Computer Security and Your SSN
Thu Feb 21, 2008 11:09PM EST
See Comments (13)
A flurry of comments and emails resulted from my post earlier today about OptOutPrescreen.com, which lets you opt out of preapproved credit card offers through a simple web form. Some readers cried foul because the site requires you to enter your Social Security Number as part of the opt-out process. Are they right to balk?
First things first: OptOutPrescreen.com is a wholly legitimate service. In fact its creation was mandated by Congress in 2003 as part of the Fair and Accurate Credit Transactions Act. The law took effect in 2005, and the website (and an 800 number, as was noted by some) was created.
Since the site asks for an SSN, many observers have been worried since the beginning about its intentions. In fact, the site originally had a horribly ugly design that actually looked like a phishing scam, even though it wasn't. But the FTC itself notes that the site is 100% legitimate. (It also notes that, contrary to some commenters' rumors, opting out does not harm your credit score.)
But... about that SSN issue. Is typing your Social Security Number into a web form a good idea? In general, I agree with everyone that no, it isn't. But as with most rules, there are exceptions, and OptOutPrescreen is a good reason to make one.
Why? For the credit agencies (where your submission goes), the only truly reliable way they have to identify you is by your SSN. Names are duplicated widely (as I've experienced firsthand), and residence information often takes years to be reflected at the credit agencies. The credit agencies would not likely de-list every "John Smith" from the opted-in rosters just because one applied. If you don't provide your SSN to OptOutPrescreen (and it isn't required) and the service can't determine who you are, you simply won't be enrolled in the opt-out program. The agencies just need more to go on. And remember: The credit agencies already know your SSN; that's how they identify you in their records. (Check your credit report if you don't believe me.) Really, if you're worried about your SSN being stolen from Equifax, it's going to happen on their server which houses hundreds of millions of records, not from this web form.
But couldn't someone steal the info as you type it in here? It's highly unlikely. The site is verified and authenticated as secure from VeriSign, the industry standard in online encryption services. The web pages are also encrypted with AES 256-bit encryption, which is about as high as it gets on the web. In a nutshell: OptOutPrescreen is as secure a site as you'll find online.
Don't take my word for it. Other people have asked whether the site is a scam, and all have been satisfied that it's legit. I think everyone who's commented and written to me so far is right to be skeptical, but they're wrong to be so outright paranoid that they stubbornly refuse to take advantage of legitimate services like this that will do far more good for them than any potential risk they might undertake in typing a Social Security Number into an encrypted web form. All those unsolicited credit card offers sitting in your mailbox are a much bigger risk if you ask me.
Comments on Computer Security and Your SSN
Post a Comment
Join in the discussion. Here you'll see the comments in the order they were posted.
-
2 Posted by kenmaze on Thu Sep 3, 2009 4:49PM EDT Report Abuse
I don't like entering SSN anywhere if at all possible. Sometimes you just gotta, but even with secure http, if you happen to be infected with a keyboard sniffing virus, someone still has it. An alternative is available in this case, the phone - you can call 1-888-5-OPTOUT, it will do the same thing. See http://www.ftc.gov/privacy/protect.shtm
-
3 Posted by rayvr@att.net on Thu Sep 3, 2009 8:31PM EDT Report Abuse
Christofer Null, I didn't have any trouble releasing my social security number because I TRUST YOU. I have learned more from reading your articles on MY Yahoo Page than I have garnered from many other sources. You have practical information and practical tips and I appreciate what you do. If there are individuals that want to take the paranoid route, that's up to them. But to those with deep paranoia I say it's always a good idea to put the brain in gear before taking off, otherwise you are liable to just be revving your engine. It was obvious to me that the op-out site is sponsored by the credit bureaus, and that they obviously already have my social security number and that with secure sites, you have high encryption rates of transmitted data that would take a super computer to break. I didn't really expect that you would recommend a site where there was a risk of exposure.
-
4 Posted by nolo_8 on Thu Sep 3, 2009 7:40PM EDT Report Abuse
Some people just don't know much about when/where they should enter their SSn's. Do your homework before you go off ranting about how your SSN will be stolen and whatnot. This is not a scam website, even credit card companies lose laptops with thousands of SSN's, do you still cry foul over giving THEM your SSN? Geesh.
-
5 Posted by agustin2489 on Thu Sep 3, 2009 2:47PM EDT Report Abuse
AES 256-bit encryption? I'm impressed. Also, why the choice of the picture up there? I understand why it's there but heh, interesting choice.
-
6 Posted by vguptamd on Thu Sep 3, 2009 10:34PM EDT Report Abuse
Is there a way to OPT OUT via mail? So I do not have to enter my SS# online? VG
-
7 Posted by wwmyers@sbcglobal.net on Thu Sep 3, 2009 10:51PM EDT Report Abuse
It's not that I don't think it is legitimate, it's just that it doesn't work. I've used both the web page (3 times) and the 800 number (twice) over the last two years and I'm still getting pre-approved offers. Most of these offers come from companies where I am enrolled in some kind of loyalty program like banks, airlines, hotels and retailers. Do they get some sort of loophole because they didn't get my name from the credit companies in the first place?
-
8 Posted by ybotherasking on Thu Sep 3, 2009 10:55PM EDT Report Abuse
Please clarify something for me. When I visit OptOutPrescreen.com, it asks me for my name, address, SSN, date of birth, 1 litre of blood for DNA sampling, etc. (OK, I lied about the blood... it's only one syringe, not a litre.) But the point is, all of this "updated" info is presumably passed on to the credit reporting agencies like Experian, TransUnion, Equifax, and who knows who else. So exactly how does this slow down or stop unsolicited preapproved offers? According to the official OptOutPreseccen website, this service "...prevents Consumer Credit Reporting Companies from providing your credit file information for Firm (preapproved) Offers." It does nothing to stop the credit reporting agencies from supplying updated personal info about you to anyone else who asks. Or even to the companies making the "preapproved offers" if those companies call it something else. And there doesn't seem to be any penalties attached if a company continues to send out preapproved offers. Why would I want to give anyone updated info about myself and open up yet another possible avenue of exploitation? Reminds me of two out of the three biggest lies told: "This will only hurt for a second" and "I'm from the government and I'm here to help." Yeah... right.
-
9 Posted by sm4125 on Thu Sep 3, 2009 9:28PM EDT Report Abuse
When my identity was stolen the crook had one of the numbers of my SS# wrong and the credit agencies changed their records without even checking. I had credit for over 20 years and they just changed the number. The crook used a different home address and they just changed that too without confirming. When I tried to fix the problem I had to jump through hooks to prove I was the right person and that I had the right SS#. They couldn't care less if their records are correct or not. DON'T GIVE YOUR SS# TO ANYONE UNLESS YOU WANT MONTHS OF PROBLEMS AND YOUR CREDIT RUINED!!!!!!!!
-
10 Posted by jabaker7@swbell.net on Thu Sep 3, 2009 4:26PM EDT Report Abuse
I do not use my SS# for ANYTHING except at the point of a gun. However, where the payoff is so high--and stopping my name and address from appearing on pre-approved or any other credit application--I'll gladly do it. In today's world, keeping any personal information confined is your best bet. I quit using my credit card (one only)unless I have DIRECT control over it at all times.
1 Posted by patsycar@sbcglobal.net on Thu Sep 3, 2009 8:01PM EDT Report Abuse
I agree. As with my bank account, my student loan account - some sites just need that SSN to identify you. I always look for the "https" at the beginning of the URL as one other way to verify the legitimacy of a site. Believe me, as another victim of ID theft, I'm as cautious as they come.