By Priya Anand
We’ve all been warned not to use the same password for email, Facebook, and Amazon. But that is exactly what every American does when it comes to our financial lives. We rely on the same nine-digit password for everything from loans to taxes: Social Security numbers.
Having just one number is convenient, of course — especially to fraudsters. Right now attorneys general in Connecticut and Illinois are investigating a data breach at Experian /quotes/zigman/430218/delayed/quotes/nls/expgy EXPGY +0.11% , one of the three major credit bureaus, that exposed the identification digits of more than 200 million Americans. To combat such crimes, experts say government agencies have begun to consider alternatives, including biometric scans.
When Social Security numbers were first issued nearly 80 years ago, they weren’t intended to be used as identification with tax men, employers and health-care providers. Yet now, 80% of the top 25 banks and 96% of the top credit card issuers allow people to access to an account if they have the correct Social Security number, according to a 2014 study by Javelin Strategy & Research.
The numbers were exposed in nearly 50% of data breaches in 2013, according to the Identity Theft Resource Center. They can be hacked or tracked through keystrokes, and found on tax forms in snail mail or old records in dumpsters. It’s even possible to guess a Social Security number based on information from Facebook profiles, like hometowns and birth dates, Carnegie Mellon University researchers found in 2009.
Prince George's first trip overseas
The Duke and Duchess of Cambridge arrived in New Zealand on Monday for the start of a three-week tour. They were accompanied by their nine-month-old son Prince George on his first overseas trip.
“Any number of people might know your Social Security number,” says Steve Toporoff, identity protection program coordinator at the Federal Trade Commission.
It is hard to measure how many people fall victim to identity fraud due to a stolen Social Security number, experts say, because it is often difficult to trace the crime back to a specific cause. But the effects of Social Security number misuse are clearer.
The U.S. loses billions of dollars every year to thieves who file for someone else’s tax refund after getting their hands on Social Security numbers. In 2011, the Internal Revenue Service issued about $3.6 billion in potentially fraudulent tax refunds , according to a September report by the Treasury Inspector General for Tax Administration. For more than 174,000 Social Security numbers, more than one refund was filed — an indicator that some weren’t legitimate.
Those nine digits come cheap on the black market. Some estimates peg the cost at just $3, according to the Office of the National Counterintelligence Executive.
The U.S. adopted Social Security numbers as an across-the-board federal government identifier after President Franklin Roosevelt issued an executive order in 1943, less than a decade after they first began being issued for the agency’s benefits programs. In 2011, the agency began using a more randomized process for assigning the numbers.
There are no official plans to abandon Social Security numbers any time soon, but the government is now considering ways to reduce the number of times agencies ask people for their numbers, Toporoff says, as the digits increasingly fall in the hands of thieves.
President Barack Obama announced a program called the National Strategy for Trusted Identities in Cyberspace in 2011 — an initiative to partner with the private sector to create an online user authentication framework. The plan is to create an Internet ID system, which people could use to interact with multiple government agencies instead of shuffling paperwork that includes private data (like a Social Security number) through the mail.
Can you teach your kid to be an entrepreneur?
Classes and camps to teach young children how to be entrepreneurs are popping up from Princeton, N.J., to San Antonio, Texas.
“Consumers will be required to give out their information in fewer instances and they won’t have to remember a zillion passwords,” Toporoff says.
Some countries have turned to biometric identification in hopes of thwarting fraud. Proponents say fingerprint and iris recognition scans make it more difficult for con men.
India launched an effort in 2010 to issue biometric identification to each of its 1.2 billion people. The program aims to combat welfare fraud in the second-most populous country, where corruption is the norm and benefits like food rations are often eaten up by middlemen. It is among at least 160 biometric ID programs in developing countries worldwide, according to a 2013 paper by the Center for Global Development.
“The use of fingerprints is growing and its one of the strongest technologies,” says Anil Jain, a professor of computer science and engineering at Michigan State University and leading expert in biometrics.
Biometrics are already widely used for criminal and defense purposes, and even the iPhone 5S includes a fingerprint touch ID option instead of a passcode.
Another place in the U.S. where fingerprints are used to cut back on fraud: Disney theme parks. In an attempt to prevent visitors from sharing tickets, guests scan their fingers on a reader, and prints are converted into a numerical ID that is tracked each time someone enters a park.
Companies are also developing new ways of verifying identities. Toronto-based Bionym Inc. offers a $79 bracelet called Nymi, which measures the wearer’s heartbeat to authenticate their identity and can open home and car doors as they approach.
Privacy advocates like Lee Tien, a senior staff attorney at the Electronic Frontier Foundation, say biometric identification might be a new approach to solving the problem, but not necessarily better, and some drawbacks have yet to be discovered since the system isn’t yet commonplace.
“If a key unlocks lots of doors, the risks associated with it are really different from if a key unlocks one door,” Tien says.
More from MarketWatch:
New ransom demand: Pay us in bitcoins
Is identity-theft insurance a waste of money?
Don’t bank on high-tech credit cards