|Received:||9/5/2007 3:04:09 PM|
|Organization:||Susquehanna Bancshares, Inc.|
|Agency:||Federal Trade Commission|
|Rule:||Private Sector Use of SSNs|
Comments:How do identity thieves obtain SSNs? Some common ways: · Stealing wallets, purses and your mail · Using Spyware or Trojans to steal personal information you provide on the Internet · Stealing and sorting through trash for personal data · Stealing laptops or other mobile data devices from employees of businesses that have legitimate access to the data · Using Phishing techniques to pose as persons that have a legitimate need to gain the info · Buying personal information from insiders at business, or hackers that used one of the above to obtain the info. Which private sector uses of the SSN do thieves exploit to obtain SSNs (SSN as identifier or SSN as an authenticator? Which of those are most vulnerable to identity thieves? While data thieves would use both uses for exploits, I believe using SSN as an identifier, which many businesses and schools do, is the most vulnerable to identity thieves. This seems universal in the medical world as well as in most Universities in the US. Since using it as an authenticator is normally preceded by using it as an identifier, this seems to be secondary (IE: If it isn’t used as an identifier, it can’t be used as an authenticator). Once thieves obtain SSNs, how do they use them to commit identity theft? What types of identity theft are thieves able to commit with the SSN? Do thieves need other information in conjunction with the SSN to commit identity theft? If so, what other kinds of information must they have? Some end results of identity theft: · The identity thieves open a new credit card account, loan or line of credit, using your name, date of birth, and Social Security number. When they use the credit card and don’t pay the bills, the delinquent account appears on your credit report. · The identity thief can call your credit card issuer and, pretending to be you, change the mailing address on your credit card account. Then, the identity thief runs up charges on your account. Because the bills are going to the new address and not to your address, you may not immediately realize you have a problem until after the thief has charged large amounts on your credit card. · They may establish cellular phone service in your name and not pay for it. · They could open a bank account in your name and write bad checks on it. · In some cases, thieves have used Social Security numbers to help others fraudulently obtain jobs or new employment. They may also be used to forge immigration and travel documents. This can create confusion with your IRS tax records and Social Security Administration files, as your files might reflect earnings you have not received or jobs you have not held. Generally, identity theft is easier if they also obtain name, address and date of birth, but there have been noted cases where fraud has occurred just using the SSN and an alternative name (credit score was checked, but name wasn’t verified). Where alternatives to the SSN are available, what kind of identity theft risks do they present, if any? Customer/student number is an effective alternative to SSN, where generated internally by the issuing company/school. While there would still be some risk involved with the organization issuing the number, this would eliminate the global ability of someone to use it at other organizations equally as well.