That would freak me the fuck out wow.
The Equifax breach did the publishing part, but nothing changed with liability. A golden opportunity missed to fix this particular bullshit.
But the fiction of a secret SSN still persists. You're told to protect it; sensitive financial documents ask for it as part of proving you’re you; forgotten password pages use the last 4 digits as some sort of 2nd factor.
The best thing that could happen is if the names and corresponding numbers were published far and wide. So obviously public that nobody could keep this fiction up.
Banks and other high-stakes firms need to figure out how they want to identify their clients. It’s not an easy problem to solve, I get that. But that doesn’t mean we should be happy with them taking the easy way out.
Then it is apparently to the owner of said number to worry if it leaked.
My identification number is algorithmically derived from place and date of birth, first and last name and gender. Anybody who knows my address and has heard someone greeting me happy birthday can guess mine with two-three trials corresponding to the closest hospitals. But that doesn't worry me, because I don't fear identity theft, it just doesn't exist in Italy.
Instead, as a result of America's allergy to ID, they are essentially the only country where identity theft is a thing.
Nowadays things are better because computers are used everywhere We have a national ID system using 2FA which is pretty safe. Unfortunately, identify theft is still a thing.
Recently someone installed keyloggers on public computers. The second factor in the 2FA is a cardboard card with a list of one time password codes. You use a code on each sign in.
The criminals were able to determine when there were only a few codes left on the card. You then get a new cardboard card sent to your home address. They would stalk their victim's mail box and steal the new card as soon as it arrived.
With user name (your social security number) and password from the key logger together with the 2FA codes they were able to perform identity theft.
It's not easy to guard against attacks like this.
You can also change your username to something other than your CPR-number. Indeed, the problem lies more with other services that has used it as a password rather than 'username'. But those are rarer to come by these days.
When I lived in Denmark, airlines occasionally did identity spot checks on domestic flights. I was always horrified to notice that everyone just pulled up (picture-less) social security cards and used them as identification.
> Identity thieves
can use your number and your good
credit to apply for more credit in your
name. Then, they use the credit cards
and don’t pay the bills, it damages
your credit. You may not find out
that someone is using your number
until you’re turned down for credit, or
you begin to get calls from unknown
creditors demanding payment for items
you never bought.
That document is written to scare people into protecting their SSN. It’s discussing what is now an edge case that may have been easier 20 years ago.
Big lol. The country used to be famous for frauds and scams! Of course identity fraud exists, but precisely because everyone expects it, the majority of systems errs on the side of caution and requires validation from multiple sources. The result is that fraud processes become so much harder to pull off that fewer and fewer bad guys attempt it, but on the other hand every validation step becomes a bureaucratic nightmare (“did you include certificate X from office A, Y from office B, and Z from office C, as well as your ID card, health card, tax card, and recent pictures? No? Sorry, no cookie for you.”)
This is also why the country has a pretty secure and advanced way to carry out official acts electronically (PEC) - because otherwise fraud would be even more rampant.
I do agree that the “anglo” hate for ID documents (“such Napoleonic constructs, so barbaric!”) leaves the door open to scammers, but it’s not like they don’t exist in Italy too.
I still have to see a headline like "identity theft ruined my life" in any other language than English. Every single time "furto di identità" makes the news in Italy, it's just about someone impersonating a famous person on social media to scam the followers, which is a completely different thing than in the US.
So yeah of course scams and credit card skimmers exist in Italy (though the US's disdain for chip and PIN would be another interesting topic). Dishonest telemarketers convince gullible people to switch into more expensive utilities contracts. But identity theft in the US is not in any way comparable to "scamming".
And yeah, PEC ("registered email") is pretty cool. :)
Here's a "identity theft ruined my life" story: https://www.ad.nl/tech/hanna-krijgt-door-identiteitsfraude-i...
The problem might be worse in the US and UK, but it's not like it doesn't exist at all in the EU.
If the money acquired by a creditor was what was needed to pay your rent you could be looking at eviction in short order. The law in my state until 2020 required only a 3 day delay to begin eviction for non payment. It used to be possible to be due on May 1st. Receive an eviction notice on May 4th and be homeless by mid month. I think it now takes a whole month for your life to disintegrate.
Being homeless doesn't bode extremely well for you continued employment as a handful of missed days can terminate your employment.
Being jobless doesn't bode well for your health insurance which there is no way you can afford to maintain past employment.
Being without insurance, job, money doesn't bode well for being able to afford medical care hopefully you aren't receiving continuing care for a major medical situation because you might be dead.
I have to hope western Europe isn't remotely like that.
In the US stealing the identity of a 30 year old with decent credit can allow you to rack up a decent bill in their name. In Italy the state pension is universal and is about €14,000 a year and whilst in the US technically you can get far more in social security payments the people who are susceptible to identity theft in that group tend to not be the ones who maxed out their contributions over the past 30-40 years.
If a person dies the identity arguably belongs to their estate, if they don't declare death and use it to make money illegally it's not stolen.
Mate, I’m Italian ;) I might be self-hating at best.
I had to point out to him after class that was a rather boneheaded idea (I'm sure I was a bit more polite than that).
Considering that about 30% of the student body seemed to be from Islip, it was pretty trivial to guess the first three.
Every time you had to show ID anywhere, you were giving your SSN away.
And around 2005 they actually mostly stopped.
1 - And when they say "authentication", they almost always mean what we understand by "non-repudiation".
We had a similar issue in Australia, but our workaround is that your drivers license (or ID card from the equivalent of the DMV) typically acts as your ID.
Alternatively, for minor things, you can make a declaration on your honor. This is super useful in, say, a library where you need to enroll.
Offer Govs/LEO/Biz an alternative that will allow them stronger & less visible influence over the public and it will be adopted yesterday.
> Well, at least they’ve stopped SWATTING you, thank God.
Seems like the SSA will will run out of 9-digit usable numbers in about 1 generation (~70 years).
Then what ?
Is this software's next Y2K ?
That will definitely NOT cause a new bunch of issues!