Although we call it identity theft, most of it is actually identity give away. In order for companies to lose your personal information, you almost always have to give it to them first.
Let’s talk about your Social Security number, for example. When it was issued to workers starting in 1935, it was solely for the Social Security Administration to account for federal retirement payments and benefits.
Congress passed the law on the expressed condition that this number would never be used as a national identification number which, of course, is exactly what it has become. I did not get a Social Security number until I was 14, for my first summer job as a bus boy at the Top of the Town Restaurant in Gatlinburg. Now every newborn is issued their number many years before they will need it for a job. There are four-year-olds who own condos, cars and boats and know nothing about it. High school students are filing bankruptcy because their college financial application revealed unpaid debts in their name, debts they knew nothing about.
How do thieves get this information? We give it to them. Creating an identity used to takes hours down in the public library’s microfiche section. Today the wedding announcement and birth date are all together on Facebook. With just a few clicks and a little reading, a crook can get all the information needed to obtain a child’s Social Security number and enough other information to create a new synthetic identity. Then they go on a shopping spree. They didn’t need to hack an account for it. We gave it away.
Last week I changed insurance companies. During the application process the agent asked me for my Social Security number. I said, “I’m sorry, but I don’t give that out without a good reason.” She said, “It’s required.” I asked, “Do you know why it is required?” This stumped her for a moment and her curiosity was piqued. Then she said, “Okay, let’s see if I can write the policy without it.” And sure enough, she could.
Several years ago I had a much more involved series of conversations with Blue Cross Blue Shield. My medical ID card had my Social Security number plastered right on the front visible to everyone. I called the company and asked to assign me another number. After several supervisor escalations and transfers to various departments all saying this was “required and could not be changed,” I finally got to the accounting department, where a very nice man said, “Oh sure, that’s no problem. What number would you like?”
My mother just bought a house. I took her to the water department to get her water turned on. The first question they asked her was, “What is your Social Security number?” I was thinking, why does a water department need a Federal Tax Identification Number?
Carolyn Colvin, Commissioner of the Social Security Administration has commented that she is asked for her Social Security number in places where she knows she is not required to give it.
Start asking why before you give away your personal information. If you don’t hear a good reason simply say, “No.” If they say it is required, look them straight in the eye and say, “I don’t remember my Social Security number, driver’s license number, etc.” You will be surprised how many people will shrug and go on with the conversation.
Is there a down side to this kind of self defense? Yes. It is inconvenient to educate others about your rights. It is time consuming and it may mean that you will not get the product or service you want.
Will it protect you from the Dairy Queen chain losing all your credit card numbers to hackers? No. But it is your first step to reducing your attack surface area and getting some control over how many places can lose your identity.
Think about all the places that have your personal information, especially your former dentist, doctor, chiropractor, bank, employers, insurance agents, accountants, etc. Stop and ask to see your file. Remove any personal information they do not absolutely need. The fewer places that have it, the fewer places can lose it.