This was on Slashdot today and highlighted again the main problem the identifier SSN and the password to access accounts and other critical information in our lives is THE SAME. This is a structural problem created by our ubiquitous use of SSN. This needs to be addressed by government, employers and the commercial sector.
“Many of us that work in the financial sector are bombarded with daily security threats. One of the biggest these days is Identity Theft. My fellow comrades and I have been really grilling each other on differing scenarios on what could be done with what information. However, it all seems to come back the the Social Security Number. Financial companies have other controls in place (customer service verification checking, account passwords, etc) to ensure identification. But in order to be of any use, a bad guy would really need someone’s SSN. Absent of that, other information would be useless. Right? That’s what I would like to ask Slashdot folks. What could be realistically done with customer information without a SSN? Account numbers, address, maybe a phone or payment amount. Is that really dangerous to the customer if only those get compromised?”