<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.0 Transitional//EN'>

<html><head><title>531096-00047.htm</title>

<meta name='vs_defaultClientScript' content='JavaScript'>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<meta name='vs_targetSchema' content='http://schemas.microsoft.com/intellisense/ie3-2nav3-0'>

<meta name='Originator' content='CommentWorks'></head><body><Table>

<tr><td><b>Comment Number: </b></td><td>531096-00047</td></tr>

<tr><td><b>Received: </b></td><td>8/3/2007 8:18:44 PM</td></tr>

<tr><td><b>Organization: </b></td><td></td></tr>

<tr><td><b>Commenter: </b></td><td>David Anderson</td></tr>

<tr><td><b>State: </b></td><td>Outside the United States</td></tr>

<tr><td><b>Agency: </b></td><td>Federal Trade Commission</td></tr>

<tr><td><b>Rule: </b></td><td>Private Sector Use of SSNs</td></tr>

<tr><td>No Attachments</td></tr></Table>

<hr><P><b>Comments:</b></p>The real fact of SSN usage is that it is a very convenient number to use. It is unique, it is with a prefixed country code a unique identifier for a human resource all over the world. This makes it attractive to use by all organizations all over to use it as a unique reference to a specific individual. No other number or name value exists that can do the job like a SSN (or in Canada's case, SIN). It is why it is used so much. These numbers are as good as public, just think about who has access to them. Any government person, account you use, creditor, banker, college/university, investment house and employer needs it. The IRS (and Canadian CRA) like it because it helps catch tax cheats. It has to be in far too many places to effectively controlled. An a house thief could surely get it too. The SSN has value to be public, which is why it is used and abused. But the real problem stems from industry abuse. Slap an SSN on a document and don't verify the individual is valid and has the authorization. Then some innocent person, without their knowledge or participation has to sort out the fraudulent use against big companies that don't even have mailing addresses or dispute addresses. Let alone a responsive or standardized dispute process. While a SSN is a reference to a specific of a person, it **is not** a validation nor is it authorization from the identified person. The credit business does not get this fact. Proper validation of an individual is their responsibility and MUST be conducted or it is a simple problem of lack of due diligence. Other abuse includes selling your home while on vacation. You could come home and find a new home loan and new owners at the doorstep. Or perhaps get a collection notice for a car you didn't buy. It happens, no kidding. This isn't limited to SSN. The simple answer for these abuses is to in law indemnify the innocent of all costs and make it easy for the innocent to recover those costs. The only innocent party is the owner of the SSN that was never notified (by fraud or error) of their SSN's use and did not take part in authorizing the transaction. The onus has to be on the credit business to know who they are dealing with. Unless the business can show complicity or negligence by the owner, they are liable and must fix in 9 days or less. If business does not fix a credit rating in an appropriate time, make the penalties and punitive damages quite liberal and high as well as allow the holder of the SSN to force it into court for immediate resolution. If they continue harassment, let the punitive damages go to the sky. Make it very clear in law, bluntly clear to all uses of SSN is to be for reference to an individual only, it is not verification nor is it authorization to make claim. Anyone filling a bad report must also file why they believe they have the persons authorization and make it available to the owner of the SSN on request without charge and withing 5 days of the request. So then perhaps the credit business will get back to old fashioned ways of doing business, like meet your bank manager and show your drivers license picture before you get your credit card. Maybe have at least 2-3 years of banking history before the credit is given. Maybe start looking for the obvious, a move in the last 30 days, change in employers phone numbers and some other very good techniques at detecting fraud. The credit industry has it in their means to do a whole lot better. They just need a tough law to get them into motion.</body></html>