Note: This article contains personal opinions.
This week's news about a woman fraudulently using Social Security numbers of deceased individuals got me thinking. This woman allegedly used the publicly available records on RootsWeb.com to locate people who had recently died. She then took over their credit cards, submitting changes to the mailing addresses for the deceased victims to one of her many rented mail drops and, in some cases, she'd add her own name as an authorized user of the card.
After the story was released, I read comments from several people stating that they shouldn't release Social Security numbers of deceased people. I have read many similar comments in times past. I have one comment:
WRONG!
In fact, releasing Social Security numbers in the SSDI is one of the most powerful identity theft prevention tools available today! Let’s use the data wisely to prevent identity theft.
NOTE: If you are not familiar with the SSDI, please read my article of “Using the Social Security Death Records” at http://blog.eogn.com/eastmans_online_genealogy/2008/04/using-the-socia.html.
Let’s think about this for a moment. Every bank and other organization that issues credit cards must take reasonable steps to prevent fraudulent use of their cards. It strikes me that one of the simplest tasks is to cancel the cards of dead people. The U.S. Government makes that task very simple: the Social Security Administration publishes a complete list of all the Americans who have recently died, complete with the perfect identification tool: their Social Security numbers. The list is updated weekly. Yes, weekly! Any bank that cares anything about security can easily obtain this list for a very modest fee as soon as it becomes available, then run a comparison of those numbers against the bank's customer database. Any matches should result in immediate suspension of that customer's credit card privileges. After all, that customer is dead!
The process of comparing customer records against the SSDI is simple, effective, and cheap. It should be done within days... no, HOURS, of the release of each weekly update to the SSDI. MasterCard, VISA, American Express, and the others have plenty of computing power available. The task of comparing Social Security numbers from newly-released death records against their databases is simple and cheap.
In short, the Social Security Death Index is a very effective identity theft PREVENTION tool. So why aren't the credit card companies using it?
Of course, the “victims” are deceased, so they don't care. The next-of-kin may have to deal with some erroneous charges on the deceased's bills. but there will be no financial loss. All of today's credit cards are fully insured against fraud and theft. The deceased card holders and their heirs will not lose a dime although the heirs may suffer some inconvenience. All financial losses will be borne by the banks and their insurance companies.
Here is a copy-and-paste from the Social Security Administration’s web site. I added the bold text:
"The SSA Death Master File is used by leading government, financial, investigative, credit reporting organization, medical research and other industries to verify identity as well as to prevent fraud and comply with the USA Patriot Act" (http://www.ntis.gov/products/ssa-dmf.aspx). The Social Security Administrations' Death Master File is sold by the U.S. Department of Commerce's National Technical Information Service. The full file is available quarterly, and monthly and weekly updates can also be purchased (http://www.ntis.gov/products/ssa-weekly.aspx and http://www.ntis.gov/pdf/ssdmf-raw%20data%20form.pdf).”
In my opinion, any bank that got scammed by this woman deserves what they got. Any bank or credit card company that is too stupid or too incompetent to use an up-to-date list of known dead people to maintain their customer databases deserves to suffer the financial consequences.
Of course, what can we expect from companies that still use one's mother's maiden name for “security purposes?” They presently use publicly-available information (birth records) improperly and then don't use other publicly-available records (the SSDI) to protect their customers' security. Dumb!
I would suggest that we should not post messages asking for the removal of Social Security Numbers from the SSDI. An old fable jumps to mind: let's not throw the baby out with the bath water.
We, the genealogists who use and understand this data, should do the opposite: we should demand that the banks and credit card companies use the SSDI updates to purge credit card customer databases. In short, let's use the SSDI for what it really is: a very powerful identity theft prevention tool.
Amen !!!
Posted by: Kenny Hedgpeth | April 20, 2008 at 03:19 AM
Right on! I had the same reaction as you when I read the first news reports of the scam.
Posted by: barbara mannlein | April 20, 2008 at 04:05 AM
The USA may be unique in publishing the numbers. They sure don't do that here in the Netherlands. The reason why make some sense - although you really don't have to make the numbers public if you inform the banks directly. Nor do you need to make them public if the identity system were not so easy to hack as it is :-(
If you accept the current system as good enough, I'd still have to conclude that there is insufficient oversight of the banks. Apparently, some don't want to bother with the nominal fees and the work involved, and would rather risk some damages than incur the certain cost of regularly updating their databases. In the end, those damage *are* paid for by the citizens banking with them, in reduced service, increased charges etc.
