As someone in the banking industry, this is the "right" answer. When I got started in banking I was pretty shocked about how easy it was to "authenticate" yourself to open a bank account. For example, this breach has pretty much all the things needed to open an account in someone else's name: Name, SSN, DoB, Address. That's pretty much all the KYC services use for validating an account application.
There are, of course, easily added forms of additional verification - for example, Stripe just added their Identity service which lets you take a picture of your driver's license and then match the image against a selfie. But that puts "friction" in front of the application process, so most banks don't do something like this unless other signals make them think the application has a high fraud risk.
If basically everyone's Name, SSN, DoB and Address is easily viewable public info, this will all change.
On the other side of that, there is such thing as too much friction.
Shortly before BBVA closed them, I was in a back-and-forth to open an account with Simple.
First, my ID was too shiny, then it wasn't black and white, then it wasn't color, then they wanted a picture of my apartment building, then ...
it was just on and on and on for three weeks. It got to the point where I asked what exactly they wanted and they literally told me that they cannot tell me because it would allow me to commit fraud. I asked if I could talk directly to their fraud team to figure out what exactly: nope. Can't do that, they can't talk to you.
So I was expected to either read their minds or play infinite whack-a-mole with them where they say one thing in one email then say the opposite in the next.
Yes, no problem with that. Eventually a long standing established digital identity is needed. Provided by anyone, state, bank, etc. Opening a new one should be easy though, but risk assessment should be done at every step (as the account gains new trust in whatever system).
Security doesn’t appear on a balance sheet, but security expenditures and related depreciating assets certainly do appear. A classic example of measuring the wrong thing.
If you can explain to me how a monthly service where payment is required in full every month requires a credit agreement, I'll (don't know, do something crazy like eating my hat) - this is the standard service provider contract, for some reason it is considered a credit instrument and can land on your credit report.
That being said, you are right, there are prepaid options and postpaid with a deposit ($50) that can put you outside of this SSN requirement on T-Mobile. I guess you have to know to ask for them. It is for credit, that's the only reason they can ask for your SSN.
Everything is credit based now, and for some people their phone bill might even be their first positive (or negative) mark on a credit score rating.
It's credit because, regardless is you pay in full every month, you receive the service before you make the payment. That opens up the service provider to the risk that you'll ring up a huge bill and then skip out on the payment, and all of the rules around credit are designed to mitigate this fact.
The standard service provider contract you mention (in the US) is "postpaid": you pay at the end of the month for the usage you had during that month. This is credit: you use the service, then pay after for what you used. That's opposed to "prepaid" service, where you buy "minutes" or "data" before use, and must manually buy more if you run out.
I have been through many phone sales and the postpaid model does not always have to account for price variability. There are plenty of fixed cost plans with unlimited calling. They will still ask for your social security number and try to make you a new credit account before they tell you there is a deposit option possible.
I have no idea why it would be to the advantage of a business like T-mobile to get you on a postpaid plan when there is no possibility of running up your bill. It's still the option they push on hardest when you walk up to the storefront.
The credit model is the default model. That was my point. I don't know that I had a point.
You shouldn't need to maintain a credit account just to keep a phone number, but I guess it's real estate and that's valuable, they will put it back into the pool if you ever stop paying the bill. I haven't had to deal with these kind of problems myself for a long time, but the pain is still fresh.
There are, of course, easily added forms of additional verification - for example, Stripe just added their Identity service which lets you take a picture of your driver's license and then match the image against a selfie. But that puts "friction" in front of the application process, so most banks don't do something like this unless other signals make them think the application has a high fraud risk.
If basically everyone's Name, SSN, DoB and Address is easily viewable public info, this will all change.