Robert Siciliano is a NextAdvisor.com Expert Guest Blogger
SearchSecurity .com reports that researchers at Carnegie Mellon University have developed a reliable method to predict the social security numbers using information from social networking sites, data brokers, voter registration, online white pages and social Security Master Death file publicly accessible administration.
Originally, the first three numbers on a Social Security card represented the state in which a person had initially asked their card. Numbers started in the northeast and moved westward. This meant that people from the East Coast had the lowest numbers and those of the West Coast was highest. Before 1986, people have rarely been assigned a Social Security number to 14 or so of age, since the figures have been used for income tracking purposes.
The Carnegie Mellon researchers have guessed the first five digits of a Social Security number on their first attempt 44% of people born after 1988. For those in the least populous states, research has had a 90% success rate. In less than 1,000 attempts, the researchers were able to identify a comprehensive social security number, "making SSNs like financial PINs to 3 digits." "Unless mitigating strategies are implemented, the predictability of SSNs exposes to identity theft risk on mass scales, "the researchers wrote.
While researchers work is certainly an accomplishment, the potential to predict the social security numbers is the least of our . problems social security numbers can be found in cabinets and bases unprotected file data in thousands of government offices, businesses and educational institutions networks are like candy bars -.. numbers social security can be hacked from the outside of the hard chocolate shell or soft and chewy on the inside
the problem is that our current identification system is seriously outdated and must be significantly updated. We rely on new figures as a unique identifier, the key to the kingdom, despite the fact that our social security numbers have no physical relationship to who we really are. We begin to solve this problem when we integrate multiple authentication levels in our identification process.
The true and complete the authentication process begins with "identity test." Identity Proofing is a solution that starts to identify, authenticate and authorize. Consumers, merchants, content with the government not require authentication. We need a solution that links all three of these components together.
Jeff Maynard, President and Chief Executive biometric Signature ID, provides a simple answer to a complex question into four parts:
Identifier - a user must be identified in relation to others in a database We refer to this as a reference identity a unique PIN.. , password or user name is created and associated with your password or profile
Authenticate -. the authentication is different from the identity verification L '. authentication is the ability to verify the identity of an individual based in particular on their unique characteristics. This is known as a positive identifier and is only possible when using biometric data. A biometric can be either static or dynamic (behavioral). A biometric is static anatomical or physiological, such as a face, a fingerprint or DNA. Dynamic Biometric is behavioral, as a gesture of signature, voice, or maybe the approach. This explains why, when authentication solutions integrate multiple factors, at least two of the following identifiers are required: something you have as a token or card, something you are , which means a biometric identification, and something you know , which means a pin or password.
Check - Verification is used when the identity of a person can not be definitively established. These technologies provide real assessment of the period of the validity of a claimed identity. When we can not know who the individual is, we also get close as possible to verify their identity asserted. PINS, passwords, tokens, cards, IP addresses, data on trends and behavior-based credit cards are often used for verification. These generally fall in the area of something you have or something you know .
Authorizes - Once the user has completed the identification test and authenticated their identity, they can make a purchase or have another approved share. Traders would like the signature of a client authenticated to indicate its approval of a credit card charge. This is the authorization.
Effective identification results in accountability. It is achieved in small segments of government and in the corporate world, but not always. Unfortunately, we are years away from any authentication.
In the meantime, we need to make unnecessary data to the robber. If a social security number can not be used to open a new credit account, we have solved part of the problem of identity theft. This can be done by investing in identity theft protection or fixing a credit freeze.
Robert Siciliano, identity theft speaker, discusses identity theft.
Robert Siciliano is CEO of IDTheftSecurity.com, an expert on identity theft, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 and start-up companies as a consultant on product launches, branding, messaging, representation, SEO and media. the thoughts and advice of Siciliano on all these issues often appear in both television and print media news, including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of safety training as a member of the American Society for Industrial Security. He is the author of two books, including The Safety Minute: Living on high alert; How to take control of your personal safety and to prevent fraud . He also established a partnership with Uni-Ball to help raise awareness of the growing threat of identity theft and provide tips on how you can protect yourself.