The paper Social Security card has been a staple of American life for nearly a century, but researchers say this bedrock of federal identification is due for a digital update in the face of clever cybercriminals.
“Modernizing the [Social Security number] gives the U.S. an opportunity to fix one of the internet’s most pressing problems: authentication,” according to an October report from McAfee and the Center for Strategic and International Studies.
The report comes as cybercriminals have preyed on the nine-digit number. Anywhere between 60 to 80 percent of Social Security numbers had been reported stolen by 2015, and there have been more large-scale breaches since, according to the study.
Addressing the need to secure an identifier that was never designed to participate in digital commerce would help “to create the trusted foundation for innovation in improved authentication of identity.”
“The United States needs to move the Social Security card into the 21st century,” the report said, recommending the solution be a “smart card” that includes an embedded chip like the one now ubiquitous on credit and debit cards.
The chip would supply a proxy number, while the actual Social Security number would be encrypted in a digital “vault.” This way, if the proxy number was compromised, it wouldn’t immediately provide access to all the records tied to the SSN and a new proxy could be generated without having to assign a new SSN.
McAfee and CSIS argued that smart cards would be the best path for modernization because there is already extensive experience with using chip-and-PIN cards on a mass scale, they could be slowly introduced, and they would be easier to implement.
A digital smart card could have similar benefits as two-factor authentication or other types of biometrics that “make life harder for cybercriminals,” according to the report.