For example: my bank uses the last digits of the SSN to login..
so all you need to compromise my account is my account number and the last four digits of my SSN. and how does one get my SSN or bank account number?? dumpster diving!!.. also: some websites use the SSN as the login.. and then some people use the last four digits of their SSN as the password... A word to the wise: Never use any number/symbol/name for an account/password/identity when security is a concern.. d. --- Griff Palmer <[EMAIL PROTECTED]> wrote: > Computer Professionals for Social Responsiblity has > a good FAQ on Social > Security numbers at: > > http://www.cpsr.org/cpsr/privacy/ssn/SSN-History.html > > CPSR says the Privacy Act of 1974 is the principal > federal statutory > authority governing solicitation and use of Social > Security numbers. That > prohibits government agencies from requiring that a > person give his/her SSN > as a condition of receiving the agency's services, > and from taking punitive > action against people who refuse to divulge their > SSNs. > > The 1974 Privacy Act doesn't place any such > restrictions on private > companies. > > For tax-reporting purposes, the IRS requires > employers to gather employees' > Social Security numbers. I'm sure there's a complex > web of state statutes, > case law, contract law, etc. that speak to what > employers may and may not do > with employees' SSNs. > > As a practical matter, using only the last 4 digits > of an employee's SSN > gives some measure of protection to the employee. > It's important to remember, > though, that a variety of personal financial > services companies use the last > 4 digits of a person's SSN as part of the > identifying information that gives > access to that person's account information, so > there is a potential for harm > from accidental release of even the last 4 digits of > an employee's SSN. > > > Griff Palmer > > > On Monday 04 November 2002 02:45 pm, you wrote: > > How legal is the use of the SSN for > authentication. My understanding > > is that the SSN is to be used by state and federal > government only > > Please, any legal expert, help us to understand > the issue > > Thank you > > > > -----Original Message----- > > From: Jim Lawton [mailto:[EMAIL PROTECTED]] > > Sent: Saturday, November 02, 2002 8:00 AM > > To: [EMAIL PROTECTED] > > Subject: Risk of using SS#s (last 4 digits) for > authentication > > > > > > We are currently considerring the limited use of > employee's Social Security > > numbers to authenticate them when they request a > password reset from the > > Help Desk. We have chosen two items (in total) > for authenticating them: > > their employee # and the last 4 digits of their > SS#. Only the last 4 > > digits would be stored in the Help Desk app, and > these would be viewable > > only by Help Desk technicians. They would only be > able to see them by > > selecting a specific toolbar button (the SS# > screen would not visible at > > all times). > > > > We are concerned with the privacy issue potential > if we use any part of a > > SS# but are unaware of any legal precedent, > standard or guideline either > > supporting or against this use. Does anyone have > knowledge they can share, > > or know of web resources that might be useful to > research this issue? > > > > We are a corporation of roughly 1200 specializig > in healthcare, and HIPAA > > privacy/security regs, NCQA and URAC acredidations > must be taken into > > consideration. > > > > Thanks in advance for any suggestions or > information. > > > > JBL > > > > > > > > > > > _________________________________________________________________ > > Surf the Web without missing calls! Get MSN > Broadband. > > http://resourcecenter.msn.com/access/plans/freeactivation.asp __________________________________________________ Do you Yahoo!? Yahoo! Web Hosting - Let the expert host your site http://webhosting.yahoo.com
