Try our Search!

How Social Security Numbers Feed Identity Thieves
Jeff Pasternack

If you read the last two issues, you know how easy it is for someone to purchase your social security number and other personal data, steal your identity, pocket a quick $12,000 and leave your future a royal mess. One reader said that my last article was irresponsible because I provided a blueprint for committing this crime. My response? If my readers, who are mostly healthcare and association professionals, are so poorly paid that they are would supplement their income via crime, then they might as well commit a tech-savvy crime as opposed to something as blasé as overcharging Medicare or misappropriating funds. She was non-plussed. Anyway, I promised to provide you with information about avoiding identify theft in this third segment, so let's go.

First, I need to distinguish between account takeover and identity theft. Account takeover is like the crime I described last month where a person takes over one or more of your credit card accounts and uses it in a hit-and-run kind of fashion. As a victim, your liability is very limited and the implications insofar as having long-term problems are probably minimal. Identity theft is substantially more pernicious as it involves someone obtaining your social security number and actually pretending to be you on many more levels than just financial.

The social security number is the lynchpin that connects individuals to government and societal institutions. Its use throughout our social structure is ubiquitous; merely presenting it is often proof of identity. This is a substantial ingredient of the pie that is leading to the identity theft feast. How big is the buffet table? The Boston-based Aberdeen Group predicted that financial losses related to identity theft in the U.S. reached $73.8 billion in 2003. Yes, billion, with a "B." On a global basis, the financial loss is expected to reach $2 trillion by the end of 2005. Yes, trillion with a "T." That's a big feast when you consider that my example last month was only good for $12,000. If I were an attorney from an allegedly large firm and had tormented an innocent part-time writer who might have access to my social security number and other personal data, I'd be concerned about what could happen if that data were provided to someone in, say, Belarus. Anyway, the fact is that once a social security number is compromised (available for $42 from ChoicePoint), there is no telling when problems will arise or for how long they will continue.

Another part of the problem is that we have no idea about who has our data or what they are doing to protect it. I know that several banks have my data, as do past employers, clients, doctors, insurers, countless government agencies and schools. In fact, I could assemble a list of over 100 entities that I think have it and I'd probably only hit 10 percent of those that actually do. Depending how you look at it, this liability is greater than my mortgage.

In the old days, people deposited money in a bank because they were confident in the quality of the vault. If it was compromised, then the bank's insurance would cover the loss. Then bankers got in the business of stealing…ah…improperly investing…money (S&L crisis ring a bell?) and so banks bought more insurance (FDIC). Fact is, in most circumstances where the bank becomes permanently separated from my money, they are liable. But what about my personal data? If a bank's database is hacked, or simply copied and sold off, who's liable then? What's more valuable…the $1000 in my account or my identity?

Questions like these prompted the creation of California's Senate Bill 1386, which became operative in 2003. Essentially, it requires state agencies, businesses and individuals who own or license computerized data to notify any resident whose unencrypted data was acquired by an unauthorized person. I initially raised an eyebrow at the use of the word "unencrypted" but, on second thought, its probably not a good idea at this, or any, point in time for legislators to establish levels of encryption. Regardless, in the words of Mark Durham, communications director for a company called Identity Theft 911, "institutions which hold personal data must be held to a standard that is higher than those to which they are currently held." I expect that this bill is the first of many to come.

SB1386 also begets the next questions: what do I do once I am notified that my data has been compromised? How will I ever know when the risk is alleviated? Who do I call? Ghostbusters?

The truth is that the number of agencies and institutions to call is far too great to list here, so go to as our tax dollars bought some solid advice. There are things that you may not have considered that are on this site, so do pay attention.

I was also curious about the likelihood of becoming a victim. Being the lazy sort of part-time, under-compensated writer that I am, I decided that I would insult someone somewhere into submission and cajole him/her into doing the math for me. After practicing my insults on my neighbor's dog, I quickly learned that, aside from the fact that this dog does math slightly better than the neighbor, the Federal Trade Commission and the Department of Justice don't agree on how many cases of identity theft there were in 2002 or 2003. The range is from about 214,000 to 700,000. As about 200 million Americans have credit files, the odds of becoming a victim float between .35 percent and .11 percent.

If those odds concern you, you can buy identity theft insurance for about $75. Some homeowner's policies may also provide coverage as well. Although I toyed with the idea of introducing you to the concept of insurers benefiting from fraud, I'll postpone that for another issue of TPR and, if you're interested in this type of insurance, Google it.

Truth is, aside from buying a shredder and shredding anything with your personal information on it, the best defense against identity theft is education. Companies like National Fraud Center and Identity Theft 911 provide a vast array of educational and consultative services and products. "Consumers need to become more educated about who has their data, what data is usable by criminals and how it can be protected," said Identity Theft 911's Mark Durham. I couldn't agree more.


Jeff Pasternack is the president of Dynamic Consulting Group and author of the TechnoPeasant Review. If you have questions about technology or comments about this column, please write to him at


Jeff Pasternack is the president of Dynamic Consulting Group, a franchise partner of 1-800-GOT-JUNK? and author of the TechnoPeasant Review.
If you have questions or comments about this column, please write to him at