Getting rid of Social Security numbers.

Discussion in 'Politics, Religion, Social Issues' started by PracticalMac, Oct 3, 2017.

  1. PracticalMac macrumors 68030

    PracticalMac

    Joined:
    Jan 22, 2009
    Location:
    Houston, TX
    #1
    Finally something Trump is doing right!

    That 10 digit number for Social Security ID is a massive security hole in American security.
    More like Social IN-security, very easy to be stolen and abused.

    I been saying it had to be replaced decades ago, and FINALLY someone talking about it!
     
  2. LIVEFRMNYC macrumors 604

    Joined:
    Oct 27, 2009
    #2
    Waiting for the massive conspiracy theories on this one. :D
     
  3. bradl macrumors 68040

    bradl

    Joined:
    Jun 16, 2008
    #3
    Less conspiracy, more irony. Equifax is wanting to do away with something that they exposed through their data breach.

    BL.
     
  4. PracticalMac thread starter macrumors 68030

    PracticalMac

    Joined:
    Jan 22, 2009
    Location:
    Houston, TX
    #4
    Yes, they F###ed up, but does not less the danger of some other breach, maybe in SS itself.
     
  5. samcraig macrumors P6

    Joined:
    Jun 22, 2009
    Location:
    USA
  6. oneMadRssn macrumors 601

    oneMadRssn

    Joined:
    Sep 8, 2011
    Location:
    New England
    #6
    All financial documents like credit applications and whatever should be secured and verified with a public/private key system.

    You encrypt a credit application with your private key (you don't ever tell anyone, ever, ever, your private key). The bank can decrypt it with your public key, which everyone can know it doesn't matter. If it doesn't decrypt right, it's a fraud. If it does, the identity of the sender is verified. Easy peasy.
     
  7. MacNut macrumors Core

    MacNut

    Joined:
    Jan 4, 2002
    Location:
    CT
    #7
    In theory it’s a good idea but it will never happen. People were unable to program the clock on their VCR. How will they figure out an encryption key. And the banks don’t want to bother with extra steps to steal your money.
     
  8. oneMadRssn macrumors 601

    oneMadRssn

    Joined:
    Sep 8, 2011
    Location:
    New England
    #8
    Hey man, programming the clock on a VCR was hard - so many tiny buttons and no actual screen or UI to know what's going on.

    This is easy - just don't use scary words like "encryption." Tell people there is a password that they should only type in on their own computers and never share with anyone, and a funny phrase that they can share with anyone. That's it. The rest is handled on the backend.

    As for getting banks on board - they'll get on board once they realize how much they save. Fraud costs them money, cutting down on fraud by even 10% would save the banking industry millions.
     
  9. bradl macrumors 68040

    bradl

    Joined:
    Jun 16, 2008
    #9
    Needs to go further than just that. Public/private key encryption is a step in the right direction, but depending on the bit length of the key, let alone the cipher used for encryption, it can easily be hacked.

    For example: there are still some banks using RC4 encryption. That has already been proven vulnerable, as well as SSLv1, and SSLv2. Needs to be stronger than that.

    Enter in TFA with tokenized encryption. Present the two things you need for verification:
    1. who you are, and
    2. what you have.
    Public/private key can work for the first part, let alone something to identify you. But along with that, add in something that is tokenized, and give the user one part of that token. When that token is submitted, and matches the rest of the encrypted string of a given piece of data, and it matches, the data is retrieved. When the transaction is complete for that session, the data is re-encrypted, and a new token created. And those who maintain the data are never given that token, so they have no other means to retrieve it.

    That way, no-one but the system, and the user with the matching token can get full access to that encrypted data. Combine that with a solid bit-length key for public/private keys, and you have a solid make-up.

    Oh yes, then full disk encryption as well, so that even if the data is physically stolen, no access to that data can be given.

    BL.
     
  10. Mlrollin91 macrumors G5

    Mlrollin91

    Joined:
    Nov 20, 2008
    Location:
    Ventura County
    #10
    10 digits? Last time I checked mine was 9. o_O My phone number is 10 digits :p
     
  11. PracticalMac thread starter macrumors 68030

    PracticalMac

    Joined:
    Jan 22, 2009
    Location:
    Houston, TX
    #11
    Yah right. cant count today. :confused:
     
  12. Zombie Acorn macrumors 65816

    Zombie Acorn

    Joined:
    Feb 2, 2009
    Location:
    Toronto, Ontario
    #12
    Need a better system for credit reporting as well. Equifax should be out of business right now.
     
