| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 602.1 | Offer an alternative | SAINT::STCLAIR | | Tue Sep 15 1992 13:18 | 12 |
|
The teller has your SS number ('cause banks need it for IRS). They are asking
you to give it to them to compare to the information on the screen. But
in keeping with the privacy issue why not explain your reticence (sp?) and
ask them for some other question you would be willing to answer. They
use my mothers maiden name in some places for example when challenged.
As a side light the Emerson Hospital here in Concord wanted it. I said no
they said the insurance (John Hancock) required it. I check JH said no
I went back and they gave me a new number that we made up.
/doug
|
| 602.2 | SS number IS NOT I SAY IS NOT an identifier | SMAUG::GARROD | Floating on a wooden DECk chair | Tue Sep 15 1992 13:41 | 17 |
| Re .0
This is a pet peeve of mine as well. I categorically refuse to give out
my SS number unless I'm legally obligated to.
For reasons why take a look at a recent note I entered in DIGITAL.NOTE
whereby if you know somebody's social security number and a few other
things (that are dead easy to find out) you can find out how much they
earn.
I'll have to try this DCU line. If I get asked for my SS number I
intend to issue an official complaint to DCU.
Re .1. Yes i too went through the same crap with an HMO. I finally
managed to get a special id number.
Dave
|
| 602.3 | | PATE::MACNEAL | ruck `n' roll | Tue Sep 15 1992 14:49 | 5 |
| Whose privacy is being violated by a request for an SSN when the teller
already has it on a screen in front of them? Because the SSN is used
by the IRS, banks and credit unions need to have that information.
Would you rather the phone teller just took your word that you are you?
|
| 602.4 | No trust me | CSC32::K_KINNEY | | Tue Sep 15 1992 15:03 | 6 |
|
No, I would not rather the phone teller just "trust me".
I didn't have any problems with giving my hire date.
I do have major problems giving my social security number.
|
| 602.5 | my thought on this is... | LEDS::SIMARD | just in time..... | Tue Sep 15 1992 15:27 | 13 |
| I have problems giving my SS # to people who want to write it on checks
that I am using for payments but not with the credit union who has to
have it to process my IRS statements or that I already know has it on
the screen in front of them. I figure since I am the one instigating the
phone call it's ok.
One time I had given it to DCU over the phone and they found they had
an error in their system on the number. Of course it was corrected
immediately.
|
| 602.6 | | WLDBIL::KILGORE | Bill -- 227-4319 | Tue Sep 15 1992 15:30 | 14 |
|
I think we should all try to differentiate between those cases where
people who don't have or need you SS number are asking for it, and
cases where people who already have it are using it to confirm your
ID.
As pointed out, by law banks need and have your SS number. In fact, if
you guard this number as carefully as you should, it is probably the
best information they have on hand to verify that you are you. Hire
dates are trivial to obtain.
This situation is a far cry from, for example, a store using your SS
number for further ID on a check.
|
| 602.7 | | ALPH1::BISSELL | | Tue Sep 15 1992 15:38 | 4 |
| How would the DCU have access to your hire date ?
Unless of course someone in Digital gave them access to the personnel master
file and what relation does hire date have to people who derive membership
rights from a Digital employee ?
|
| 602.8 | They asked... | QUINCE::MADDEN | Pat Madden | Tue Sep 15 1992 15:42 | 1 |
| DCU asked me for my hire date when I opened my account.
|
| 602.9 | | PATE::MACNEAL | ruck `n' roll | Tue Sep 15 1992 16:21 | 3 |
| 602.10 | The key point to all this | ERLANG::MILLEVILLE | | Tue Sep 15 1992 16:27 | 7 |
| The key point in all this is the DCU teller ALREADY HAS the (supposedly) cor-
rect SS # on the screen. So you are NOT giving out information they don't
already know.
