If you've spent some time this week trying to figure out if you were affected by the Equifax breach, you're not alone. Roughly 143 million people's information may have been compromised. So, needless to say, concerns are pretty high across the country about someone else getting their hands on our personal information.
The holy grail of all identifiers? A Social Security number. After all, it's tied to everything we do. We don't want the wrong person getting their hands on it.
Jeffrey Omura knows that firsthand.
In 2012, he entered a nightmare. Someone used his information, including his Social Security number, to open up a Best Buy credit card and buy a TV, and he was on the hook for the funds. But he sorted it all out with Best Buy, telling them his information must have been stolen, and they cleared his name.
But that was only the beginning. Over the next few months, the thief tried to withdraw money from Omura's checking account. The thief even managed to cash a check for $2,000.
For Omura, it was like entering a game of real-life whack-a-mole. When an incident would pop up, and he'd drop what he was doing and deal with it. Each time, he'd have to explain he was the victim of identity theft. Each time, he'd be reimbursed.
"All my money’s safe," Omura remembers. "So far."
And then he got a phone call from Verizon. It said he owed them $1,400 for a new account and iPhones purchased under his name. He explained he was the victim of identity theft.
"And they said, 'Well, we can't close this account until you file a police report and send us that documentation so we know this was a crime," Omura said. "Otherwise you will be held accountable for this $1,400 charge."
|Here's what to do if your identity is stolen|
|A new form of ID theft: account takeover|
|Six expert secrets to a successful Social Security strategy|
Omura had no police report. He'd asked for one, but the police said they were obligated to first try to solve the crime.
"Seems like a pretty good policy, but in this particular situation, I didn’t need them to solve the crime," Omura said. "I really just needed the paperwork so I could fax it into Verizon, close out the account and make sure I was not liable for this $1,400 charge."
"About two months later, he finally calls me back and says, 'We’ve closed the case," Omura said. "'We have not solved the case, but here’s your police report.'"
He sent it to Verizon and he was cleared of the charge. Omura now has extra security on his bank accounts and tax returns, and there have no problems since.
All this to say: Identity theft can be a huge pain.
If all this trouble can happen if someone nabs your Social Security number, why are those nine numbers tied to so much?
"Because big, bad, and in some cases lazy businesses hijacked it," said Neal O'Farrell, head of the Identity Theft Council, a nonprofit that helps businesses and people combat identity theft.
In the absence of a national ID, the financial industry turned to Social Security numbers in the late 1970s.
"Because of its convenience and because it was really the only individual identifier, particularly in the United States, it became quickly hijacked by the financial community as a way to determine who you are," O'Farrell said. "And therefore what your credit history is like and therefore how creditworthy you are."
But these days, we have data breach after data breach, which means your Social Security number may not be so secret.
"The financial industry, particularly, has always regarded identity theft as a cost of doing business," O'Farrell said.
New technology, however, could be a game changer.
"I think the changes in the future will focus around stopping thieves using stolen information, less than stopping them from stealing it," O'Farrell said.
So, it begs the question: Is there something that could replace Social Security numbers? Could something else be our universal identifier?
"If we use a different identifier and that gets compromised, then what?," said Bryan Ichikawa, a privacy consultant who works with businesses and governments. "Have we fixed anything? I don't think so."
Instead, there's been an added focus on security. Businesses, governments and organizations are turning to a technology known as biometrics. It's using the human body, like fingerprint scans and facial recognition, rather than something like a Social Security number, to identify people.
"There's a responsibility that corporations and government agencies have in protecting personal information," Ichikawa said. "There's a layer of overhead, of cost, and that's probably the reason why that's not a ubiquitous practice."
Security experts say companies are willing to weather data breaches knowing that it will eventually pass. And that there will be another one somewhere else before too long.
"If a company has your information and they need to protect, then they need to pay for the additional infrastructure associated with that," Ichikawa said.
He points to fingerprint scanners as a viable option. He can imagine a future where a consumers and businesses share costs to implement this. A consumer pays for the physical fingerprint scanner, but the bank pays for the infrastructure to use that.
So, could we see security become a luxury item?
"I would hope not. Security and privacy are almost rights in today's world," Ichikawa said. "You cannot have to be reach afford higher levels of privacy and security."