… what is the impact on the overall risk of identity fraud?
This occurred to me when I read a
prediction that by the middle of this year this would be the case [at least I think that was the prediction, and I can't find it right now - please forward to me if you find it. thanks.]
I don’t recall any discussion about this, and I think it is trickier than it sounds. I inferred from the point that this was entirely "A Bad Thing" but that is not obvious to me. It seems like it would be in the best interest of anyone who has had their SSNs stolen to hope for more of the same, in an attempt to reduce their own risk of fraud (because there are more identities to choose from). Of course, this assumes that there is some satiating level for fraudulent activity.
I think the real question may be one of supply and demand – are there enough SSNs out there to meet the demand from buyers/perpetrators, or not? If yes, then the assumption holds and I think the overall risk reaches some sort of equilibrium point. If not, then everyone’s risk may have slightly increased.
Update: Links to previous posts on this topic.
- Estimate the number of people with defendable access to your SSN here.
- Learn about why we should just publish all SSNs and get it over with here.
This idea occured to me too (after the recent data loss/theft incidents in the UK), and here is how I was looking at it. The SSN has historically been regarded to be a personal secret and was (understandably) used as a means of authentication, has it not? Assuming that this still is somewhat the case: if everyone loses their SSN (or its newly born Dutch cousin ‘Burger Service Nummer’ when taking a view from the Netherlands where I live), the remaining value of it as a means of authentication (finally) drops to zero.
If everyone’s SSN is publicly known, governmental, financial and commercial institutions are forced to (finally) move away from accepting mere knowledge of some personal information as sufficient way of authentication to buy some service. This, then, mitigates each individual’s risk of having their personal data be abused throughout such practices. Ofcourse this is all very speculative.
Unfortunately, disclosing everyone’s SSN, intentionally or not, might ring in the first phase of a privacy disaster. Then again, the latter is perhaps a dying and cliché way of looking at things.
@Matthijs -
I agree wholeheartedly, though perhaps more vehemently.
Pete