  13. rdrr macrumors 6502a

    rdrr

    Joined:
    Nov 20, 2003
    Location:
    NH
    #13
    Encryption is too complex for the average American. Also encryption algorithms become outdated, and a good encryption plan includes rotating the keys periodically (yearly at minimum).

    Voice, finger prints, and facial recognition have their problem as well.

    Whatever the solution, it probably will be a long conversion.
     
  14. PracticalMac thread starter macrumors 68030

    PracticalMac

    Joined:
    Jan 22, 2009
    Location:
    Houston, TX
    #14
    Kinda like S&P not watching the banks for passing off junk mortgages, then come 2007 collapse.
     
  15. dogslobber macrumors 68040

    dogslobber

    Joined:
    Oct 19, 2014
    Location:
    Apple Campus, Cupertino CA
    #15
    There shouldn't be ANY system for credit reporting. Companies like Equifax are private corporations which leach of the existence of humans going about their business. A spy file on an individual held by a private company. That's exactly what a credit file is and these corporations should be erased from existence.

    Note also that SSNs should be used for, just that, social security. Requiring them to connect cable or get a mobile phone is overreaching by private corporations and this practice should be outlawed.
     
  16. Zombie Acorn macrumors 65816

    Zombie Acorn

    Joined:
    Feb 2, 2009
    Location:
    Toronto, Ontario
    #16
    This was my initial reaction, but then how do you do a risk assessment when giving someone a $500k loan for a house? Perhaps a decentralized system might work.
     
  17. dogslobber macrumors 68040

    dogslobber

    Joined:
    Oct 19, 2014
    Location:
    Apple Campus, Cupertino CA
    #17
    Income verification is all that's needed. Do you have 20% downpayment of the purchase price and mortgage is not more than 2.5x your earnings per year? Yes? then here's the mortgage. No? Well no mortgage for you as you're out of your financial depth.
     
  18. rjohnstone macrumors 68040

    rjohnstone

    Joined:
    Dec 28, 2007
    Location:
    PHX, AZ.
    #18
    A little more info than that is required.
    Needing to know if you're a deadbeat when it comes to paying on time is important info to have.
    Houses are not a real big risk when it comes to deadbeats as the property that can be seized by the lender.
    Cars and other "portable" goods actually require more scrutiny as they can be more difficult to reposes.
    Getting cash loans are the riskiest of all. No way to repo cash once it's spent.
     
  19. dogslobber macrumors 68040

    dogslobber

    Joined:
    Oct 19, 2014
    Location:
    Apple Campus, Cupertino CA
    #19
    I have no money but want a widget. Millennial: give me it now = debt. Not millennial: I’ll save money to buy it.
     
  20. 0007776 Suspended

    0007776

    Joined:
    Jul 11, 2006
    Location:
    Somewhere
    #20
    I’m pretty sure the Boomers have a good chunk of the debt in his country once you exclude student loans.
     
  21. dogslobber macrumors 68040

    dogslobber

    Joined:
    Oct 19, 2014
    Location:
    Apple Campus, Cupertino CA
    #21
    To feed their millennial children's widget habits?
     
  22. 0007776 Suspended

    0007776

    Joined:
    Jul 11, 2006
    Location:
    Somewhere
    #22
    To feed their desire to indulge themselves at all times.
     
  23. pdqgp macrumors 68020

    pdqgp

    Joined:
    Mar 23, 2010
    #23
    ^^ this. I went-off on our cable company the other day because the guy at tech support wanted to verify my SS# and or Drivers License #. I was like WTF? I typed the last four of my SS# that I'm sure they've had for years when I called. I answered the security questions when we got on the line together....questions I set up. They have caller ID, etc. They know who I am. I can even give them the last four of the credit card I pay my bill with, etc.

    I had to inform him that in the end, if he thinks I'm giving a phone support guy any real information other than the 5 ways they already know it's me then he can put his supervisor on the phone.
     

Share This Page

22 October 3, 2017