1(630)802-8605 Ravi.das@bn-inc.net

When one hears about a Cyberattack, very often the thought of stolen credit card numbers, other types of financial information and data, email addresses, contact books, usernames and passwords, very often come to mind. 

But this is only one part of the proverbial “crown jewels” that the Cyberattacker is after.  The theft of this kind of stuff will only result in short terms gains for him or her, such as draining money from your bank account, or creating a fake credit with your stolen number to make all sorts of purchases.

What they really want in the end is something that is longer lasting, in which they can assume your identity, and cause even more damage to you.  Yep, you got it.  This is known as Identity Theft, and once it happens to you, it can take years to recover from it. 

The one critical piece of information that is needed to do this kind of thing is your Social Security number.

At least here in the United States, the Social Security number is our key identifier to society. For example, we use it to get medical insurance, prove our eligibility to work, obtain government assistance at the local, state, and federal levels, and even use it to prove our identity to financial institutions.  We use it in carefree ways just like our passwords and credit card numbers.

Although the American public has become more cognizant about the need to protect the above-mentioned items, we are still extremely lax when it comes to protecting our Social Security number.  This is reflected in a recent study that was just conducted by Compare Cards, a division of Lending Tree.  Here is what was found:

*40% of American consumers that either hold a credit or debit card have given out their entire Social Security number on an online form, without first confirming the security of the website (for example, does it have an “HTTPS”, does it have any level of encryption, etc.);

*Almost 95% of the respondents have expressed hesitation about submitting Social Security numbers online, only about 44% of them are taking actual, proactive steps in protecting their Personal Identifiable Information (PII).  This includes such things as monitoring their credit reports on a regular basis, as well as other financial documentation (such as credit card statements, brokerage statements, etc.);

*Although 91% of the Americans polled are becoming much more aware of Cyberthreats, only 42% of them said that they would file for financial damages if they were a victim of the Equifax security breach, and astonishing 20% of those victims said that they would not even bother to file for financial compensation at all.

My Thoughts on This

Well first and foremost, the one thing that struck my mind is why wouldn’t anybody file for financial compensation if they were a victim of the Equifax security breach?  Is just because there is too much paperwork involved, or do people simply believe they have don’t have a chance in recouping some if not all their losses?  Or does it simply come down to the fact they are just too lazy?  Or are they afraid it will take too long to get the money in question?

Who knows?  Heck, if it was me, I would be the first in line to try to get my money back if I became a victim.  It would probably take some time I am sure, but at least I will have some peace of mind knowing that at least I am taking whatever steps I can take to something returned to me that was wrongfully stolen in the first place.  Now back to the Social Security number. 

The reality of the situation is that this will remain to be our key identifier for the foreseeable future, unless something comes up that will replace it entirely.

In this case, it would be the use of Biometric Technologies, namely those of Fingerprint, Iris, and Facial Recognition.  In this regard, many of the developing nations around the world are using this, especially on the African Continent. 

I am not totally sure if they have anything like Social Security numbers, but using Biometrics, the citizens there are now being counted as unique individuals by their respective governments.

Other countries around Europe have also adopted the usage of Biometrics but have implemented those templates into what is known as the “National ID Card”.  This is sort of like our driver’s license here in the United States. Will we see something like that here in the United States?  Most likely not, because of the so-called invasions of our privacy and constitutional rights.

So now the question is how do we go about protecting our Social Security numbers?  It is quite plain and simple:  Just never give it out.  There are of course of those times in which we must, especially when it comes to time so show our eligibility to work at a new job. 

In these instances, we just simply must trust the individual that oversees processing our I-9 forms, and that the information will be either destroyed after it is no longer needed or kept in a safe place.  The unfortunate part about this is, if we do not comply, we won’t be able to start work.

Also as mentioned, there are other times as well, especially when we open new financial accounts.  Only give out your Social Security number to your financial advisor, and nobody else.  But to do this only when you have established some level of trust with him or her. 

Many times, when we need to transfer money, the financial institution will also ask for the just the last digits of our Social Security number.

At the present time, probably one of the most fraudulent uses of Social Security numbers is when it comes to job recruiting, especially online.  There are some job posters that will require you to submit your information, in order to complete your application.  I have been asked to do this before, and even now sometimes. 

What do I do?  I simply close out the application and look for something else.  Even if the job seems like that it could be a great fit, always think first of the long-term consequences if indeed you submit your Social Security number without even having met the recruiter face to face.

 Heck, I have even been asked to submit my Social Security number on paper applications. What do I do?  I just leave it blank and move on and fill the other parts of it out.  Finally, never text or even email your Social Security number, even if you are using an encrypted line of network communications.  Here are the key takeaways from all of this:

*Never ever give your Social Security number;

*If you must, only give it to a person you trust (or have some baseline trust with, especially when it comes time to proving your eligibility to work);

*Never ever submit your Social Security number via any electronic or digital means – you just never know who is at the receiving end.

Finally, more details about this study can be seen here:

https://www.scmagazine.com/home/security-news/despite-concerns-over-breaches-40-of-cardholders-have-provided-social-security-numbers-online/