SOS Social Security Number Watch

Validate SSN | Overview | Identity theft | Privacy | Team members | Join mailing list | Frequently asked questions | Visitor comments | News

SSN Validation as a Way to Combat Identity Theft

Social Security numbers (SSNs) have evolved into national identifying numbers for individuals living and working in the United States. They are essential to recognizing a person in various health, financial, legal, and educational data and therefore, it is not surprising that they have become necessary for most forms of identity theft and identity misrepresentation. Some people argue that access to SSNs, while available within many financial, health, employment, and government institutions, are not publicly available. Recent news articles have cited incidents in which SSNs of known people were purchased for less than $30 each. Potentially gross abuses of SSNs are a homeland security concern.

A goal of this SSNwatch project is to explore how publicly available information about people and about SSNs can be used to verify whether a given SSN matches the person presenting the SSN. Using publicly available information about SSN encoding and SSN assignments, our current SSNwatch Validation Server identifies the issuing state, date issued, estimated age range of the recipient, and activity status of an SSN. Below are some hypothetical scenarios in which a commercial version of our SSNwatch Validation Service may be useful. At present, our SSNwatch Validation Server is an academic demonstration and not fit for any purpose beyond our educational use, so the following scenarios are for academic discussion only. Commercial or other uses are not allowed. Your comments are welcomed.

Potential uses of the SSNwatch Validation Server:

  • Job Applications
  • Apartment Rentals
  • Insurance Claims
  • Medical Claims
  • Student Applications

In each of the scenarios above, someone appears in person and provides basic identity information, including an SSN that requires some preliminary validation. Our SSNwatch Validation Server can reveal whether the presented person matches what is known about the SSN. Below are examples of matches and mismatches that could possibly be revealed by our SSNwatch Validation Server.

Examples of mismatches exposed by the SSNwatch Validation Server:

  • Example: Mismatch by age
    Consider an SSN that begins '078-05' as the first 5 digits. The SSNwatch Validation Server reports that 98% of the recipients of SSNs that begin with that prefix are born between the years of 1879 and 1921, inclusive. If the person presenting the SSN is clearly of age 20, for example, it is extremely unlikely that the provided SSN was issued to that person.

  • Example: Mismatch by state
    Consider an SSN that begins '078' as the first 3 digits. The SSNwatch Validation Server reports that all SSNs having that prefix were issued exclusively by the State of New York. If the person presenting an SSN with that prefix fails to list or acknowledge New York as a prior residence, then it is extremely unlikely that the provided SSN was issued to that person.

  • Example: SSN not issued
    The order in which SSNs are issued does not follow a strictly sequential assignment though they do follow a prescribed non-sequential sequence assignment. As a result, knowing that one SSN has been issued does not mean that SSNs that are numerically less than that SSN have been issued. Consider two SSNs where the first begins '221-98' and the second begins '221-02.' The 4th and 5th digits of the first SSN are '98' and of the second SSN are '02.' The SSNwatch Validation Service reports that as of January 2004, SSNs beginning with '221-98' have been issued, but SSNs beginning with '221'-02' have not been issued. If a person presents SSN '221-02-1023', as their SSN, then it is extremely likely that the person has made an error.

  • Example: Retired SSN
    Consider the SSN having the full 9-digits '078-05-1120'. The SSNwatch Validation Server, using the "full validation" option, reports that this SSN has been retired from service (due to death or termination). SSNs are not recycled or re-used. If a person presents this number as their SSN, then it is extremely likely that the person has made an error.

  • Example: Issue Date Inconsistent with Work Experience
    SSNs are required for anyone working in the United States. No one can legally work in the United States without having an SSN. Suppose a person provides an SSN having the first 5 digits '615-23' and reports work experience dating back to 1983. The SSNwatch Validation Server reports that the SSN was only issued in February 2001, making it extremely unlikely that the person was using this SSN for work experience in 1983.

  • Example: Inconsistent Re-issuance of an SSN
    Usually a person is issued one and only one SSN in their lifetime. Similarly, a single SSN is assigned to one and only one person. There are a few circumstances in which a person may get a replacement SSN, but these occurrences are extremely rare. If a person presents an SSN and claims it is a replacement SSN, then the date of issuance of the replacement SSN must be consistent with the time period in which the replacement number was being issued. Here is an example. Suppose a person claims to have originally been issued an SSN having the first 5 digits '609-01' and to subsequently have been re-issued an SNN having the first 5 digits '620-11'. The person claims the replacement SSN was provided in 2003. The SSNwatch Validation Server reports that the original SSN was issued before 1993 and the second SSN was issued in April 1999. The issuance of the second SSN is therefore inconsistent with the person's claim of receiving the replacement number in 2003. It is very unlikely that the second SSN was actually issued to the person in 2003.

Results from the SSNwatch Validation Server reported in the examples above have been archived and are available here.

Please do not discriminate or misuse the SSNwatch Validation Server. This information is available for educational purposes only. If a mismatch between an SSN and a person occurs when testing our server, it is extremely important to realize that the person providing the SSN may have unintentionally provided incorrect information. It is also possible that despite our best efforts, the information contained within the server may not be accurate. Results from our SSNwatch validation server should not be the basis to take any adverse action against anyone. Instead, you may want to use a commercial SSN verification service.

Tell me more about:

Copyright © 2011. President and Fellows Harvard University.   |   IQSS   |    Data Privacy Lab   |    []