Those of you who are concerned about this need only worry when the person who
says they need to know the number DON'T ALREADY have it, or you have strong
reason to believe they don't.
|
| 602.11 | What is the policy? | CSC32::K_KINNEY | | Tue Sep 15 1992 17:27 | 7 |
|
It may be so that the teller already has it. I guess
the original question is, if I (for whatever reason)
do not choose to permit this to be used for identification,
do I still get the transaction made or not?
|
| 602.12 | | PATE::MACNEAL | ruck `n' roll | Tue Sep 15 1992 17:41 | 13 |
| 602.13 | question authority | XLIB::SCHAFER | Mark Schafer, ISV Tech. Support | Tue Sep 15 1992 18:48 | 4 |
| For TAX PURPOSES, yes, they have the info. The point that is being
made is that they are using it for purposes that are not intended.
Is that ethical? NO!, but it is so effective that businesses will
continue to use it as long as we let them get away with it.
|
| 602.14 | What IS the policy? | CSC32::K_KINNEY | | Tue Sep 15 1992 19:19 | 8 |
|
referencing .12
Are you then in a position of authority with the DCU
such that you are stating DCU policy? Meaning, no ident
via ssn, no transaction?
|
| 602.15 | | PATE::MACNEAL | ruck `n' roll | Tue Sep 15 1992 19:20 | 6 |
| 602.16 | | PATE::MACNEAL | ruck `n' roll | Tue Sep 15 1992 19:22 | 8 |
| 602.17 | Still looking for the answer | CSC32::K_KINNEY | | Tue Sep 15 1992 19:28 | 16 |
|
Allow me to quote what it says at the bottom of my
Social Security card:
FOR SOCIAL SECURITY AND TAX PURPOSES-NOT FOR IDENTIFICATION
I do not use this number to identify myself to the automatic
teller. I categorically refuse to fill that number in on forms
that have nothing to do with taxes. I realize the credit union
has the number for tax purposes. I have no disagreement with their
use of this number for tax purposes.
Still looking for policy on this. Can a phone transaction be
done without using the SSN as identification? Guess I am just
going to have to test it. Hope the teller knows.
|
| 602.18 | SSN is *NOT* needed | CSC32::K_KINNEY | | Tue Sep 15 1992 19:35 | 8 |
|
Ok, end of question. I just phoned the 800 number
to do some transactions and after informing the
teller I didn't care to ident using my SSN, I was
asked for my address and date of hire. Those are
no problem (to me anyway).
|
| 602.19 | Yes, it's unethical, and illegal | FDCV14::DOTEN | stay hungry | Tue Sep 15 1992 19:36 | 27 |
| 602.20 | | 11SRUS::MARK | Waltzing with Bears | Tue Sep 15 1992 20:52 | 12 |
| 602.21 | ssan is not unique for all | RANGER::BRADLEY | Chuck Bradley | Tue Sep 15 1992 21:47 | 10 |
| for those of you who do not mind your ssan being used as an idenfifier,
be warned that it is not an effective identifier. in a prior life i was
an applications programmer for a mid-sized oil company. we had a string
of programs we had to run at least once per year to change social security
numbers that were discovered to be duplicates. occasionally, an employee
used the wrong number, or a clerk made a mistake in transcription,
but the most common cause was the social security administration had
issued the same number to more than one person.
we encountered about three or four cases per year for about 20,000 employees,
if memory serves me right. this was in 1960-62.
|
| 602.22 | ID vs. verifying ID | ERLANG::MILLEVILLE | | Wed Sep 16 1992 11:17 | 10 |
| .17> Allow me to quote what it says at the bottom of my
.17> Social Security card:
.17> FOR SOCIAL SECURITY AND TAX PURPOSES-NOT FOR IDENTIFICATION
Question - are 'identification' and 'verification OF identification'
the same thing? My impression is they are not. The first case, the
person being presented with your SS # doesn't know the #. The second,
they do. If this assumption is correct, then the statement on your SS
card does not apply to merely VERIFYING your identity.
|
| 602.23 | Authentication <> Identification | NAC::KINDEL | Bill Kindel @ LKG1 | Wed Sep 16 1992 14:20 | 26 |
| 602.24 | Very slight semantics | FDCV14::DOTEN | stay hungry | Wed Sep 16 1992 14:38 | 8 |
| Yes, it's bogus to think that only you know your SSN. Especially when
every DEFCU teller has the information at their finger tips! :-)
Seems to me that the statment on the SSN card saying "not for
identification" includes not for verification purposes. What else would
it mean?
