Note: This article contains personal opinions.
This week's news about a woman fraudulently using Social Security numbers of deceased individuals got me thinking. This woman allegedly used the publicly available records on RootsWeb.com to locate people who had recently died. She then took over their credit cards, submitting changes to the mailing addresses for the deceased victims to one of her many rented mail drops and, in some cases, she'd add her own name as an authorized user of the card.
After the story was released, I read comments from several people stating that they shouldn't release Social Security numbers of deceased people. I have read many similar comments in times past. I have one comment:
WRONG!
In fact, releasing Social Security numbers in the SSDI is one of the most powerful identity theft prevention tools available today! Let’s use the data wisely to prevent identity theft.
NOTE: If you are not familiar with the SSDI, please read my article of “Using the Social Security Death Records” at http://blog.eogn.com/eastmans_online_genealogy/2008/04/using-the-socia.html.
Let’s think about this for a moment. Every bank and other organization that issues credit cards must take reasonable steps to prevent fraudulent use of their cards. It strikes me that one of the simplest tasks is to cancel the cards of dead people. The U.S. Government makes that task very simple: the Social Security Administration publishes a complete list of all the Americans who have recently died, complete with the perfect identification tool: their Social Security numbers. The list is updated weekly. Yes, weekly! Any bank that cares anything about security can easily obtain this list for a very modest fee as soon as it becomes available, then run a comparison of those numbers against the bank's customer database. Any matches should result in immediate suspension of that customer's credit card privileges. After all, that customer is dead!
The process of comparing customer records against the SSDI is simple, effective, and cheap. It should be done within days... no, HOURS, of the release of each weekly update to the SSDI. MasterCard, VISA, American Express, and the others have plenty of computing power available. The task of comparing Social Security numbers from newly-released death records against their databases is simple and cheap.
In short, the Social Security Death Index is a very effective identity theft PREVENTION tool. So why aren't the credit card companies using it?
Of course, the “victims” are deceased, so they don't care. The next-of-kin may have to deal with some erroneous charges on the deceased's bills. but there will be no financial loss. All of today's credit cards are fully insured against fraud and theft. The deceased card holders and their heirs will not lose a dime although the heirs may suffer some inconvenience. All financial losses will be borne by the banks and their insurance companies.
Here is a copy-and-paste from the Social Security Administration’s web site. I added the bold text:
"The SSA Death Master File is used by leading government, financial, investigative, credit reporting organization, medical research and other industries to verify identity as well as to prevent fraud and comply with the USA Patriot Act" (http://www.ntis.gov/products/ssa-dmf.aspx). The Social Security Administrations' Death Master File is sold by the U.S. Department of Commerce's National Technical Information Service. The full file is available quarterly, and monthly and weekly updates can also be purchased (http://www.ntis.gov/products/ssa-weekly.aspx and http://www.ntis.gov/pdf/ssdmf-raw%20data%20form.pdf).”
In my opinion, any bank that got scammed by this woman deserves what they got. Any bank or credit card company that is too stupid or too incompetent to use an up-to-date list of known dead people to maintain their customer databases deserves to suffer the financial consequences.
Of course, what can we expect from companies that still use one's mother's maiden name for “security purposes?” They presently use publicly-available information (birth records) improperly and then don't use other publicly-available records (the SSDI) to protect their customers' security. Dumb!
I would suggest that we should not post messages asking for the removal of Social Security Numbers from the SSDI. An old fable jumps to mind: let's not throw the baby out with the bath water.
We, the genealogists who use and understand this data, should do the opposite: we should demand that the banks and credit card companies use the SSDI updates to purge credit card customer databases. In short, let's use the SSDI for what it really is: a very powerful identity theft prevention tool.
