Industry

Social Security number (SSN) verification: What it is and why it matters

Learn about common types of SSN verification — plus the potential shortcomings of relying solely on a person’s SSN for verification purposes.

Image of a ssn card
Last updated:
2/20/2024
Read time:
Share this post
Copied
Table of contents
⚡ Key takeaways
  • SSN verification is important because bad actors often use stolen SSNs to establish fake identities and open fraudulent bank accounts to launder money, evade taxes, and engage in other nefarious activities.
  • Businesses can verify a person’s Social Security number by checking against various authoritative data sources, using eCBSV validation, or verifying documents that contain the individual's SSN.
  • As SSNs weren't designed to act as universal identification numbers, SSN verification should be just one part of your identity verification process.

Social Security numbers (SSNs) were originally designed to track a person’s work history in order to calculate Social Security payments and other governmental benefits. Today, most people consider their SSN to be the single most intimate piece of information tied to their identity. 

Assigned at birth, or granted during the immigration process, SSNs are as close to a universal numerical identifier as there has ever been in the United States. This universality, and the fact that each number attempts to be unique, has made them valuable for a number of other purposes outside of their original intended use. 

One such use is KYC.

Financial institutions are required to collect a person’s SSN during account opening, as a part of their anti-money laundering (AML) and Know Your Customer (KYC) process. 

But how do these organizations know whether or not an SSN provided by an individual truly belongs to them? 

Below, we begin to answer this question. We define Social Security number verification and take a look at the different types of SSN verification that are commonly used today. We also take a brief look at the history of the SSN and discuss the potential shortcomings of relying solely on a person’s SSN for verification purposes. 

What is Social Security number verification?

Social Security number verification is the process of verifying whether or not an SSN provided by an individual for identity verification purposes is, in fact, their number. 

Typically, SSN verification is achieved by cross-checking the Social Security number and other information provided by the individual (such as their name and date of birth) against authoritative data sources. 

Why is this necessary? Because fraudsters and other bad actors often use stolen SSNs to establish fake identities and open fraudulent bank accounts in order to launder money, evade taxes, and engage in other nefarious activities. Social Security number verification can, then, be a highly effective means of identifying and mitigating cases of tax evasion, money laundering, terrorist financing, and more. 

Additionally, there has been a significant rise in the creation of synthetic identities in authoritative databases that leverage the fact that not all institutions perform direct SSN validation. 

Social Security number verification and AML

When a person opens an account with a bank or other financial institution, the organization is required by law to have a customer identification program (CIP) in place to prevent money laundering. Specifically, banks are required to collect and verify a person’s SSN, along with other information such as their name, address, and date of birth.

Social Security number verification, then, plays an important role in the AML and KYC process.

Types of Social Security number verification

Businesses can verify a person’s Social Security in a number of different ways. Three of the most common methods of SSN verification are: 

  • Authoritative database verification
  • eCBSV validation
  • Document verification

1. Authoritative database verification

In the US, the de-facto standard for identity verification is to check against various authoritative data sources. 

An authoritative database is exactly what it sounds like: a trusted database that houses information (in this case, about a person’s identity), which can be queried in order to perform identity verification. Typically, this is done by comparing the information provided by an individual — such as their name, date of birth, and, yes, SSN — against the information stored within the database.

There are many authoritative, Customer Identification Program (CIP)-grade data sources that you can turn to for this purpose, including:

  • The major credit bureaus (TransUnion, Experian, Equifax)
  • Financial institutions 
  • Other data aggregators

2. eCBSV validation

Electronic Consent-Based Social Security Number Verification (eCBSV) is an SSN verification system that checks against its issuing datasource. Note that eCBSV only validates components of an SSN and is not intended to be used as an identity verification system.  

It works by comparing the information provided by an individual against official Social Security Administration records. In this way, it’s a form of issuing database verification. eCBSV validations can be very effective against synthetic identity fraud, in which a bad actor pairs stolen information (such as an SSN) with fake information (such as birthdate or name) or creates a fictitious SSN entirely. 

eCBSV is currently only available to financial institutions, such as banks and lenders. Other types of businesses are not currently allowed to use the eCBSV system for SSN verification.

It’s also important to note that the results of a scan are returned on a pass/fail basis to protect the individual’s identity. This means that you won’t know which piece of information led to the scan failing, which can make it more difficult to rule out potential false positives with follow-up.

Because this is a consent-based validation service, organizations also need to keep in mind that strict consent language must be presented to an end-user and that the consent must be tracked for compliance purposes.

Free white paper
See how experts evaluate verification solutions

The problem with relying on SSNs for identity verification

As mentioned above, SSNs are very commonly collected and verified as a part of the broader IDV process. But the fact remains that they weren’t designed to act as universal identification numbers. As such, things can become messy when you try to rely solely on SSN verification when verifying a person’s identity. 

For example, while SSNs are essentially universal among American citizens, not every person living in the United States will have one. This may include undocumented aliens as well as nonresident and resident aliens who are ineligible for an SSN and who may only have an Individual Taxpayer Identification Number (ITIN) — or no TIN at all. 

It’s also important to note that the logic behind how SSNs are assigned is not particularly complex or secure. Given enough information about when and where a person was born, it’s possible for a bad actor to reverse engineer likely SSNs within a usable margin of error. In fact, in 2009, professors at Carnegie Mellon University were able to design an algorithm that could predict a person’s SSN within a 10 percent margin of error.

