Historically, Social Security numbers have served as a common way to identify individuals. The use of this form of identification is quite common among financial institutions and retailers, who asked three out of four consumers for their numbers during the last year. About one of every two consumers reported having their health care provider request that information. In other cases, employers or potential employers (44%); insurance companies (36%); government agencies other than the IRS or a state tax body (32%); college or other school (28%); service provider such as cable TV or cell phone carrier (26%); utilities (17%), and merchant or retailer (16%) requested individualsï¿¼ Social Security numbers.
Once these companies collect the ID, they are often careless with it. Consumers reported that their numbers were displayed on the Internet, in public records, on identification cards, and in the mail. Such misuses underscore the need for a new way of identifying individuals online. Rather than a Social Security number, vendors need to develop a universal identification system, such as the Liberty Allianceï¿¼s federated movement, one that all companies can access. Until that time arrives, small and medium businesses may want to rely on other identification mechanisms, such as using telephone numbers or street addresses when trying to verify their customersï¿¼ identity. Though these options are more difficult to implement and more prone to mistakes, these options will make the consumer feel more comfortable and therefore more likely to spend time and money at your Web site.
How does your company verify the identity of potential customers? How vulnerable do you think your system is? What do you view as the silver bullet for verifying online identities?