by Connie J
Chapter 4 IS
Americans are always trying to be responsible, however identity theft is responsible for a greater percentage of financial ruin. Hackers are applying for credit cards and loans in victim’s name at an increasing rate. Authentication is a method for confirming user’s identities. If authentication is established then the access privileges’ for that customer can be established. An article by Hadley Leggett indicates that the social security number should not be used for authentication because it can be easily searched for by online hackers and credit cards and loans can be taken out in victim’s names.
Social Security numbers and birth dates showed distinct patterns in how the numbers are assigned. Computer scientists from Carnegie Mellon University analyzed a public data set called the “Death Master File,” which contains Social Security numbers and birth information of people who have died. In most cases just by knowing the date and state of birth the social security could be determined.
Privacy expert, Alessandro Acquisti, co-author of the study published Monday in the journal Proceedings of the National Academy of Sciences. The information which was used was publicly available information which is why the results are valuable. In just two attempts, the researchers correctly guessed the first five digits of Social Security numbers of sixty percent of deceased Americans born between 1989 and 2003. With only 1,000 tries the scientists identified nine digits for 8.5 percent of the group (Leggett, Hadley, July, 6, 2009, p.2).
It takes only a few steps to make a numerical prediction about a person’s Social Security number and verify the correct number. Using a process called tumbling hackers can take advantage of instant online credit approval services or even Social Security Administration’s database testing numbers until they find the right one. The good news about the scientist’s research is that they left out a few key details about their documentation before making their research public. Afterwards a full report was given to the government so that the identity thieves could not utilize all of the findings.
Your Social Security number is supposed to be top secret, but your bank has it, your insurance company has it, even your medical doctor has it. It has been suggested by law expert, Chris Hoofnagle of the University of California, Berkeley, that we should stop trying to protect the secrecy of the SSN and just publish all of them to prevent their use as authentication. (http://www.wired.com/wiredscience/2009/07. Social Security Numbers Deduced From Public Data. Leggett, Hadley, July 6, 2009, p.1-3).