| Identity theft
| Team members
| Join mailing list
| Frequently asked questions
| Visitor comments
SOS Social Security Number Watch
SSN Validation as a Way to Combat Identity Theft
Social Security numbers (SSNs) have evolved into national identifying numbers for individuals living and working in the United States. They are essential to recognizing a person in various health, financial, legal, and educational data and therefore, it is not surprising that they have become necessary for most forms of identity theft
and identity misrepresentation. Some people argue that access to SSNs, while available within many financial, health, employment, and government institutions, are not publicly available. Recent news articles have cited incidents in which SSNs of known people were purchased for less than $30 each. Potentially gross abuses of SSNs are a homeland security concern.
A goal of this SSNwatch project is to explore how publicly available information about people and about SSNs can be used to verify whether a given SSN matches the person presenting the SSN. Using publicly available information about SSN encoding and SSN assignments, our current
SSNwatch Validation Server
identifies the issuing state, date issued, estimated age range of the recipient, and activity status of an SSN. Below are some hypothetical scenarios in which a commercial version of
our SSNwatch Validation Service may be useful. At present, our SSNwatch Validation
Server is an academic demonstration and not fit for any purpose beyond our educational
use, so the following scenarios are for academic discussion only. Commercial
or other uses are not allowed. Your
Potential uses of the SSNwatch Validation Server:
- Job Applications
- Apartment Rentals
- Insurance Claims
- Medical Claims
- Student Applications
In each of the scenarios above, someone appears in person and provides basic
identity information, including an SSN that requires some preliminary validation.
Our SSNwatch Validation Server can reveal whether the presented person matches what is known about the SSN. Below are examples of matches and mismatches
that could possibly be revealed by our SSNwatch Validation Server.
Examples of mismatches exposed by the
SSNwatch Validation Server:
- Example: Mismatch by age
Consider an SSN that begins '078-05' as the first 5 digits.
The SSNwatch Validation Server reports that
98% of the recipients of SSNs that begin with that prefix are born between the
years of 1879 and 1921, inclusive. If the person presenting the SSN is clearly of age 20, for example, it is extremely unlikely that the provided SSN was issued to that person.
- Example: Mismatch by state
Consider an SSN that begins '078' as the first 3 digits.
The SSNwatch Validation Server reports that all SSNs having that prefix
were issued exclusively by the State of New York. If the person presenting an
SSN with that prefix fails to list or acknowledge New York as a prior residence,
then it is extremely unlikely that the provided SSN was issued to that person.
- Example: SSN not issued
The order in which SSNs are issued does not follow a strictly sequential
assignment though they do follow a prescribed non-sequential sequence assignment.
As a result, knowing that one SSN has been issued does not mean that
SSNs that are numerically less than that SSN have been issued. Consider two
SSNs where the first begins '221-98' and the second begins '221-02.'
The 4th and 5th digits of the first SSN are '98' and of the second SSN are '02.'
The SSNwatch Validation Service reports that as of January 2004,
SSNs beginning with '221-98' have been issued, but SSNs beginning with '221'-02'
have not been issued. If a person presents SSN '221-02-1023',
as their SSN, then it is extremely likely that the person has made an error.
- Example: Retired SSN
Consider the SSN having the full 9-digits '078-05-1120'.
The SSNwatch Validation Server, using the "full validation" option,
reports that this SSN has been retired from service (due to death or termination).
SSNs are not recycled or re-used. If a person presents this number as
their SSN, then it is extremely likely that the person has made an error.
- Example: Issue Date Inconsistent with Work Experience
SSNs are required for anyone working in the United States. No one can legally
work in the United States without having an SSN. Suppose a person
provides an SSN having the first 5 digits '615-23' and
reports work experience dating back to 1983. The SSNwatch Validation
Server reports that the SSN was only issued in February 2001, making it extremely
unlikely that the person was using this SSN for work experience in 1983.
- Example: Inconsistent Re-issuance of an SSN
Usually a person is issued one and only one SSN in their lifetime.
Similarly, a single SSN is assigned to one and only one person. There are a few
circumstances in which a person may get a replacement SSN, but these
occurrences are extremely rare. If a person presents an SSN and claims
it is a replacement SSN, then the date of issuance of the replacement SSN
must be consistent with the time period in which the replacement number was
being issued. Here is an example. Suppose a person
claims to have originally been issued an SSN having the first 5 digits '609-01'
and to subsequently have been re-issued an SNN having the first 5 digits '620-11'.
The person claims the replacement SSN was provided in 2003.
The SSNwatch Validation Server
reports that the original SSN was issued before 1993 and the second SSN was issued
in April 1999. The issuance of the second SSN is therefore inconsistent with the
person's claim of receiving the replacement number in 2003. It is very unlikely
that the second SSN was actually issued to the person in 2003.
Results from the SSNwatch Validation Server reported in the examples
above have been archived and are available
Please do not discriminate or misuse the SSNwatch Validation Server. This information
is available for educational purposes only. If a mismatch between an SSN and a person
occurs when testing our server,
it is extremely important to realize that the person providing the SSN may have
unintentionally provided incorrect information. It is also possible that despite
our best efforts, the information contained within the server may not be accurate.
Results from our SSNwatch validation server should not be the basis to take
any adverse action against anyone. Instead, you may want to use a commercial
SSN verification service.
Tell me more about:
Copyright © 2011. President and Fellows Harvard University. |
Data Privacy Lab |