NOTE: A newsletter reader wrote this week asking abut publishing the Social Security numbers of deceased people that she found on a web site. She wrote, "...which even lists social security numbers of deceased persons. How ... can this outfit secure and publish all this information?"I have read comments from several people stating that the Social Security Administration should not release Social Security numbers of deceased people. The claim is that would-be thieves can obtain numbers from the list (called the Social Security Death Index, or SSDI) and therefore publishing these numbers contributes to identity theft. I have one comment:
I referred her to an article I wrote five years ago explaining why the publishing of deceased individuals' Social Security numbers actually REDUCES identity theft, instead of what some politicians and bureaucrats would like you to believe. However, I noticed the article was a bit out of date. While accurate when it was written, several things have changed in the past five years and the article needs updating. I have now updated the original article and am re-publishing it again.
NOTE: If you are not familiar with the SSDI, please read my article of “Using the Social Security Death Records” at http://blog.eogn.com/eastmans_online_genealogy/2008/04/using-the-socia.html.First of all, the SSDI is not the sole provider of Social Security Numbers. Anyone can obtain hundreds of Social Security numbers of LIVING and deceased individuals by slipping a twenty dollar bill to a dishonest employee of almost any insurance company, credit reporting agency, bank, many governmental offices, or even to an employee of the Social Security Administration itself. I suspect the overwhelming majority of employees are honest but all it takes is one person hungry for some "extra money" and hundreds, possibly thousands, perhaps even hundreds of thousands, of Social Security Numbers will end up in the hands of identity thieves. Publishing or not publishing Social Security Numbers won't have much impact on would-be identity thieves who will always find a way to obtain their information.
Banning the publishing of Social Security Numbers in the SSDI won't slow the thieves down very much. Unfortunately, refusing to publish the numbers certainly will slow down the actions of law enforcement, credit card companies, credit reporting agencies, and others who have a bona fide need to immediately learn the Social Security Numbers of deceased individuals.
By stopping the publishing of Social Security Numbers, we will actually be AIDING the thieves!
Let’s think about this for a moment. Every bank and other organization that issues credit cards must take reasonable steps to prevent fraudulent use of their cards. It strikes me that one of the most important tasks is to cancel the cards of dead people. The Social Security Administration makes that task very simple by publishing a complete list of all the Americans who have recently died, complete with the perfect identification tool: their Social Security Numbers. The list is updated weekly. Yes, weekly! Any bank or credit card company that cares anything about security can easily obtain this list for a very modest fee as soon as it becomes available, then run a comparison of those numbers against the bank's customer database. Any matches should result in immediate suspension of that customer's credit card privileges. After all, that customer is dead!
Next, if anyone attempts to obtain a new credit card by using a deceased individual's Social Security Number, that application needs to be rejected immediately. How will the credit card companies be able to do this if the numbers are not available?
The process of comparing customer records against the SSDI is simple, effective, and cheap. It should be done within days... no, HOURS, of the release of each weekly update to the SSDI. MasterCard, VISA, American Express, and the others have plenty of computing power available. The task of comparing Social Security numbers from newly-released death records against their databases is simple and cheap.
In short, the Social Security Death Index is a very effective identity theft PREVENTION tool. So why aren't the credit card companies using it? In fact, most of them do use the Social Security Death Index but not all consumers, politicians, and bureaucrats know that.
All of today's credit cards are fully insured against fraud and theft. The estates of the deceased card holders and their heirs will not lose a dime although the heirs may suffer significant inconvenience. All financial losses will be borne by the banks, credit card companies, and their insurance companies. However, as with any business losses by any company, the expenses are eventually passed on to consumers in the form of higher prices for everyone.
Here is a copy-and-paste from the Social Security Administration’s web site at http://www.ntis.gov/products/ssa-dmf.aspx. I added the bold text:
"Leading government agencies, financial institutions, investigative firms, credit reporting organizations, medical researchers, and other industries use the SSA Death Master File (DMF) to verify death, as well as to prevent fraud."Here is another copy-and-paste from the same page on the Social Security Administration’s web site:
"By methodically running financial, credit, payment and other applications against the Death Master File, the financial community, insurance companies, security firms and state and local governments are better able to identify and prevent identity fraud, and identify customers who are deceased."In my opinion, any bank or credit card company that gets scammed by someone using a deceased person's Social Security Number deserves what they got. Any bank or credit card company that is too stupid or too incompetent to use an up-to-date list of Social Security Numbers of known dead people to maintain their customer databases deserves to suffer the financial consequences.
Of course, what can we expect from companies that still use one's mother's maiden name for “security purposes?” They presently use publicly-available information (birth records) improperly and then don't use other publicly-available records (the SSDI) to protect their customers' security. Dumb!
Luckily, most banks, credit card companies, and credit reporting agencies are smarter than that. Apparently, a few are not.
In short, the Social Security Numbers of deceased individuals SHOULD be published as soon as possible after death. I even suggest these numbers be easily available to the public, to honest and dishonest people alike. World-be identity thieves should be warned, "If you are stupid enough to use one of these numbers, you will be found, apprehended, and prosecuted."
Politicians and bureaucrats need to constantly demonstrate to the public what they are doing to prevent problems in order to justify their jobs. It probably makes a great press release by claiming "I have taken steps to reduce identity theft." Great press, but poor results. In many cases, the politician or bureaucrat is helping INCREASE identity theft.
I would suggest that we should not post messages asking for the removal of Social Security Numbers from the SSDI. An old fable jumps to mind: let's not throw the baby out with the bath water.
We, the genealogists who use and understand this data, should do the opposite: we should demand that the banks and credit card companies use the SSDI updates to purge credit card customer databases. In short, let's use the SSDI for what it really is: a very powerful identity theft prevention tool. Let's use common sense.
Think about it...