-Glenn-
|
| 602.25 | Who could change the process? | CSC32::K_KINNEY | | Wed Sep 16 1992 15:03 | 4 |
|
So, how to register a formal objection with DCU?
|
| 602.26 | | PATE::MACNEAL | ruck `n' roll | Wed Sep 16 1992 15:34 | 13 |
| 602.27 | Sensitive info should be treated as such | FDCV14::DOTEN | stay hungry | Wed Sep 16 1992 15:51 | 13 |
| "Verification purposes" means to me identifying who you are.
Perhaps unethical is not the word. My point is that the SSN should be
"secret"; no one should know it unless they have an absolutely
essential reason for knowing it. DEFCU tellers do not have a reason to
know your SSN, and their job should not require them to have access to
the information.
The unethical part comes in when a teller decides to use your SSN in a
bad way. If they don't have access to the information then we don't
have to worry about that, do we?
-Glenn-
|
| 602.28 | | CVG::THOMPSON | Radical Centralist | Wed Sep 16 1992 16:37 | 7 |
| > So, how to register a formal objection with DCU?
I'd send a letter to the President of the DCU. He's in charge of
operations. I might CC the BoD but that is optional as it's not
really a policy issue so much as operational.
Alfred
|
| 602.29 | thanks | CSC32::K_KINNEY | | Wed Sep 16 1992 17:25 | 8 |
|
re: .28
Thank you. Figured it was an OPS issue. Wasn't sure whether
just to get the name/address of the operations mgr or if
there was some other person to ship it to.
|
| 602.30 | Another tack | NAC::KINDEL | Bill Kindel @ LKG1 | Wed Sep 16 1992 18:10 | 9 |
| Re .25:
> So, how to register a formal objection with DCU?
I think it would be more to the point to convince DCU that the SSAN
isn't secret enough to prevent merchants and such from calling up and
impersonating you to make telephone transactions or obtain balances.
If they start seeing $$$ at the prospect of absorbing any losses due to
such fraud, they're more likely to respond.
|
| 602.31 | loss of privacy and security | RGB::SEILER | Larry Seiler | Wed Sep 16 1992 19:03 | 35 |
| This is one example of a (regretably) much more general problem: numbers
that are fairly widely available and that can be used to impersonate people
or find out private information about them. For example:
SS number: it's all you need to get someone's credit record etc.
It is printed on most driver's licenses in Massachusetts.
Digital badge number: this is used to validate all sorts of
things, including requests for changes to ELF. It's
printed on a card we're all supposed to wear publicly.
Credit Card number: Given the number, your name and a credit slip
anyone can make charges against your account. The number
is very hard to keep private. At least in this case the
law makes the credit company liable for any fraud --
provided that you notice it in time!
Now, some would argue that since there are lots of examples of problems
with the way ID numbers are used, it therefore doesn't matter what is done
with social security numbers. I take the opposite tack: try to solve the
problem in each case where it occurs. There are two types of solutions:
Don't let the number be used for authentication. E.g., how'd you
feel if everyone's computer passwords were changed to their badge
numbers? It's obvious this isn't much security. Using SS numbers
to validate banking-by-phone transactions is safer, but not enough.
Require that the number be kept more private. E.g., the tellers
need to see our account balances to do their jobs. But they don't
need to see our SS numbers to do their jobs -- so object to their
having access to that information.
Enjoy,
Larry
|
| 602.32 | | FDCV14::DOTEN | stay hungry | Wed Sep 16 1992 19:58 | 13 |
| > SS number: it's all you need to get someone's credit record etc.
> It is printed on most driver's licenses in Massachusetts.
