On Dumping the Social Security Number (SSN)

Should We Dump the Social Security Number?

In my opinion, yes.

We should replace the venerable Social Security number (SSN) —not as a financial identifier for things like tax filing, but as the be-all, end-all for identity. The reality is that the SSN was never intended to be the bulwark of our digital identity, and its vulnerabilities have become laughable in the age of computing, synthetic identities, and now the increase of corporate data breaches.

It’s more than likely, that every American’s SSN has been part of a corporate data breach. At any given time, millions of SSNs are for sale on the “dark web,” for a few dollars. Scammers who buy them can use them to open accounts in your name, apply for loans, and more. 

So, what are some of the options we can work towards, to have a one-time use of our SSN with a security front and backend?

There’s multi-factor authentication (MFA). This is like putting a deadbolt, barrel lock, pushbutton lock, and security bar on your apartment door; an invader has to defeat them all to get in. MFA combines multiple verification methods—passwords, biometrics, and one-time codes—to confirm a person’s identity. This significantly enhances security, but it makes accessing secure data more time-consuming and inconvenient, which is a non-starter for some. 

Public key infrastructure (PKI) uses public and private keys to authenticate and encrypt data. Each individual receives a unique key pair to sign and verify their identity, ensuring a secure and tamper-resistant identification process. Key management can be problematic, however, and can intimidate users.

Another popular discussion is centered around biometric authentication. This tech uses unique physiological or behavioral characteristics like fingerprints, facial recognition, iris scans, or voice patterns to verify a person’s identity. This might already be in use on your smartphone! Biometrics offers a high level of accuracy and security, but there are concerns about storing the data securely. 

Blockchain technology is another option. Blockchain is the decentralized and encrypted digital ledger that makes cryptocurrency and many other aspects of modern commerce possible. With it, consumers would control access to their personally identifiable information (data), reducing the risk of identity theft and misuse. Each individual’s identity would be cryptographically secured, preventing unauthorized alterations and ensuring transparency. But there are challenges involving deploying blockchain at scale, and the computers that run it use massive amounts of energy—a major issue in an era of climate change. 

Finally, there is Artificial Intelligence (AI) based identity verification. AI can analyze all manner of behaviors to confirm a person’s identity—their digital usage patterns, online behavior patterns, and even keystroke patterns, together with facial and voice recognition. One big advantage here is that AI can continuously learn from user interactions, making it more accurate. However, there are worries about AI bias and ethics, and how AI can and will be used to increase cyberattacks against organizations and consumers’ data.

Stay safe.

Christopher A. Smith is the author of Privacy Pandemic: How Cybercriminals Determine Targets, Attack Identities, and Violate Privacy—and How Consumers, Companies, and Policy-Makers Can Fight Back—from Amplify Publishing.