With sufficient oversight, and the ability to impose significant fines, banks will think twice about cutting corners for short-term gain.
Posted by: T. Jolink | April 20, 2008 at 05:21 AM
One of the dangers of quickly closing accounts due to the posting from Social Security is the fact that (rarely) SSA is in error when stating an individual is deceased.
My own grandfather had his Social Security canceled on him twice as their records somehow reported him deceased on two separate occasions. Each time he had to go through a somewhat lengthy process to prove he was still alive and that he was the individual given the social security number that SSA stated belonged to a deceased person.
Posted by: Raymond T. Wing | April 20, 2008 at 06:51 AM
Why shouldn't congress write into the law that gives free annual reports of credit status to consumers that the Credit Bureaus also be required to close deceased individuals accounts as well.
Posted by: Charlie Smith | April 20, 2008 at 08:30 AM
When a credit card or bank account are shared, closing the account on the death of one of the individuals can create a very real problem for the survivor. Imagine a new widow suddenly having no access to her own funds or to a credit card at a time when she might need it most. Just a thought.
Posted by: Judy Burns | April 20, 2008 at 08:48 AM
If a couple has a joint account with credit cards, if one of them died I would hope the banks don't automatically cancel the credit card as the other spouse might still want to use them! Does this weekly updated list serve to close down cards only in ONE person's name & not joint ones?
Posted by: Candy | April 20, 2008 at 08:50 AM
My father passed away 2 years ago, age 88, and within 2 months the Credit Card company cancelled his credit card. It was the same card used by my Mom, age 84, for years - and it had some bills automatically credited. So suddenly, in the grocery store, her credit card was refused, and her cell phone was turned off, etc. We got it all sorted out, but it was hard on the widow...
Posted by: Jim | April 20, 2008 at 09:25 AM
---> If a couple has a joint account with credit cards, if one of them died I would hope the banks don't automatically cancel the credit card...
That would be easy to do. After all, the banks know how many cards have been issued and to what names. If there is more than one card issued or if there are joint names, it would be trivial to either skip this record or (even better) to send a notice to the other names on the account asking if they want the one card canceled while keeping the others active. That would satisfy both purposes: keep the valid cards active while canceling only the one card that is in the deceased person's name.
- Dick Eastman
Posted by: Dick Eastman | April 20, 2008 at 09:57 AM
Here's one more reason for women to have a separate credit card in their own name!
Posted by: Jeannette | April 20, 2008 at 10:18 AM
Security and privacy clearly take precedence over our hobby. It's easy to say that banks and every single enity with possession of one's credentials should monitor the SSDI and act appropriately, but unless every single one does, there are still vulnerability. And the problems cited in the earlier comments are real... errors in declaring someone dead, widows, etc.
Why not keep SSDI info private, except for certain official purposes, for say a year or more? Other than a few anecdotal stories that are bound to emerge of what a boon it was to have brand-new SSDI information, how important is it really for genealogists to have the absolutely latest SSDI information? Anyone dying now is either a very close relative, for whom you should already have their information if they wanted you to have it, OR they are more distant and it isn't so urgent.
Remember folks, we may be passionate about this, but it's a hobby. It's not life or death, and certainly doesn't rate very high compared to someone else's financial life.
Posted by: Infinite Ancestors | April 20, 2008 at 11:18 AM
Mr. Eastman,
"That would be easy to do. After all, the banks know how many cards have been issued and to what names. If there is more than one card issued or if there are joint names, it would be trivial to either skip this record or (even better) to send a notice to the other names on the account asking if they want the one card canceled while keeping the others active."
Having worked in banking operations at one of the world's largest banks, let me tell you how it is done.
It is simple: they issue a new card to the survivor and cancel the joint one.