Unless something has changed in the last 8 years all Mass drivers
licenses have the SSN on them since the drivers license number *is*
the SSN. I'd like to see someone try and get Mass to change that!
I like how it is up here in NH - when your license comes up for renewal
you check a box indicating if you want your SSN on the license or not.
The drivers license number is a whole different number. Of course, my
SSN field is blank on my drivers license.
-Glenn-
|
| 602.33 | re:.32 | SCHOOL::RIEU | Read his lips...Know new taxes | Wed Sep 16 1992 20:06 | 3 |
| You can ask the Registry of Motor Vehicles clerk for a number other
than your SSN and you will get one. It's been that way for years.
Denny
|
| 602.34 | Guess they keep it a pretty good secret though! | FDCV14::DOTEN | stay hungry | Wed Sep 16 1992 20:46 | 4 |
| Wellll. Learn something new every day. I spent my first 25 years in
Mass and never knew that!
-Glenn-
|
| 602.35 | Not Mandatory, by Law, but.... | NETCAD::TARBET | | Wed Sep 16 1992 21:47 | 12 |
| RE: SSAN & Accounts
As I recall, the IRS does not require you to list your SSAN on
accounts. There is a catch, that being that the institution is required
to withhold "X"% of interest on unidentified accounts. That is to
insure that interest does get paid.
The withholding rate was something like 20%, but I wouldn't bet the
farm on it.
The issue with the SSAN is the Rights to Privacy, as addressed in the
question of requiring a national identification card. Universal use of
the SSAN would erode that protection.
|
| 602.36 | I went through all of this 2 years ago in NH... | EDWIN::WAYLAY::GORDON | Malice Aforethought | Wed Sep 16 1992 22:42 | 5 |
| Actually, I believe the box on the NH form is to remove the SSN from
your NH motor vehicle records entirely. They claim they need it initially
for the search to drag up any past moving violations.
--Doug
|
| 602.37 | it works like this... | XLIB::SCHAFER | Mark Schafer, ISV Tech. Support | Thu Sep 17 1992 14:25 | 3 |
| the Registry is like many others, they ask for the SSN, they don't tell
you that it's acceptable to not provide it, and so most people
volunteer the information to them.
|
| 602.38 | Social Security Office confirms its legality | ERLANG::MILLEVILLE | | Thu Sep 17 1992 15:13 | 3 |
| Just talked with a person from the Social Security Office (800-772-1213). They
say that for verification of identification, a bank/credit_union *CAN* use the
SSN for this purpose.
|
| 602.39 | Can <> Should | FDCV14::DOTEN | stay hungry | Thu Sep 17 1992 15:31 | 10 |
| RE: .38
But it doesn't mean that they *should*. It's too easy to make someones
life miserable if you know their SSN.
The DEFCU should therefore stop the practice of using the SSN for
identification and having it readily available to people who shouldn't
be able to see it.
-Glenn-
|
| 602.40 | | ERLANG::MILLEVILLE | | Thu Sep 17 1992 16:33 | 14 |
| .39> But it doesn't mean that they *should*. It's too easy to make someones
.39> life miserable if you know their SSN.
Someone already commented that they requested the teller use something else
to confirm identity, and that was done for them. If you (or anyone else for
that matter) don't like using your SSN, then tell them to use something else.
There is no need to complain to DEFCU unless it is something that violates any
rule anywhere. Using the SSN as verification is perfectly legal. If other
customers of DEFCU don't mind DEFCU using the SSN for verification, then let
them be.
The bottom line is that DEFCU ought to make everyone AWARE that they can ask the
teller to (permanently) use some other form of verification if they feel uncom-
fortable with them using the SSN.
|
| 602.41 | Tellers should NOT have access to SSN | FDCV14::DOTEN | stay hungry | Thu Sep 17 1992 16:45 | 23 |
| You miss the point - the tellers should never have access to anyone's
SSN. Yes, you can tell them to ask you some other personal piece of
information, but there's your SSN staring them in the face all the
same.
