Social Security Numbers:
Ensuring the Integrity of the SSN
GAO-03-941T: Published: Jul 10, 2003. Publicly Released: Jul 10, 2003.
In 1936, the Social Security Administration (SSA) established the Social Security Number (SSN) to track worker's earnings for social security benefit purposes. However, the SSN is also used for a myriad of non-Social Security purposes. Today, the SSN is used, in part, as a verification tool for services such as child support collection, law enforcement enhancements, and issuing credit to individuals. Although these uses of SSNs are beneficial to the public, SSNs are also a key piece of information in creating false identities. Moreover, the aggregation of personal information, such as SSNs, in large corporate databases, as well as the public display of SSNs in various public records, may provide criminals the opportunity to commit identity crimes. SSA, the originator of the SSN, is responsible for ensuring SSN integrity and verifying the authenticity of identification documents used to obtain SSNs. Although Congress has passed a number of laws to protect an individual's privacy, the continued use and reliance on SSNs by private and public sector entities and the potential for misuse underscores the importance of identifying areas that can be strengthened. Accordingly, this testimony focuses on describing (1) public and private sector use and display of SSNs, and (2) SSA's role in preventing the proliferation of false identities.
Public and some private sector entities rely extensively on SSNs. We reported last year that federal, state and county government agencies rely on the SSN to manage records, verify eligibility of benefit applicants, and collect outstanding debt. SSNs are also displayed on a number of public record documents that are routinely made available to the public. To improve customer service, some state and local government entities are considering placing more public records on the Internet. In addition, some private sector entities have come to rely on the SSN as an identifier, using it and other information to accumulate information about individuals. This is particularly true of entities that amass public and private data, including SSNs, for resale. Certain laws have helped to restrict the use of SSN and other information by these private sector entities to specific purposes. However, as a result of the increased use and availability of SSN information and other data, more and more personal information is being centralized into various corporate and public databases. Because SSNs are often the identifier of choice among individuals seeking to create false identities, to the extent that personal information is aggregated in public and private sector databases it becomes vulnerable to misuse. As the agency responsible for issuing SSNs and maintaining the earnings records for millions of SSN holders, SSA plays a unique role in helping to prevent the proliferation of false identities. Following the events of September 11, 2001, SSA formed a task force to address weaknesses in the enumeration process and developed major new initiatives to prevent the inappropriate assignment of SSNs to non-citizens, who represent the bulk of new SSNs issued by SSA's 1,333 field offices. SSA now requires field staff to verify the identity information and immigration status of all non-citizen applicants with the Department of Homeland Security (DHS), prior to issuing an SSN. However, other areas remain vulnerable and could be targeted by those seeking fraudulent SSNs. These include SSA's process for assigning social security numbers for children under age one and issuing replacement social security cards. SSA also provides a service to states to verify the SSNs of driver license applicants. Fewer than half the states have used SSA's service and the extent to which they regularly use it varies. Factors such as cost, problems with system reliability, and state priorities and policies affect states' use SSA's service. We also identified a weakness in SSA's verification service that exposes some states to fraud by those using the SSNs of deceased persons.