Questions tagged [social-security-number]

12 questions
13
votes
2 answers

Why do some companies ask last 4 digits of my SSN or a scan of my ID? What are my risks?

Yesterday I found out that some major service provider (online rentals) that I use now requires proof of my identity if I want to continue and make a booking. I was offered 2 options: Enter last 4 digits of my social security number and answer…
12
votes
2 answers

Are social security numbers useless by themselves?

453.7 million social security numbers have been issued to date. There are only 1 billion = 1000 million distinct 9 digit integers. This means that if I were to make up any 9 digits, I would have roughly a 45% chance of guessing someone else's valid…
jake192
  • 367
  • 2
  • 8
3
votes
1 answer

Why do websites ask for the last four digits of your social security number?

Quite a few websites, Coinbase and Stripe most notably, ask for the last four digits of your social security number to 'verify your identity'. Assuming these websites are not trying to fraud you, how could knowing four digits of your SSN possibly…
2
votes
1 answer

Exposure risk of knowing only social security number?

Up until recently I was under the impression that the social security number was insufficient information to perform identity theft, and that in practice you will at least need the victim's SSN and name. However, recent events and stories have made…
Moses
  • 2,137
  • 2
  • 20
  • 23
1
vote
1 answer

Can Identity Theft Protection Services Get Hacked?

I recently was dumbfounded by a question whether identity theft protection services can get hacked. Me and my family we're T-Mobile customers in the US and after the recent T-Mobile hack we got free Identity Theft Protection from McAfee for two…
1
vote
0 answers

How to treat SSN passing through web server

I am working on a platform that does temp labor and we are needing to run background checks. That means collecting scary data like SSNs, Names, Addresses, Dates Of Birth, and sending them to the background check service that we are using. They…
1
vote
2 answers

Is it poor practice to use the last 4 digits of a social security number as an identifier?

Is it poor practice to use the last 4 digits of a social security number as an identifier? The last 4 digits of a person's social are commonly used as a means of personal identification/authentication, but I can't find guidelines regarding their…
1
vote
0 answers

Where can I find legal acts (USA) for storing or processing social security number, tax id, driver license?

There is a PCI DSS for credit card processing. Does somewhere exist similar requirements for personal data processing, especially in US?
Eldar
  • 127
  • 2
0
votes
0 answers

Personally identifiable information not behind account credentials

This is the first time I've posted to this site, so if this question belongs somewhere else please let me know. I recently was using an online service which I will not name, and I realized that there were some pages on the site containing a lot of…
j_v_wow_d
  • 101
0
votes
1 answer

Would putting important information on a flash drive that never touches the internet be secure?

First off, I'm not even sure if this question belongs on this site, but I am a programmer and I usually just ask stack overflow questions like this, and I know for a fact this one doesn't belong there. But basically, my question is if I get a flash…
0
votes
0 answers

Returning Social Security Number After Validation Checks on Web Based Form

I have a web based application form that is used to gather personal information for web based users. One of the fields is an SSN. My question is simple, in terms of security compliance (in general, OWASP, PCI, SOC2, etc), is it okay to prefill the…
0
votes
0 answers

How to store SSN in asp.net web-based application on a short-term basis?

After scouring the web to find countless similar questions, I still find it important enough to ask based on my client's specific requirements. Now I know most if not all are not a lawyer, but if you've had experience in this field, please…