Data breaches highlight how Social Security number has to be phased out for blockchain, biometrics

The Social Security number shouldn't be the keys to verifying identity. As data breaches pile up, alternative authentication and identification technology needs to be considered.

Broaching the security and privacy implications of the data age

Former CEO of Equifax hasn't gotten much right of late following his former company's data breach and fumbling of the aftermath. But thing Smith has correct is that Social Security need .

In testimony before the US House of Representatives Committee on Financial , Smith was grilled by legislators, but did some agreement when he said the following:

We should consider the creation of a public private partnership to begin a on replacing the Social Security Number as the for identity verification in this country. It is time to have identity verification procedures that match the technological age in which we live.

Social Security numbers were hatched as a way for US citizens to get benefits. Over time, these nine-digit identifiers became the primary way a person is identified. With Social Security numbers part of the haul from the Equifax data breach, it's clear that these identifiers are a single point of failure. The Social Security number is the key to the fraud kingdom and perhaps the ultimate example of legacy infrastructure and processes.

White House Coordinator Rob Joyce said last week that the Social Security identification system is fatally flawed. Speaking at a Cybersecurity Summit, he said "every time we use the Social Security number you pit it at risk." Joyce has asked departments and agencies to kick around ideas to move away from Social Security numbers and use more secure identifiers.

What's unclear is what replaces the Social Security number, which launched in 1936 . The Social Security Administration has issued more than 450 million original Social Security numbers.

Tech Pro Research: Information security incident reporting policy | Lunch and learn: Dealing with the risks of identity theft | TechRepublic: FDIC hit by 50+ breaches in a two year period | Video: 3 billion reasons to change your passwords

Matt Devost, Accenture security cyber defense practice , knows how a compromised Social Security number can a big headache. His Social Security number was compromised 20 years ago.

"The issue we have today is that a Social Security number is kept as a secret to authenticate access and identity," said Devost. "We need to be moving away from that and add biometrics on top of that or the equivalent of a private wallet with blockchain."

Read also: Executive's guide to implementing blockchain technology | How it works: Blockchain explained in 500 words

Devost advocates that the US government would move away from Social Security numbers and replace it with biometrics or a blockchain equivalent. This transition would take years, but in the meantime, industries could use more holistic ways to identify a person. The Social Security number can't be the primary way to access like credit and benefits.

"The Social Security number is not private, but you can verify relationships based on relationships," Devost said.

Indeed, Affirm, a financial services company led by former PayPal CTO Max Levchin, aims to bring fair pricing and to consumer credit. To approve loans, Affirm does a "" credit check and uses home addresses, mobile phone numbers, email addresses, data of birth and last four digits of your Social Security number to verify identity.

Devost noted that Affirm is an example of how relationships at financial institutions can be used to verify identity. Social identities and scraping known data sources can also verify identity and minimize Social Security numbers.

Other security layers could include personal identification numbers as well as private keys.

One to ponder is Estonia's. The country has created a digital identification system and has courted residents. Some UK businesses Estonia's e-residency approach as Brexit insurance.

Estonia has also built an e-residency and deployed blockchain technology. The country is also planning a new digital authentication app for Android and iOS called Smart-ID. To wit:

While this transition away from Social Security numbers is being hashed out, industries could at least implement two-factor authentication and other security layers. For instance, Devost outlines a scenario where a cybercriminal would try to open a credit account in your name and you'd get an in your banking app.

These security layers are easy to implement and use financial institutions and other established accounts to verify a person. "These layered ways would be a great stutter step to something more permanent," Devost said.

The interim measures will important since out Social Security numbers will take decades to implement. A system built today with biometrics or blockchain would be rolled out for U.S. births. The existing population would be grandfathered in. "The new system would roll out as new people are born," Devost said.

The Equifax saga:


Show Comments