BID® Daily Newsletter
Jan 10, 2018

BID® Daily Newsletter

Jan 10, 2018

Modernizing The SSN For Banking

Summary: There has been discussion about replacing the social security number. What could replace it and what are the ramifications for banks?

The first Social Security Number (SSN) was believed to be issued in Nov 1936, but since this was done through local post offices that may not have followed procedures, even the agency does not know for sure. The first Social Security record, however, was issued to John D. Sweeney (he died in 1974 without ever getting any benefits). Meanwhile, the lowest numbered card (001-01-0001) was issued to an unknown person according to the agency, as it was ultimately distributed by a local post office.
There is a lot of history around the Social Security system, not the least of which is how many companies use it as an identifier for almost every facet of life - from credit card and mortgage applications, to opening accounts and applying for a job.
It appears cybersecurity issues in today's world have now rendered the SSN virtually obsolete. Look no further than Rob Joyce, the White House cybersecurity czar, who said at a Washington Post Cybersecurity Summit that the Social Security number has "outlived its usefulness." The reason is simple: If it's stolen, the number cannot be changed. On the heels of the devastating Equifax breach, the Trump administration asked for alternatives to the SSN.
But what exactly are we talking about here? Any change would have huge ramifications for the banking industry over how it conducts business. Joyce suggested that we move to what he called a "modern cryptographic identifier." This would include some type of "physical token" that - similar to a chip-embedded credit card - has a number built in and needs a pin to unlock.
There are examples of such systems and others in countries such as Estonia and India. In Estonia, you use a pin to validate your identification and unlock the use of your personal ID number. In India, they have rolled out unique cards to 1.2B people whose biometric and demographic information has been taken when verification is needed. But, more work is definitely needed before any such systems could be implemented in the US.
Another area that has been gaining traction is distributed ledger technology or blockchain. The idea is that when a user tries to use an ID on a distributed ledger system, it would first double-check the information and verify with parties that already have this information, such as a utility company. Developing countries that do not currently have a built in identity system are tapping into such blockchain identity systems.
While these systems can be useful, there are some drawbacks. According to the co-founder of Bloom, the Decentralized Identity Foundation and Open Identity Exchange, the high cost, slow speed and lack of scalability of the current blockchain systems would not work for US identity systems.
There may be a protocol called IPFS that would address these issues. It uses private keys that would prevent hacking and those keys can also be distributed to family members to make it even more difficult for fraudsters to steal someone's identity. Again, there is more work needed here before it becomes a reality for American citizens.
While a changeover might be welcome news to stem increasing ID fraud, nobody is exactly sure what this would look like. It seems that SSNs though have run their course of usefulness. Only time will tell what takes the iconic number's place and who will be issued its very last number.
Subscribe to the BID Daily Newsletter to have it delivered by email daily.

Related Articles:

2024 in Review: Part 3 of 3 — Technology & Cybersecurity
In this third part of our review of 2024, we look at the challenges and opportunities arising from continued digital adoption, the uptake in AI, and the increased threat of cyberattacks.
Protecting Your Institution as Ransomware Ramps Up
Ransomware attacks hit a speed bump in 2022. But the respite was short-lived. Ransomware attacks rose again in 2023, so this is no time for banks to let their guard down.