Link to QCS Corp. Home Page.
Quality Control Systems Corporation
In business since 1987 – thanks to our clients, customers, friends, and families

Risk Management At Risk

Download entire report.

Download our report,
Randomized Assignment
of Social Security Numbers
(PDF, 143K).

Download entire report.

Download our report,
The Projected Effectiveness of
Social Security Number
Validation through 2026

(PDF, 463K).

Complicating the Fight Against Fraud

Two new policies recently instituted by the Social Security Administration (SSA) complicate fraud detection involving the use of Social Security Numbers (SSNs). Randomized asssignment of new SSNs and the decimation of the public Death Master File put private, organizational assets at substantial, additional risk of long-term losses through identity theft.

CIOs and risk managers can take immediate steps to close loopholes in identity assurance resulting from the SSA's recent decisions. These solutions will counter the increased opportunities for fraud created by the SSA's new policies.

Randomized Assignment of New Social Security Numbers

Under the new assignment policy for social security numbers, a large portion of all previously unassigned SSNs were made available as a pool from which to randomly assign a new number to a new applicant. As a result, it is now much harder to tell the difference between identity thieves and new, legitimate Social Security Number holders without a better SSN validation method. For risk managers and CIOs in the private sector, this means greater losses to identity fraud, unless they have deployed a validation tool with built-in, detailed, historical knowledge about SSN assignment patterns over time.

The Solution

Our SSN validator, SecureID™ Version 2 makes it possible to combine the SSN together with its "usage history" and the date of birth in order to minimize the negative impact that the new policy could have on fraud loss to identity theft. Users of SecureID™ can take advantage of the fact that, although a person can theoretically obtain a new social security number at any age, all of the SSNs issued before a claimed date of birth must be invalid. In addition, a claimant can't use an SSN at a point in time before the number was issued. (See Figure 1.)

Figure 1. An Example of the Relationships between Years of Issuance,
Birth Dates, and Usage for All Persons Using Area and Group Number, 037-50.

The Relationships between Years of Issuance, Birth Dates, and Usage
for All Persons Using Area and Group Number, 037-50

The usage history of the SSN can be as simple as the answer to the question, "When did you obtain your Social Security Number?" When testing SSNs in existing records systems, the earliest date on which the SSN appears in the records can be used (for example, the date of account inception). At the very least, it is usually a simple matter to ask or otherwise determine whether the claimed number was obtained prior to June 25, 2011 when randomized assignment was adopted.

Based on simulations, our analysis shows that, even in the wake of the Social Security Administration's implementation of randomized assignment, very high detection rates of invalid SSNs are achievable through 2026. We found that adding information about the year of birth and the year of SSN issuance resulted in detection rates for randomly generated false SSNs for the years 2011 through 2026 ranging from 84-66% for a cohort matching the age structure of the U.S.

SSN validation for cohorts of persons in young age groups (who may be more likely than persons at the median population age to perpetrate fraud) performs even better. For example, for a cohort born in 1987, the detection rates range from 90-95%.

The historical issuance data used for these simulations is based on our proprietary information extending to the beginning of the Social Security program in 1936, with annual issuance data beginning in 1952.

Compared to biometric based identity checks, there is little that is technologically challenging or expensive about this SSN validation. And it can be implemented now. Individual privacy is completely protected because only validation rules - not personal information about living individuals - need be deployed to detect invalid SSNs.

Eliminating Records in the Death Master File

The SSA plans to eliminate more than a third of the records in the periodic additions, corrections, and deletions to the publicly available Death Master File of deceased SSN number holders, beginning on November 1, 2011. The agency will also establish a new version of the full, public DMF in which about 5 percent of the previously available records will have been removed.

The coverage of the DMF and, therefore, its effectiveness as a tool in combating fraud and identity theft will be correspondingly diminished.

Who benefits from the sudden change policy by the SSA? First and foremost, perpetrators of fraud and identity theft. Use of the public DMF in fraud detection will be hobbled by the creation of gaping holes in the new version, which perpetrators of fraud will surely find and exploit.

Softening the Impact

Enterprises depending on the Death Master File to defend their assets against identity theft should adopt SSN validation and record correction before attempting to match SSNs against the DMF.

It has been our rule of thumb for over twenty years that about 4 percent of SSNs on previously unvalidated lists will fail validation. When SSNs fail validation, the numbers will also fail to match any record on the DMF, since the DMF contains only valid numbers.

Improving the quality of SSN data so that no matches are attempted on the basis of invalid social security numbers counterbalances the loss of 5 percent of records from the historical version of the public Death Master File.

For more information, contact Randy Whitfield, 410.923.2411. Randy's email address is:

[Updated November 18, 2011]

Link to:

QCS Corp. Home Page

Customer Identification
with SecureID™

Simulation Studies of Social Security Number Validation

The American Financial
System's Identity Problem

of Social Security

The Death Master File

How to Contact Us

Terms of Use and Disclaimers     Privacy

Copyright © Quality Control Systems Corp. All rights reserved.