Happy Dae.
http://www.ShoeStringGenealogy.com
Posted by: Dae Powell | April 20, 2008 at 11:39 AM
There is another way these criminals can locate Social Security Numbers. Some local libraries offer access to America's Geneaolgy Bank for free, which also offers access to the SSDI. Criminals are always going to find a way to work around the system. The best thing the rest of us can do is get your free annual credit report (which everyone is entitled to) and if you use online banking, check your accounts regularly. It's sad, but true!
Posted by: Cheryl | April 20, 2008 at 11:46 AM
I have some very recent experience with this issue. When my father passed, the bank didn't reissue cards or close any accounts. When my mother passed the bank didn't close accounts or reissue a card for me - I was added to the account, as a signer, after my Dad passed. I had to call the credit card division of the bank and argue with them to get them to close the credit card (zero balance) account. I had closed the bank accounts already but that didn't affect the credit card account. This was a major bank I was dealing with. Then the credit card division tried to transfer the account to me and I was not an originator of the account, I was just a signer to make things easier for my mother. My experience - banks don't want to close any credit card accounts if there is anybody still alive that they can transfer the account to even when all original owners of the account have died. Unfortunately, in this case the transfer of the account was fraudulent.
Posted by: Lynn | April 20, 2008 at 01:48 PM
If at the time you sign up for a credit card, you ask the bank what they do when you die, and many others do the same thing, perhaps the banks will realize they should be addressing this issue. This is called "a free market solution."
Posted by: Israel Pickholtz | April 20, 2008 at 02:19 PM
If we're interested in stopping misuse of social security numbers, I would like to remind you younger-than-65 year olds, that one's Medicare Number IS your social security number! And, if you're traveling, you MUST have the card with you in case you need medical care. So, if you lose, or have your wallet stolen - inside is your driver's license with name and address, social security number, and credit cards! When mine was stolen, the thief waited 30 days, then called up the card company and said, "Oh, you know that new card you sent? I just accidently ground it up. Would you please overnight me a new one? And, by the way my address has changed..." She got two cards within two days, changed the address on MY account which now invalidated MY newest card, and created a mess! Even with the new address (and therefore the thief) nothing was done to arrest her, even though I filled out a police report, called the FCC, etc etc. It's a billion dollar industry... I'm for keeping the death index, though.
Posted by: JINNY COLLINS | April 20, 2008 at 02:40 PM
If one searches by year of death and by state only, it is possible to get an idea of what SSDI entries have been recorded for the pre-1962 period. Personal research shows that some states are adding 1-2,000 older records to the database per year for these earlier years.
Unfortunately, an effort should be made to clean up the database. I just checked and find 88 records with a reported date of death as 1900. In one case a man born in Sep 1899 died in Jan 1900. Hummmmm...
Posted by: Wally Waits | April 20, 2008 at 08:36 PM
Simple solution - make it illegal to use social security numbers for identification purposes, as the government promised they never would be used when it instituted Social Security. My original card had "not for identification purposes" printed right on it.
The computer geeks are the ones who caused this problem by insisting on using SS numbers to identify people.
Posted by: Ted Rice | April 20, 2008 at 09:43 PM
Remember, credit card companies with open accounts are able to use the credit limits as ASSETS, even if there is no outstanding balance. They then fractionize these amounts because they can loan several hundred percent more based on the credit limits. So they aren't really interested in cancelling credit cards, period.
Here's one solution: (tongue in cheek) Be sure and cancel your credit cards before you die.
This is so priceless, and so, so easy to see happening, customer service being what it is today.
A lady died this past January, and Citibank billed her for February and March for their annual service charges on her credit card, and added late fees and interest on the monthly charge. The balance had been $0.00 when she died, but now somewhere around $60.00. A family member placed a call to Citibank. !
Here is the exchange:
Family Member: 'I am calling to tell you she died back in January.'
Citibank : 'The account was never closed and the late fees and charges still apply.'
Family Member : 'Maybe, you should turn it over to collections.'
Citibank : 'Since it is two months past due, it al ready has been.'
Family Member : So, what will they do when they find out she is dead?'
Citibank : 'Either report her account to frauds division or report her to the credit bureau, maybe both!'
Family Member : 'Do you think God will be mad at her?'
Citibank: 'Excuse me?'
Family Member : 'Did you just get what I was telling you - the part about her being dead?'
Citibank : 'Sir, you'll have to speak to my supervisor.'
