|
Quality Control Systems Corporation
In business since 1987 – thanks to our clients, customers, friends, and families
|
Risk Management At Risk
Download our report, 
Download our report, |
Complicating the Fight Against Fraud Two new policies recently instituted by the Social Security Administration (SSA) complicate fraud detection involving the use of Social Security Numbers (SSNs). Randomized asssignment of new SSNs and the decimation of the public Death Master File put private, organizational assets at substantial, additional risk of long-term losses through identity theft. CIOs and risk managers can take immediate steps to close loopholes in identity assurance resulting from the SSA's recent decisions. These solutions will counter the increased opportunities for fraud created by the SSA's new policies. Randomized Assignment of New Social Security Numbers Under the new assignment policy for social security numbers, a large portion of all previously unassigned SSNs were made available as a pool from which to randomly assign a new number to a new applicant. As a result, it is now much harder to tell the difference between identity thieves and new, legitimate Social Security Number holders without a better SSN validation method. For risk managers and CIOs in the private sector, this means greater losses to identity fraud, unless they have deployed a validation tool with built-in, detailed, historical knowledge about SSN assignment patterns over time. The Solution Our SSN validator, SecureID™ Version 2 makes it possible to combine the SSN together with its "usage history" and the date of birth in order to minimize the negative impact that the new policy could have on fraud loss to identity theft. Users of SecureID™ can take advantage of the fact that, although a person can theoretically obtain a new social security number at any age, all of the SSNs issued before a claimed date of birth must be invalid. In addition, a claimant can't use an SSN at a point in time before the number was issued. (See Figure 1.)
Figure 1. An Example of the Relationships between Years of Issuance, The usage history of the SSN can be as simple as the answer to the question, "When did you obtain your Social Security Number?" When testing SSNs in existing records systems, the earliest date on which the SSN appears in the records can be used (for example, the date of account inception). At the very least, it is usually a simple matter to ask or otherwise determine whether the claimed number was obtained prior to June 25, 2011 when randomized assignment was adopted. Based on simulations, our analysis shows that, even in the wake of the Social Security Administration's implementation of randomized assignment, very high detection rates of invalid SSNs are achievable through 2026. We found that adding information about the year of birth and the year of SSN issuance resulted in detection rates for randomly generated false SSNs for the years 2011 through 2026 ranging from 84-66% for a cohort matching the age structure of the U.S. SSN validation for cohorts of persons in young age groups (who may be more likely than persons at the median population age to perpetrate fraud) performs even better. For example, for a cohort born in 1987, the detection rates range from 90-95%. The historical issuance data used for these simulations is based on our proprietary information extending to the beginning of the Social Security program in 1936, with annual issuance data beginning in 1952. Compared to biometric based identity checks, there is little that is technologically challenging or expensive about this SSN validation. And it can be implemented now. Individual privacy is completely protected because only validation rules - not personal information about living individuals - need be deployed to detect invalid SSNs. Eliminating Records in the Death Master File The SSA plans to eliminate more than a third of the records in the periodic additions, corrections, and deletions to the publicly available Death Master File of deceased SSN number holders, beginning on November 1, 2011. The agency will also establish a new version of the full, public DMF in which about 5 percent of the previously available records will have been removed. The coverage of the DMF and, therefore, its effectiveness as a tool in combating fraud and identity theft will be correspondingly diminished. Who benefits from the sudden change policy by the SSA? First and foremost, perpetrators of fraud and identity theft. Use of the public DMF in fraud detection will be hobbled by the creation of gaping holes in the new version, which perpetrators of fraud will surely find and exploit. Softening the Impact Enterprises depending on the Death Master File to defend their assets against identity theft should adopt SSN validation and record correction before attempting to match SSNs against the DMF. It has been our rule of thumb for over twenty years that about 4 percent of SSNs on previously unvalidated lists will fail validation. When SSNs fail validation, the numbers will also fail to match any record on the DMF, since the DMF contains only valid numbers. Improving the quality of SSN data so that no matches are attempted on the basis of invalid social security numbers counterbalances the loss of 5 percent of records from the historical version of the public Death Master File. Email our sales director, Betsy Love, at to learn more about this affordable, effective, internal enterprise solution. [Updated November 18, 2011] |
Link to:
Fraud Detection and Identify Validation Simulation Studies of Social Security Number Validation
The American Financial |
|
Copyright © Quality Control Systems Corp. All rights reserved. |