Yesterday I found out that some major service provider (online rentals) that I use now requires proof of my identity if I want to continue and make a booking. I was offered 2 options:
- Enter last 4 digits of my social security number and answer several questions.
- Scan some form of ID card (passport, driving license or other valid government ID)
I decided to give up the last 4 digits of my SSN, but I was a little bit shocked of what happened next. On the next step they started asking me questions that I did not expect them to know the answers to:
- Which state did I live in 2005?
- Where is XXX street (on which I lived in 2013 & 2014) located?
- Etc.
Based on the questions and proposed answers it seemed like they already knew the answers to those questions. The reason why I think they already knew the answers is because I didn't live in the US in 2006-2012, and they seemed to know that I lived in the US in 2005 and then since 2013.
How did they know it? So it's so easy for a company to get this information? I don't feel comfortable!
Now I have a few questions:
Why do some companies want the last 4 digits of my SSN?
How do they supposedly use it? How do last 4 digits of SSN help check my identity? How does it work?
What can a hacker do if they somehow steal this information (my name, date of birth, address, last 4 digits of SSN)? How can this information be used against me?
Do you think they could get those personal questions and answers just based on my name, address & date of birth, or they could get that information somehow only after I entered last 4 digits of my SSN?
What can a hacker do if they somehow steal a photo of my ID?
What do you think is safer: sending last 4 digits of SSN or a photo of ID card?