Just one piece of the puzzle

Despite the shortcomings discussed above, Social Security number verification as a part of the broader KYC toolkit isn’t going away. On the one hand, some businesses, like financial institutions, are required to collect a person’s SSN (or other TIN) during the account opening process. On the other, it is, as of right now, the closest thing to a comprehensive national identifier that the United States has.

But there are steps you can take to improve your KYC processes when they include SSN verification. 

First, when you require an SSN for KYC purposes, it’s important to instill trust in the individual so that they will feel comfortable sharing this sensitive piece of information with you. You can achieve this by explaining why you need the information and how the transmission will be encrypted and stored to protect the individual’s privacy. A short, simple, on-screen message can go far in assuaging a user’s concerns.

Beyond this, it’s important to recognize that SSN verification should be just one piece — one layer — of your broader KYC processes. By pairing it with other forms of verification, such as government ID verification, document verification, selfie verification, database verification, etc., it becomes much more difficult for bad actors to slip through the cracks using stolen or fraudulent information. 

Here at Persona, we understand the need for a comprehensive, holistic approach to identity verification. We also understand that the processes that work for one business may not work for all businesses. That’s why offer a variety of verification options, from document verification to database verifications and more. We’ve also developed our Verifications solution with extreme customizability in mind. You have complete control over what information you collect, what verification methods you leverage, and how much automation you wish to deploy. 

When it comes to SSN verification specifically, our platform gives you the power to find your perfect balance between conversion and fraud. For example, you might choose to:

  • Perform an eCBSV validation for all transactions in order to better detect synthetic identities that might have been missed if you’d just relied on an authoritative database scan. This would offer you the greatest level of fraud protection but would come with higher costs and a greater potential for false rejections depending on match rules.
  • Perform an eCBSV validation only for transactions deemed to carry high risk. In this scenario, your default verification flow would not include an eCBSV scan. Instead, eCBSV validation would be triggered when a risky signal is detected. This can help you limit costs associated with eCBSV validation while still increasing the likelihood that you will catch synthetic identities.
  • Perform an eCBSV validation only when an identity cannot be validated in other ways. In this scenario, your default verification flow would not include an eCBSV scan. It would only trigger when an identity cannot be verified through any other means (for example, for individuals with a thin or non-existent credit file). This would lead to the greatest cost savings, but could potentially lead to cases of missed synthetic identity fraud.

Interested in learning more? Start for free or get a demo today.

Published on:
3/24/2023

Frequently asked questions

How can businesses verify a person’s Social Security number?

Generally speaking, businesses can verify an SSN in one of three main ways:

  • Document verification: This involves collecting a trusted document, such as a Social Security card or tax document, that contains a person’s name and SSN, amongst other information.
  • eCBSV validation: The eCBSV is a Social Security number verification service operated by the Social Security Administration. An eCBSV check makes it possible for financial institutions to verify whether or not a person’s SSN, name, and date of birth match Social Security records. 
  • Authoritative database verification: In addition to the eCBSV, there are a number of other US-based authoritative CIP-grade data sources that can be used to verify whether an SSN (and other information provided by a person) matches records. 

Who can perform eCBSV validation checks?

While eCBSV validation can be highly effective, it is currently only available to financial institutions as defined by the Gramm-Leach-Bliley Act. The act broadly defines a financial institution as a company that is significantly engaged in providing financial products or services to consumers. eCBSV cannot be used for identity verification.

This list includes banks, lenders, debt collectors, tax preparers, and certain investment/financial advisors, amongst others.

What’s the difference between an SSN trace and SSN verification?

A Social Security number trace can be thought of as something like a background check for an SSN. Performing an SSN trace will provide you with information related to a particular SSN, such as the names and addresses associated with the number, as well as the year and state in which the number was issued.

An SSN trace can be a quick way of determining whether an SSN is valid or not. It cannot, however, determine whether or not an SSN actually belongs to the individual who provided it to you. 

Social Security number verification, on the other hand, is designed to be more comprehensive than a trace. With this in mind, SSN verification can be used for ito determine if an SSN is associated with a specific name, whereas an SSN trace cannot.

Continue reading

Continue reading

Minimizing referral fraud while growing your online marketplace
Minimizing referral fraud while growing your online marketplace
Industry

Minimizing referral fraud while growing your online marketplace

Learn about common referral fraud schemes and how they can impact your marketplace. Discover strategies for protecting your buyers, sellers, and business.

From fraud to fairness: Leveraging KYC and age verification for online gaming
From fraud to fairness: Leveraging KYC and age verification for online gaming
Industry

From fraud to fairness: Leveraging KYC and age verification for online gaming

KYC can help keep online gamers of all ages safe and reduce fraud. Learn how KYC and age verification can benefit your gaming platform.

How to fight ID fraud in a world of generative AI
How to fight ID fraud in a world of generative AI
Industry

How to fight ID fraud in a world of generative AI

Learn how generative AI is changing the game when it comes to fake IDs and what you should be mindful of when enhancing your fraud strategy.

Document verification: Understanding the whole process
Industry

Document verification: Understanding the whole process

See how document verification works and how it can benefit your business.

What are issuing database verifications?
Industry

What are issuing database verifications?

Issuing database verifications are one of the best ways to reduce fraud in your business. Learn more.

What is identity verification (IDV)?
Industry

What is identity verification (IDV)?

Learn what IDV is, explore how it works, and take a look at the different types of identity verification you may choose to leverage in your business.

Ready to get started?

Get in touch or start exploring Persona today.