Did you know that last fall at least 145.5 million Americans’ Social Security numbers were stolen in a data breach at Equifax? Worse, this was just one in a series of recent breaches — don’t forget Anthem and the Office of Personnel Management, just to name others.
In this technological age, folks are at greater risk when it comes to having their Social Security number stolen — even if they do everything right. That’s because keeping your number a secret, leaving your Social Security card in a safe, and shredding all documents containing your number are now antiquated efforts for stopping the modern hacker.
To help protect Americans from identity theft, I have for years been dedicated to limiting the use of Social Security numbers. Military IDs no longer use Social Security numbers, and thanks to a bipartisan effort I led, Medicare is sending new cards without the number to seniors across the country. What’s more, last year Congress made all federal agencies stop mailing documents that contain a Social Security number unless it is absolutely necessary.
But if we want to keep pace with identity thieves, we need to think beyond just keeping Social Security numbers secret and simply reacting to data breaches. We need to go on the offense and make these numbers less useful to hackers.
How do we do this? We must change how Social Security numbers are used.
When Social Security numbers were created in 1936, the numbers were only used by the agency as a means to track earnings and correctly determine benefits. But over time, it became common practice for companies, schools, banks, and the like to employ Social Security numbers as a way to both identify someone and to prove their identity.
This just doesn’t make sense.
We need to break this link between identification and authentication. Make no mistake, we need to limit the unnecessary use of Social Security numbers, but more importantly we need to make these numbers less valuable to thieves.
Experts have proposed a wide variety of solutions to address this problem. For instance, some suggest substituting Social Security numbers with a replaceable identifier and maintain a link between both — similar to a credit card and an account number. Others suggest using key-based encryption. Some experts have gone so far as to propose publishing all Social Security numbers to make it clear these numbers are no longer secret.
While more information is needed regarding these solutions, I appreciate thinking outside the box. Identity theft is a big problem, and traditional safeguards are no longer enough.
Americans are counting on us to find effective solutions. They deserve nothing less, and I look forward to working with my colleagues and hearing from experts as we figure out the best steps forward.