The thing is, up until now, there was a false sense of security that if someone didn't have your SSN, they couldn't open up financial accounts as you. And there was little being done to protect people whose SSNs are already disclosed in some way.
With such a large percentage of our social security numbers being potentially outright public, financial institutions need to stop assuming that an account holder is legitimate because they provide an SSN. And it is in their best interests to do so, since they end up on the hook in most cases for fraudulent accounts (after putting you through an awful process to prove it isn't yours).
For example, rather than letting someone sign up for an account with the SSN as a verification of identity, new credit accounts could potentially be considered probationary (or just outright not created) until a one-time code is mailed to the credit holder's established home address (based on their existing credits and payment history) as confirmation that the real person with that SSN authorizes that transaction. While such a step would not be completely impossible to defeat, it would mitigate attackers on the other side of the globe opening fraudulent accounts.
Agreed. If you used medical services in any significant way before 2010, your SS and birthdate was all over the place in insurance and medical records.
With such a large percentage of our social security numbers being potentially outright public, financial institutions need to stop assuming that an account holder is legitimate because they provide an SSN. And it is in their best interests to do so, since they end up on the hook in most cases for fraudulent accounts (after putting you through an awful process to prove it isn't yours).
For example, rather than letting someone sign up for an account with the SSN as a verification of identity, new credit accounts could potentially be considered probationary (or just outright not created) until a one-time code is mailed to the credit holder's established home address (based on their existing credits and payment history) as confirmation that the real person with that SSN authorizes that transaction. While such a step would not be completely impossible to defeat, it would mitigate attackers on the other side of the globe opening fraudulent accounts.