No More identity Theft-does The Technology Exist?

I have had several relatives who have been the victim of identity theft. What struck me (in both cases) was:

  1. the ease by which the crimes were committed
  2. the hard work you have to do, to clear your good name and re-establish good credit
  3. the total lack of punishment of the perps-the woman who stole my SIL’s ID was let off with a fine and a slap on the wrist
    My question: I now the technology exists to eliminate this-I mean, when someone obtains your SS# and attempts to open a charge account, the store would immediately notify you, your bank and the SS administration. You could then put a stop to it immediately. I think all of this is being blocked in Congress-by the banks and the credit-reporting industry (these folks spend a lot of $ on lobbying). Are there any good companies that offer such a service? I think this is going to be a great field-also, in keeping you hidden on the internet-are there ways to “erase” yourself, so that nobody knows you exist?

I’m not sure exactly what your question is, but I disagree that the technology exists to completely solve identity theft.

What is commonly called “Identity Theft” is basically a failure of authentication systems. We have various systems for authenticating people, for verifying that the person who’s standing in front of us, or the web-browser session connected to our server, or the voice on the other end of the phone is really who it claims to be, but they are necessarily imperfect. Most of them are, in fact, incredibly flimsy.

A big part of the problem is that most of our systems don’t use any reasonable authentication at all. All it takes to write fake checks is the account number, which is printed plainly on every check you write. All it takes to use someone else’s credit card is the numbers that are printed on their card, and their billing address, which can be easily found. Think how much reliance is put on trivially obtainable information like mother’s maiden name or SSN.

The most egregious and ubiquitous security flaw in the country is the idea that your Social Security Number is some sort of secret password. If you give the correct SSN, hey, you must really be you!

Only, this is so fucking stupid I’m already grinding my teeth.

Your SSN is not a password. It is a user account number. Every website on the planet knows how this works. You have a permanent identifier–such as “Lemur866” as your account name, or account number. And this is public information, every time I engage in any transaction here on the Dope, my account is associated with that transaction.

And I have a password. A password that no one knows. Not even the admistrators of the site. Not even Ed. And I can change my password any time. I can authenticate myself by saying that I am Lemur866, and providing my password.

Except, lots of BANKS–fucking BANKS, for Chrissake!–seem to think that anyone who knows that my user account is Lemur866 must be me.

And therefore, I am told to keep my account number secret. Despite the fact that it is printed on innumerable pieces of paper around the country–every tax form has that number written on it. They ask for your SSN every time you apply for a job, or fill out a form.

And there’s a simple fix. The President should get on TV and announce that in 2 years the government will make the social security numbers of everyone in the country available publicly. Online. Every SSN of every person in America can be looked up in a second on the IRS website, plus every business tax ID. Because that number isn’t secret now, it’s just obscure. Kinda obscure. Not really obscure.

And this will end the retarded practice of using SSNs as passwords overnight.

Except that does help illegal immigrants forge SSN cards. What do we do about that? Well, they can forge them well enough now. I’m thinking what needs to happen is that the govt let you set up a pw with photo ID and physical SSN card in a fed building, and to get a job you must sign in on a work computer and show that this is YOUR SSN, as you are able to sign in.

Of course there are still problems with keyloggers in this scenario. Anyone got a better suggestion?

How does it help? The whole point is that knowing that Bob has SSN 123-456-7890 should be of absolutely no help in stealing from Bob.

Knowing someone’s SSN should be about as helpful as knowing someone’s phone number. Oh, you know Bob’s phone number? Well then, you must be Bob! Here’s your money Bob! Thank you, come again!

authenticating identity is a very difficult thing. The US government has whole agencies dedicated to just the research to do the job. It is hard. And one reason is that the very concept of identity is hard to establish. John Smith, meet my friend John Smith. Peoples names are repeated and changed, SS numbers are changed and forged, even fingerprints can change or disappear (some kinds of cancer treatments permanently change a person’s fingerprints and secretaries are notoriously hard to fingerprint since all the paper they handle wears off the fingerprints). A first step in establishing identity is to give everyone a unique identity. Since people have a strange aversion to being assigned numbers-except when they get something in return like a driver’s licence or SS account, I think it would be a great idea to allow each person (or the person’s parent(s)) to pick a first and last name as is done now, but the Gov’t restricts the middle name (or a second middle name if one is determined to keep their given middle name) choice to a unique combination. So the parents of John Smith can choose Adam from a list of available middle names, but when the other John Smith comes to the window, he finds that middle name is not on the list. Couldn’t be done prior to the advent of a worldwide computer system, but we have that now. Once system designers have some assurance that there is only one John Adam Smith out there, a token in a piece of jewelery, a secret password, some authentication method can be used to confirm that JA Smith is the one and only.

Making sure everyone has a unique identity isn’t a solution to the OPs problem, but it is an important step in the process.

We could wrap it up as an anti-terrorist measure needed to keep us safe and it would pass overnight in the US congress and gets lots of funding.

If everyone gets a unique number then it does not matter if names are repeated. There could be hundeds of people with my name but I am the only one with my number, I’m in South Africa. When my younger brother and sister were adopted they changed name but not number on their birth certificates.

The problem really is that people don’t use their info carefully enough.

For instance, twice I had people try to open credit cards in my name. Both times I managed to trace it back to jobs I applied for. So my solution was to simply put “available upon request” where the SS# is called for. This worked fine, except for online applications where it won’t let you move without a valid SS#.

So I thought, good idea. Except that I had to give my number to get the job. I got the job and somone at corporate STILL tried to open an account in my name. It was a minimum wage H/R clerk. She was probably selling numbers as well.

As long as you have poorly paid people with access to hundreds or thousands or even millions of credit card info, etc, you are gonna have issues. Someone is gonna sell those numbers.

Another thing is password. People use the same password. My bank allows me to choose a login name and a password. I would never use Markxxx and my SD password, but I bet a lot of people would. So anyone with access to this board or who finds out my info on this board can just go to some banks and try it and see if it works.

Also SS# need to be seperated from credit. What we need to do is simply make a new system of numbers. Your old SS# can be used for whatever it is used for now, but any benefits you get through Social Security need to be given a new number. This number should be limited only to SS purposes. For example applying for benefits.

Employers wouldn’t want this because it should be easy to verify a SS#, but the employers WANT to hire illegals and claim they didn’t know. Every large company would be down on Congress in a second if they made it very easy to check each hire with a database.

On the other hand I just recently tried to use my PayPal to make a purchase of $200 and I couldn’t do it, as PayPal refused to believe I was who I said I was. They wanted my driver’s license and all sorts of information. Yes it was PP I talked to them over the phone. I was like, “Look I’ve been using PayPal since 2000, but they said since the purchase was so large, they needed proof of who I was.” So I just said “no thanks” and let it drop.