We never expect to have our identities stolen. We are careful with who we give our social security numbers to, we try to make sure the so-called ‘authorized representatives’ we are talking to are who they say they are. Most of us take every single effort to ensure that single, nine-digit number that represents who we are to the world remains secure. However, as seems to be the case in most of these breaches, the failure is not in the consumer, but in the businesses, we entrust to keep our information safe. If you are a business owner, the problem now becomes: how do you verify a person’s identity?
What’s the Damage?
The fallout from the Equifax breach that exposed the information of almost 145.5 million Americans (please note the total population of the United States is 323.1 million – these numbers include children and individuals who have never given their SSN to Equifax, so the odds you were caught up in this are probably greater than a coin flip) is already causing damage. Individuals are reporting fraudulent credit accounts being opened in their name, unauthorized mortgages, among other loans. The situation has gotten so out of control that Equifax is facing a class-action lawsuit as a consequence of the harm caused by this breach.
With SSN verification being so ubiquitous, and with nearly half the total US population being impacted, we have entered a new age of uncertainty. Businesses cannot be certain that the person they are talking to is who they say they are – even with social security numbers. Short of going to somebody’s home and checking their driver’s license, how can you verify identity?
The solution to this problem comes from an already ubiquitous number, that tends to follow people around for years, and whose ownership is tightly regulated by the government. That number is the phone number. Phone-based verification is a system that is already being used by businesses concerned with customer safety and security. The great thing about this system is that every single phone number has to be registered and ownership of that number is tracked and tied to specific devices.
What this means is that if somebody attempts to impersonate a customer but doesn’t use that customer’s phone number, the fraudster can easily be located and apprehended. If they use the customer’s phone number, they’ll be unable to verify. With the iniquitousness of smart phones, an individual’s phone number may follow them around for decades.
Phone based verification is simple: when you get a customer’s phone number you can use that to verify who the phone number is registered to. If all the information matches up, you can then send a text or other secret verification code to that phone number, and the customer repeats it back to you. Using this method, you can be assured the individual you are talking to is who they say they are because they are in possession of a device tied to their personal information.
Adapting to the Post-SSN World
It may impose a cost to adapt to the new, post-SSN world, but it is a necessary step to take. The thing to remember is that a person’s social security number was never meant to be used for identity verification. It is not exaggeration to say it is one of the most insecure identity verification methods for the very reason that it was never intended to be used that way. However, despite this, it has become standard over the years.
The best way to protect your customers in these new, uncertain times is to turn to phone-based verification software such as Cognito, or to develop your own phone-based verification system, to protect your customers from fraud.