Supervisor gets on the phone:
Family Member : 'I'm calling to tell you, she died back in January with a $0 balance.'
Citibank : 'The account was never closed and late fees and charges still apply.'
Famil y Member : 'You mean you want to collect from her estate?'
Citibank : (Stammer) 'Are you her lawyer?'
Family Member : 'No, I'm her great nephew.' (Lawyer info was given)
Citibank: 'Could you fax us a certificate of death?'
Family Member 'Sure.' (Fax number was given )
After they get the fax:
Citibank : 'Our system just isn't setup for death. I don't know what more I can do to help.'
Family Member : 'Well, if you figure it out, great! If not, you could just keep billing her. She won't care.'
Citibank: 'Well, the late fees and charges do still apply.' (What is wrong with these people?!?)
Family Member : 'Would you like her new billing address?'
Citibank : 'That might help.'
Family Member : ' Odessa Memorial Cemetery , Highway 129, Plot Number 69.'
Citibank : 'Sir, that's a cemetery!'
Family Member : 'What do you do with dead people on your planet???
Posted by: AGS-Golden | April 20, 2008 at 11:35 PM
I have found several family members deceased on the Social Security Death Index that I would not have known about otherwise so I find the Index very valuable. My question is why do they need to publish the complete Social Security number on the index? I did not know the Social Security number of any of the family members I look for but I was able to find them anyway. If they would print just the first three numbers so that you would know where the number was issued but not the complete number I think that would solve the problem. After all when you receive the notice of your earnings every year from Social Security before you file they only put the last four numbers of your Social Security number on the paper and credit cards are only putting the last numbers of your credit card on their bills now.
Posted by: jg | April 21, 2008 at 03:35 AM
I must be missing something here. Granted, the woman got a deceased SSN. How did she get the credit card number(s) for the account(s) she hijacked.
I'd like to think that credit card issuers would expect to have the credit card number included as a piece of required information before theychange a mailing address for statements.
Tom
Posted by: Tom | April 21, 2008 at 08:11 AM
WARNING! This is very possible because banks don't necessarily have the SSN for all their customers. I know that sounds really stupid (and it is) but I work at a huge nationwide bank and last summer I discovered that about 10% of all the customer records were missing the SSN. I could hardly believe it! I'm talking MILLIONS of accounts. I dug in and found out that these accounts are those that a bank took on in a merger with another bank or when banks buy credit card accounts or loans in bulk from other banks. The bank knows about these but doesn't do anything about it because they are embarassed to admit they don't have the info. I am absolutely, dead serious. I was shocked at the stupidity of it and how the bank is so uninterested in protecting the customers' accounts. Without an SSN on file the person calling can identify themselves in other ways....like the amount of the last transaction (easily pulled from someone's trash)...or previous addresses on the account, or mother's maiden name, etc. No one ever looks at a signature card. BEWARE. Enough said.
Posted by: TBE | April 21, 2008 at 10:51 AM
Apparently some credit card companies and banks do update their SSDI information.
A couple of years ago a friend of mine was opening a new credit account for a potential customer at a local chain store. When she checked the SSN of the customer she found that the young man was using the SSN of a woman who had died a couple of years earlier at the age of 88. She told the young man that he did not look like the person he claimed to be, not telling him that she had checked the SSN. He left, believing that the picture of the original person (not the SSN) was being used for ID.
Posted by: Judith Reesor | April 21, 2008 at 01:38 PM
Reputable undertakers notify Social Security, as there is a SSA benefit paid toward funeral costs. As executor of three estates in the last two years,I sent each credit bureau a copy of the death certificate (with SS#). Banks, insurance companies (of all types), utilities, potential employers, any "personal" search, all check credit ratings. When credit bureaus see you are "deceased" (true or not), it is so difficult to prove otherwise identity thieves are likely to find an easier target. The bureaus only accept the information from executors/personal reps; be sure the person doing this for your deceased family member is aware.
As for Citibank. Familiarize yourself with their financial condition over the past year. They have good reason to want any fee they can intimidate from you. Take issue in writing - phone calls are a waste of time. Credit law varies by state. Stick with it.
Posted by: pkf | April 21, 2008 at 04:03 PM