices, because if they are predictable from public data, then they cannot be considered sensitive,” said Alessandro Acquisti, assistant professor of information technology and public policy at Carnegie Mellon University, and a co-author of the study.

Oh I see. For a minute there I thought they were agreeing with my point that I shouldn’t have to give sensitive information to a stranger in India every time I need customer service for something. But they’re really just saying that because everyone already knows your SSN, we need to give strangers in India a more sensitive piece of info in order to verify who we are so we can order a repair on our satellite dish or report a problem with our voicemail. Maybe we should have to get our microchip scanned every time we make these phone calls. That would solve the problem. We just all need a microchip and a scanning device hooked up to our phone/computer.

