Re: [Dataloss] How not to address child ID theft

["Al" <macwheel99 () wowway com>]

A problem with your proposed solution, is a person with a ruined credit
rating does not know it.  Applications for college, for scholarships, for
other activities might be refused, because of this info before adult turns
18. At what age does Alice get driver's license, apply for auto insurance,
pay extra high premiums because of ruined credit, maybe not even get to
first base?

Suppose we modify the ITRC proposal to NOT issue any list of SSN's but to
have a list of SSM's for SSA usage of those issued at birth, but not yet
eligible for credit.  That way we avoid abuse by crooks working at the
credit agencies, and limit the places that can be breached to just SSA.

A creditor contacts SSA to find out if SSN is valid.  TILT ... there needs
to be a police investigation of whoever is trying to use it.  Don't wait
until Alice turns 18, and maybe statute of traceable records run out on the
crook.

An employer contacts SSA to find out if SSN is valid to hire a person.
Employers do not get lists from SSA.  SSA gets lists from employers.

-
Al Mac
-----Original Message-----
From: dataloss-bounces () datalossdb org
[mailto:dataloss-bounces () datalossdb org] On Behalf Of Jake Kouns
Sent: Thursday, August 19, 2010 10:57 PM
To: dataloss-discuss () datalossdb org; dataloss () datalossdb org
Subject: [Dataloss] How not to address child ID theft

http://emergentchaos.com/archives/2010/08/how-not-to-address-child-id-theft.
html

August 13th, 2010 by adam
(San Diego, CA) Since the 1980?s, children in the US have been issued
Social Security numbers (SSN) at birth. However, by law, they cannot
be offered credit until they reach the age of 18. A child?s SSN is
therefore dormant for credit purposes for 18 years. Opportunists have
found novel ways to abuse these "dormant" numbers. Unfortunately,
credit issuers do not currently have the ability to verify if a SSN
belongs to an adult or a minor. If they knew that the SSN presented
belonged to a minor they would automatically deny opening a credit
account.

Years ago, the Identity Theft Resource Center envisioned a simple
solution to this problem. It is called the Minors 17-10 Database and
ITRC has been talking with various government entities and legislators
about this concept since July 2005. (.)

The creation of a Minors 17-10 Database would provide credit issuers
the tool to verify if the SSN provided belongs to a child. This
proposed SSA record file would selectively extract the name, month of
birth, year of birth, and SSN of every minor from birth to the age of
17 years and 10 months. This record file, maintained by SSA, would be
provided monthly to approved credit reporting agencies. When a credit
issuer calls about the creditworthiness of a SSN, if
the number is on the Minors 17-10 Database, they would be told that
the SSN belongs to a minor.

That's from a press release mailed out by the normally very good
Identity Theft Resource Center. Unfortunately, this idea is totally
and subtly broken.

Today, the credit agencies don't get lists from the SSA. This is a
good thing. There's no authorization under law for them to do so. The
fact that they've created an externality on young people is no reason
to revise that law. The right fix is for them to fix their systems.

The right fix is for credit bureaus to delete any credit history from
before someone turns 18. Birth dates could be confirmed by a drivers
license, passport or birth certificate.

Here's how it would work:

Alice turns 18.
Alice applies for credit and discovers she has a credit history
Alice calls the big three credit agencies and gets a runaround
explains she's just turned 18, and apparently has credit from when she
was 13.
The credit agency asks for documents, just like they do today (see
"when do I need to provide supporting docs")
The credit agency looks at the birthday they've been provided, and
substracts 18 years from the year field.
The credit agency removes the record from the report

It's easy, and doesn't require anything but a change in process by the
credit bureaus. No wonder they haven't done it, when they can convince
privacy advocates that they should get lists of SSN/name/dob tuples
from Uncle Sam.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 9.0.851 / Virus Database: 271.1.1/3084 - Release Date: 08/20/10
13:35:00

_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php