In the light of the recent hacks to Sony Pictures, Anthem, Target and Home Depot have shown us that data and security breaches are here to stay. Don’t get me wrong, this is not an excuse for IT departments and business to not pursue securing and encrypting data but seems like the way things are going, credit frauds will be a more common thing than normal.
Part of the problem is that we have a reactonary culture to the problem, for example. If your credit is dinged, the only way, unless you have a police report or pay 30 dollars each time you want to freeze or thaw it. After the damage is done you will have to go back and amend things even after you hire services like lifelock or similar and sometimes the damage is already done.
The root of the problem
In the era of oversharing, and social networks seems to me that we should try to modernize a system that is by definition insecure. The real issue lies in the fact that we are asked to keep 9 digits secret and our lifes credibility revolves around such secret. Every time you create a new account, even for the simplest and most irrelevant websites, you are asked to use at least 8 characters at least one number, one special character one upper case letter. With Social Security numbers being only 9 digits long it means that a computer running would take less than a minute to brute-force a match.
With financial losses of more than 20 billion and more than 16 million people affected per year, I do believe that there can be an investment of a few million dollars to fix it but until that happens we need to start the discussion of ideas of what we can do to change this situation.
My Suggested Solutions
At the government level
Flat out, Social Security numbers should not be used as a population ID number for nothing other than for Social Security. It is debatable that, given that SSNs can only allocate 999-99-9999 people or in other words 1 billion of population. Since its inception in 1935, population has doubled and that is 1/3rd of the planned number. With population changes, we may be close to needing to recycle numbers or simply adding more digits.
I suggest that a new population number and ID to be created that number can be used for paying taxes, voting, birth and death certificates, passports, etc. Such system should contain a combination that all together creates a unique and meaningful number for the population. This new ID would allow digits, characters and unique id’s. This would make it a little harder for computers to guess/brute force the number but at the same time it is easy to remember.
Those who complain about big brother having too much info, I believe that at this point the government does not have accurate info and that there are gaps for it to work adequately. Its simple, you are a citizen of the United States, you need to be recognized by the United States.
At the creditor level
If we use 2 factor authentication for our important passwords. Why not use it for our most important password/number. If a verification key is failed, then do not allow the credit.
Every person that wants to be a subject of credit should register with the major creditors and provide contact information.
At the end of the day, we end up doing this when we fix our credit, why not be proactive and not be reactive.
At the personal level
As much as we can ensure or minimize the odds, keeping things in the right place. Identities encrypted and information protected will be vital to keep everyone’s information secure.