College 1993/94 my chemistry class grades for test were posted anonymized outside the classroom, but by social security number.
I also remember researching lawsuits at about the same time and court filings for stuff like bankruptcy cases would contain the social security number interacted, as well, with all other identifying information.
But, yea, in this day and age, I do not ever remember being asked for my full number — just last four — over the phone.
In the summer of '85, for the first uniform issue at Navy boot camp, we used laundry markers to stencil the entire SSN on every part of our uniform, including our skivvies.
Then, when we had the second uniform issue a couple of weeks later, with our white hats and nice dress uniforms, they had reissued our stencils, with the last 4 digits alone.
So, some time in mid 1985 the USN decided it wasn’t a good idea anymore to have the full SSN on our stuff.
Several days ago I had a call purporting to be from Medicare. Best I could make out (lots of background noise and caller had a strong accent, and my hearing isn’t as good as I pretend it is) is that Medicare wanted to send me a plastic Medicare card. He had me verify my name, address, and date of birth. Then he told me Medicare had changed their policy on phone calls and in order to be sure I was who I was supposed to be he wanted me to give him my Medicare number. Naturally I hung up on him.
Surprisingly he called back. First thing he asked was, “Why did you hang up on me?” I told him if it was really Medicare they knew my number and could just mail me the card. Oh, no, he said, my Medicare number was changing and my current number would no longer work after the first of the year.
Of course I hung up on him again.
Just to be doubly sure I checked online and indeed it was a scam. But it was pretty disconcerting they had my address and DOB.
US Army, early 1970’s our SSN was our ID#. The entire number was spray painted on my duffel bag.
My bank contacted me by mail because they wanted proof that I was a resident of Japan and not someone who was laundering money through a fake bank account. They said unless I provided them proof then they would close the account. I shoved that letter in the trash.
They only send those letters out to people with non-Japanese names.
They can go ahead and close the account. I dare them. That account only exists to pay back my house loan to them.
The best way to have some fun with Medicare scammers is to ask what color the new card is. For some reason, they will insist it is black and white, even when you tell them you want a red white and blue card, because this is America, dammit!
Just one point. I always call my bank at the number listed on the credit/debit card, not from some online site.
Many years ago, I was avoiding using credit cards in supermarkets because I felt it added unnecessary costs to a marginal business and I generally paid by cheque. When a new Market opened I applied for a cheque cashing card from them. They insisted on an SI number and I refused, whereupon they denied the application. After that I gave up and used the CC. I’m not sure they had debit cards in those days. Remember when all CC transactions involved first looking the number up in a list and then making a phone call to the bank?
Yep. Although looking up the number and not finding it in the “canceled” list was usually sufficient; they only had to call the bank for relatively large amounts. I remember many years ago when I bought an engagement ring at an upscale jewelry store and put it on my AmEx. Not only did they call Amex, but the clerk then handed the phone over to me, where I got the third degree from Amex and had to answer every imaginable question to prove that I was really me. In the end, unable to find any holes in my answers, they approved the transaction. No surprise at this reaction, though – someone with a stolen credit card that had no nominal credit limit would naturally head for a jewelry store and pick up a bit of “ice”.
This. If anyone calls me and asks for personal information, I assume scam and end the call. If it’s something I want to discuss, I will call them back.
Besides the military using one’s SSN for our ID# and stenciled on our clothing, it was also on our dog tags. I had my tags stolen while at Great Lake NTC in 1975. In the mid 90’s, I got a letter from an antique store in Bristol, Tennessee. They found my tags in a box of stuff that they bought. The letter included an impression of a tag. I called and told the woman that yes, those were my tags. She told me they would cost me $25 to get them back. I told her to keep them or better yet, destroy them because they contained my SSN. I then sent a letter to the Social Security fraud department and let them know someone was selling something that contained my SSN. A month later I got the tags in the mail.
I remember getting my driver’s license back in the early 80’s and the default was to use my SSN for my DL#. I declined that and they issued me a license with their state issued #. In the 3-2-4 SSN format. I don’t know if that’s still the standard format.
I work for PA Unemployment. People call in. I greet them and ask for the spelling of their first and last name, phone number and full SSN. Sometimes, people will ask if they can just give the last 4 digits. I haven’t had anybody refuse to give me their SSN - yet. If a caller is worried, I tell them ‘Remember, we are the government. We already have all your personal identifying information. We just need to be sure you are who you say you are.’ that does the job.
Yup. When I was a TA in 1975 we listed grades this way, which meant that we had all the SSNs.
Shit, if only I had saved them. Some of those kids made real money. 
I would ask the person their name and phone number to call them back. Then I would call the bank directly at their main number and ask about this person who called and if it was legit. If they actually said this was legit, I would look into changing banks. I don’t see why they are asking you for information they already have and if they can’t keep their records straight they need to call me to ask my SSN, then they aren’t a very good bank.
Well, I did call the bank back at their main number – thoroughly verified – and the bank said it was all legit; the first call really was from them. They asked for my SSN when calling me to verify who I was, but of course the problem is they should have asked for only the last 4 of my SSN, not the whole thing, because asking for your whole SSN is a well-known scammer technique which a responsible business would never do.
The fact that this bank did so indicates they do not have a good grasp of normal security techniques, which is grounds for ceasing to do business with them – which I have done.
In an example of bad use of SSN by banks, my main bank did a major revamp of their online banking services a few years back, which lost everybody’s online password, requiring everybody to go online and set a new password. To let us log in to do this, they announced they were making everybody’s temporary password their SSN. This was a broad email that went out to all their customers, and so was essentially public knowledge, at least in the local community.
I almost closed my account over it. Trouble is, I haven’t been able to keep any bank account working well for long. I went to this bank after my longest standing bank account had to be closed because they couldn’t keep my debit card working, despite issuing many new ones – when I went to a branch for the umpteenth time to have a new card made, and the branch wasn’t even open (though the sign said it should be), I gave up on them. It seems like banks compete on all kinds of promotional bases and on their loan businesses, but so many of them fall down on the seemingly simple mechanics of providing basic checking accounts and debit cards that function. I’ve changed bank accounts so damn many times over various failures that it’s become a huge hassle. So I didn’t change over this obvious security lapse – but I certainly talked to them about it and got them to acknowledge that announcing everybody’s password was now their SSN wasn’t a good idea.
The whole idea of having this semi-secret number that’s treated as though it’s a secret is just horrible in the modern world. I don’t think the solution can ever be to try to make it more secret. So many people in government and business have access to it. People just have to change their mindset to treating it with less magical reverence to validate identity.
That’s not lax security. They already have your SSN, and they weren’t going to give it to anyone else. The bank has an obligation to you to ensure that when they contact you, it’s definitely you. This is entirely appropriate!
You were prudent and well within rights to be extra-secure by calling back. I might have done the same. But to close an account for this reason… well, it’s your time to waste if youwant.
I tend to agree. Not because it isn’t a horrible sign of how stupid they are. But because so many major institutions have done similarly stupid things, I wouldn’t have much expectation that anywhere else would do better.
Why are we agreeing that it’s stupid? I mean, categorically, using the SSN as an authentication secret is not optimal. They should use some other factor. But any time the bank calls you to discuss your account, they should ask for an authentication secret to verify your identity. That’s a perfectly good practice! And you implicitly agreed with this practice when you sign up, so I don’t get the outrage here.