With Social Security numbers so commonly used on insurance and health-care cards, a stolen wallet can easily lead to a much bigger headache
[ … ]
These days, Social Security numbers are gold mines for thieves, since the numbers are widely used as ID and passwords by banks, brokers, even the IRS. My sister immediately put a fraud alert on her account with the credit bureaus to prevent anyone from opening new lines of credit. But experts say she'll still have to check her accounts monthly for the next several years. And many credit companies don't always perform every check before issuing new cards. Despite the alert, if criminals do obtain a new line of credit, the onus is on her to prove it was identity theft.
LAZY AND DANGEROUS. All this hassle, fear, and financial loss because my sister was carrying her health-insurance card — as she's required to do. The incident prompted me, as well as my friends and colleagues, to open our wallets. Each of us found at least one piece of ID, and sometimes as many as three, with our Social Security numbers printed in plain sight. Health-insurance and prescription-drug cards were the worst offenders. Mandates that we carry these cards are the equivalent of forcing us to walk around with thousands of dollars in cash and jewelry.
No wonder ID theft is climbing to dizzying heights. According to a July 30 survey conducted by nonprofit Privacy & American Business, 13 million Americans have fallen victim to identity theft since January, 2001. Total out-of-pocket expenses came to $1.5 billion, or $740 per person. Of those surveyed, 16% said the cause was a lost or stolen wallet. That means if Social Security numbers weren't printed on wallet cards, at least 2.1 million Americans might have been saved the anxiety and aggravation of ID theft.
So why do health plans, among others, continue to put people at risk? “It's a lazy way for companies to assign customer ID numbers because the Social Security number is easy for people to remember,” says Beth Givens, executive director of the San Diego-based Privacy Rights Clearinghouse. “But by doing so, they are shamelessly putting people at risk.”
[ … ]
Luckily, change is afoot. In California, a law goes into effect on Jan. 1 that requires all corporations to remove Social Security numbers from ID cards. It also mandates that they be removed from correspondence and forbids companies requiring people to transmit a Social Security number over the Internet unless the connection is secure or the number is encrypted. In an effort to comply with the California law, some companies are overhauling their systems for members in all 50 states. Yet, more often than not, says Harriet Pearson, IBM's (IBM ) chief privacy officer, health insurers aren't making changes other than those that are specifically required.
BIG BLUE'S ULTIMATUM. That's why Pearson took action to protect IBM's more than 100,000 U.S. employees from ID theft. Late last year, she sent a letter to the 100-plus health plans that IBM does business with, asking them to stop using the Social Security number visibly on member cards or in correspondence. Many agreed but a few large plans declined.
So, on Jan. 21, she sent another letter to 16 health plans, warning them that if they didn't comply by January 1, 2004, IBM would no longer do business with them. “We share the concern of our employees and health-plan beneficiaries regarding the potential for identity theft resulting from the display of Social Security numbers on administrative documents such as identification cards and health care-related forms,” the letter said. “We believe that, eventually, it will become an expected practice throughout the industry to guard against inappropriate display of Social Security numbers…so it makes sense for us to move forward now.” [Privacy Digest]