Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/11/2007
05:38 PM
50%
50%

Do Not Ask Your Customers for Their Social Security Numbers

Do you want to make potential and existing customers feel secure? If so, one item that you need to avoid is asking them for their social security numbers. A poll by Consumer Reports National Research found that close to nine of every ten Americans want state and federal lawmakers to pass laws restricting the use of Social Security numbers. So if you want consumers coming back and ordering products

Do you want to make potential and existing customers feel secure? If so, one item that you need to avoid is asking them for their social security numbers. A poll by Consumer Reports National Research found that close to nine of every ten Americans want state and federal lawmakers to pass laws restricting the use of Social Security numbers. So if you want consumers coming back and ordering products from your Web site, you can ask them for many things, just not their Social Security numbers.Consumers are leery of handing over their Social Security numbers because they may fall victim to identity theft. Unfortunately, that crime has become more common recently: Consumer Reports estimated that there were 10 million cases of identity theft in the US last year. This phenomenon stands in juxtaposition to the growth of ecommerce. Once someone logs onto a small or medium business Web site, the company needs to verify the persons identity somehow.

Historically, Social Security numbers have served as a common way to identify individuals. The use of this form of identification is quite common among financial institutions and retailers, who asked three out of four consumers for their numbers during the last year. About one of every two consumers reported having their health care provider request that information. In other cases, employers or potential employers (44%); insurance companies (36%); government agencies other than the IRS or a state tax body (32%); college or other school (28%); service provider such as cable TV or cell phone carrier (26%); utilities (17%), and merchant or retailer (16%) requested individuals Social Security numbers.

Once these companies collect the ID, they are often careless with it. Consumers reported that their numbers were displayed on the Internet, in public records, on identification cards, and in the mail. Such misuses underscore the need for a new way of identifying individuals online. Rather than a Social Security number, vendors need to develop a universal identification system, such as the Liberty Alliances federated movement, one that all companies can access. Until that time arrives, small and medium businesses may want to rely on other identification mechanisms, such as using telephone numbers or street addresses when trying to verify their customers identity. Though these options are more difficult to implement and more prone to mistakes, these options will make the consumer feel more comfortable and therefore more likely to spend time and money at your Web site.

How does your company verify the identity of potential customers? How vulnerable do you think your system is? What do you view as the silver bullet for verifying online identities?

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17475
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVE-2020-0255
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-14353
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-17464
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-17473
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.