Computer Security and Your SSN
Thu Feb 21, 2008 11:09PM EST
See Comments (13)
A flurry of comments and emails resulted from my post earlier today about OptOutPrescreen.com, which lets you opt out of preapproved credit card offers through a simple web form. Some readers cried foul because the site requires you to enter your Social Security Number as part of the opt-out process. Are they right to balk?
First things first: OptOutPrescreen.com is a wholly legitimate service. In fact its creation was mandated by Congress in 2003 as part of the Fair and Accurate Credit Transactions Act. The law took effect in 2005, and the website (and an 800 number, as was noted by some) was created.
Since the site asks for an SSN, many observers have been worried since the beginning about its intentions. In fact, the site originally had a horribly ugly design that actually looked like a phishing scam, even though it wasn't. But the FTC itself notes that the site is 100% legitimate. (It also notes that, contrary to some commenters' rumors, opting out does not harm your credit score.)
But... about that SSN issue. Is typing your Social Security Number into a web form a good idea? In general, I agree with everyone that no, it isn't. But as with most rules, there are exceptions, and OptOutPrescreen is a good reason to make one.
Why? For the credit agencies (where your submission goes), the only truly reliable way they have to identify you is by your SSN. Names are duplicated widely (as I've experienced firsthand), and residence information often takes years to be reflected at the credit agencies. The credit agencies would not likely de-list every "John Smith" from the opted-in rosters just because one applied. If you don't provide your SSN to OptOutPrescreen (and it isn't required) and the service can't determine who you are, you simply won't be enrolled in the opt-out program. The agencies just need more to go on. And remember: The credit agencies already know your SSN; that's how they identify you in their records. (Check your credit report if you don't believe me.) Really, if you're worried about your SSN being stolen from Equifax, it's going to happen on their server which houses hundreds of millions of records, not from this web form.
But couldn't someone steal the info as you type it in here? It's highly unlikely. The site is verified and authenticated as secure from VeriSign, the industry standard in online encryption services. The web pages are also encrypted with AES 256-bit encryption, which is about as high as it gets on the web. In a nutshell: OptOutPrescreen is as secure a site as you'll find online.
Don't take my word for it. Other people have asked whether the site is a scam, and all have been satisfied that it's legit. I think everyone who's commented and written to me so far is right to be skeptical, but they're wrong to be so outright paranoid that they stubbornly refuse to take advantage of legitimate services like this that will do far more good for them than any potential risk they might undertake in typing a Social Security Number into an encrypted web form. All those unsolicited credit card offers sitting in your mailbox are a much bigger risk if you ask me.
Top 5 Posts
More About Services
Comments on Computer Security and Your SSN
Post a Comment
Join in the discussion. Here you'll see the comments in the order they were posted.
-
2 Posted by kenmaze on Thu Sep 3, 2009 4:49PM EDT Report Abuse
I don't like entering SSN anywhere if at all possible. Sometimes you just gotta, but even with secure http, if you happen to be infected with a keyboard sniffing virus, someone still has it. An alternative is available in this case, the phone - you can call 1-888-5-OPTOUT, it will do the same thing. See http://www.ftc.gov/privacy/protect.shtm
-
3 Posted by rayvr@att.net on Thu Sep 3, 2009 8:31PM EDT Report Abuse
Christofer Null, I didn't have any trouble releasing my social security number because I TRUST YOU. I have learned more from reading your articles on MY Yahoo Page than I have garnered from many other sources. You have practical information and practical tips and I appreciate what you do. If there are individuals that want to take the paranoid route, that's up to them. But to those with deep paranoia I say it's always a good idea to put the brain in gear before taking off, otherwise you are liable to just be revving your engine. It was obvious to me that the op-out site is sponsored by the credit bureaus, and that they obviously already have my social security number and that with secure sites, you have high encryption rates of transmitted data that would take a super computer to break. I didn't really expect that you would recommend a site where there was a risk of exposure.
-
4 Posted by nolo_8 on Thu Sep 3, 2009 7:40PM EDT Report Abuse
Some people just don't know much about when/where they should enter their SSn's. Do your homework before you go off ranting about how your SSN will be stolen and whatnot. This is not a scam website, even credit card companies lose laptops with thousands of SSN's, do you still cry foul over giving THEM your SSN? Geesh.
-
5 Posted by agustin2489 on Thu Sep 3, 2009 2:47PM EDT Report Abuse
AES 256-bit encryption? I'm impressed. Also, why the choice of the picture up there? I understand why it's there but heh, interesting choice.
Sponsored Links
My Tech
Please enable your browser's cookies to activate the My Tech column.
Also on Yahoo! Tech
| Computers | Home Office | Wi-Fi & Networking | Phones & PDAs | Cameras & Camcorders | TV & Home Theater | Portable Audio |
|---|---|---|---|---|---|---|
1 Posted by patsycar@sbcglobal.net on Thu Sep 3, 2009 8:01PM EDT Report Abuse
I agree. As with my bank account, my student loan account - some sites just need that SSN to identify you. I always look for the "https" at the beginning of the URL as one other way to verify the legitimacy of a site. Believe me, as another victim of ID theft, I'm as cautious as they come.