Every time you go to a new doctor or dentist and they give you a clipboard brimming with documents to fill out and sign, notice how they always ask for your Social Security number? Do you dutifully give it up? Did you ever wonder if they really need it?
I once asked a doctor why he wanted it. His response: "I don't really know. I guess it's because we've always asked for it." (In actuality, most doctors ask in case your insurance doesn't pay the entire invoice and/or to fill out a death certificate if you die. Offer a next of kin who knows the number instead, and your phone number for billing issues.)
Almost every day somebody asks for your Social Security Number and, like the Grand Marshal of a parade throwing rose petals or candy to the crowd, you probably give it up without giving it a second thought -- because that's what you've always done.
So, the next time someone asks you for your Social Security number, reflect on this: In December, the Army announced that hackers stole the Social Security numbers of 36,000 visitors to Fort Monmouth in New Jersey, including intelligence officers. Cyber activists took control of the CIA's website. The private information, including some Social Security numbers, of celebrities and political leaders including FBI Director Robert Mueller and Secretary of State Hillary Clinton were exposed.
The sensitive data of First Lady Michelle Obama, Vice President Joe Biden and Attorney General Eric Holder, recently were posted on a website for the world to see.
Hackers even listened in on a phone call in which the FBI and Scotland Yard were discussing the criminal investigation against those very same hackers!
And these incidents are only the crumbs on top of the coffee cake when you consider that hackers and thieves have improperly accessed more than 600 million consumer files since 2004.
The moral to these horror stories is that if your Social Security number is stored on any computer anywhere, hackers will find a way to access it, or a compromised or disgruntled employee may well walk out the door with it. If your doctor, gym, or child's grade school claims otherwise, that their security systems can protect your private data better than the CIA, FBI and Scotland Yard, to quote Monty Python: "Run away!"
Your identity is your biggest asset, and your Social Security number is the key to your personal kingdom. With it an identity thief can wreak havoc, hijacking your old credit accounts, establishing new ones, buying cars and houses, committing crimes, even obtaining medical products and services while pretending to be you, endangering not just your credit and your reputation, but also your life.
Consumers whose Social Security numbers are exposed in a data breach are five times more likely to become fraud victims than those who aren't, according to the latest identity fraud report by Javelin Strategy & Research.
"Just say no," should be your motto here. For better or worse, you are the gatekeeper. The person most responsible for shielding your Social Security Number is you. Therefore, your mission is to limit, as best you can, the universe of those who gain access to it.
Here's a short list of companies and organizations that have absolutely no business requesting your Social Security number:
1. Anyone who calls or sends you an official-looking email, who texts you a link to any site or designates a number to call where you are asked to confirm your SSN. If they call, check the credit or debit card that is the subject of the communication, call the customer service number listed on the back, and ask for the security department. If they email or text, do the same, or go directly to the institution's website (provided you know who they are). Make sure you type the correct URL, and make sure that the page where you are asked to enter your information is secure. Only provide personal information if you're the one who controls the interaction.
2. Public schools: Your utility bill confirms your address. Your email and phone number give them channels to contact you in an emergency. Asking for your Social Security number is overkill.
3. Little League, summer camp and the like: For the same reasons as school, a Social Security number should never be required by these groups. If they ask for your child's birth certificate, show it to them, don't leave it with them unless they can prove they will protect it. And even then, can you really believe them? If you use credit to pay for the activity, the organization may need your Social Security number. If you pay for it upfront or with a direct debit to your bank account or credit card, they don't. Period.
4. Supermarkets: A frequent shopper card is neither a loan, nor a bank account. It's merely a tool grocery stores use to track your purchases, primarily for marketing purposes. Regardless, many supermarket chains request customers' Social Security numbers on their application forms. Refuse.
5. Anybody who approaches you on the street, whether it's a cellphone company salesman offering a free T-shirt or someone running a voter registration campaign: Never, ever give your SSN. If you want an ill-fitting T-shirt festooned with corporate logos, buy one. If you want to register to vote, go to your county board of elections in person.
This is the short list. There are plenty of other organizations that should never get your Social Security number, and if you know one that I've left out, please leave it in the comments.
Don't just hand it over your Social Security number to anyone. Once you realize how often you are asked for it, you may be surprised. It happens all the time. So, the next time someone does, as they inevitably will, here's how to handle it:
1. Take a minute and think. Maybe they ask for SSNs blindly, because everyone else does, or because that's how they've always done it. Maybe they actually need it. See if their reason sounds legitimate. (Update: For example, Credit.com's Credit Report Card does ask for your SSN in order to generate your credit score and credit report summary -- an industry standard -- but the information is fully encrypted with a bank level authentication process.)
2. Negotiate. There are many different ways to identify you without a Social Security number, including your driver's license or account number. Fight to use those instead.
3. If you must share your Social Security number, do so, but make sure the people taking it down have strong security measures in place to protect it. That said, you only have their assurance and frankly, in light of the mistakes people make and the sophistication level of hackers, who really knows if they can protect it?
If all this sounds like a giant pain in the neck, you're right. It is. In the midst of our busy lives, we shouldn't be the only ones concerned with protecting our most valuable identity asset, but it is what it is. Until somebody creates a Silver Bullet for identity theft, we are forced to take matters into our own hands.
Don't be passive; ask the companies and nonprofit groups with which you do business how they plan to protect you. Do they password protect and encrypt all the personal information they collect? Do they have strict controls on who has access to computers containing your Social Security number, and do they keep this sensitive data off laptops, tablets and hard drives that are easy to steal or lose?
Like the doctor I met, many companies collect Social Security numbers they don't need because they're operating on autopilot. They've always done it, and their colleagues at other companies do it, so the practice continues and spreads on the strength of simple, dumb inertia. I believe that we are smarter than that. By demanding that companies do a better job protecting our personal information, and refusing to hand out our Social Security numbers like candy at a parade, we can force them to get smarter, too. And if they don't think we're serious about this and the government doesn't finally force them off their Social Security number addiction, it is highly likely that the ultimate regulator of the American economic system, class action attorneys, will be knocking on their doors.