If they already have access to the information I don't mind providing
them with that information. The point is the tellers should not have
access to my SSN (and there's probably some other personal information
they have no business seeing on their screens). I have to agree with
other folks who have said that since the tellers already have access to
the SSN then there's no reason for you not to tell them your SSN to
identify yourself.
>There is no need to complain to DEFCU unless it is something that violates any
>rule anywhere.
Huh? That's like saying that if you see that something is wrong and if
there's no law that currently exists to make it right then we shouldn't
bother to pass a new law. The DEFCU is our credit union, we can make
any changes or rules that we want (after being approved and all that,
of course).
-Glenn-
|
| 602.42 | | PATE::MACNEAL | ruck `n' roll | Thu Sep 17 1992 17:09 | 2 |
| If I can't trust a bank/CU and its employees with my SSN, then I
certainly won't trust them with my money.
|
| 602.43 | | ERLANG::MILLEVILLE | | Thu Sep 17 1992 17:46 | 9 |
| .42> If I can't trust a bank/CU and its employees with my SSN, then I
.42> certainly won't trust them with my money.
Exactly. That is why I am comfortable with their using my SSN.
Glenn, just how comfortable ARE you with DEFCU handling YOUR money if you don't
seem to be able to trust them with your SSN? Even if you did find another bank
that didn't use your SSN for verification, the teller probably still has your
SSN on their screen.
|
| 602.44 | | NAC::KINDEL | Bill Kindel @ LKG1 | Thu Sep 17 1992 17:58 | 19 |
| Re .42:
> If I can't trust a bank/CU and its employees with my SSN, then I
> certainly won't trust them with my money.
That's true, but the problem is that too many OTHER people have had
access to your SSAN and you can't always trust THEM.
Consider a malevolent supermarket cashier who sees your Digital badge
(thereby learning your name and employee number) and cashes your check
using your Massachusetts Driver's License as identification (thereby
learning your SSAN). Sometime later, they phone DCU to get your
account balances by impersonating you. The DCU phone teller asks for
your SSAN to confirm "your" identity and the impostor is off and
running, transferring funds or whatever.
My point in an earlier reply is that the SSAN isn't secret enough to be
useful for authentication. DCU should use something else as a matter
of policy.
|
| 602.45 | What he said (.44) | FDCV14::DOTEN | stay hungry | Thu Sep 17 1992 18:01 | 1 |
|
|
| 602.46 | private data should be on a "need to know" basis | RGB::SEILER | Larry Seiler | Thu Sep 17 1992 22:34 | 26 |
| Re .42:
> If I can't trust a bank/CU and its employees with my SSN, then I
> certainly won't trust them with my money.
You are welcome to trust whom you please for what you please. But in
fact you don't need to trust the tellers with your money -- there are
a great many auditing procedures to discover if bank employees are
embezzling money, and if they do anyway, your deposits are insured.
It's hard to get around the controls unless you run the system itself...
But in fact, I do trust the tellers. The POINT is that they shouldn't
have access to private information that they don't NEED to do their job!
I think nobody should see private information unless they need it to do
their job -- not in personnel, not in payroll, and not at the DCU.
To make the point clearer, how would you feel if the teller's screen
displayed your salary?
Larry
PS -- Although I have direct deposit, it is divided up among several
accounts, at the DCU and elsewhere, so even with access to my deposit
records, people at the DCU cannot find out my salary, FYI. For some
people, DCU employees could indeed find out their salary -- but it
still does not pop up on the tellers' screens automatically. LS
|
| 602.47 | Better than bitching about directors | CIMNET::KYZIVAT | Paul Kyzivat | Thu Sep 17 1992 22:52 | 5 |
| I haven't the patience to keep reading this topic, but I find it refreshing
that this now seems like the only thing anyone wants to talk about in the
DCU notes file.
Paul
|
| 602.48 | | ERLANG::MILLEVILLE | Wear Seatbelts, reduce costs | Fri Sep 18 1992 00:53 | 2 |
| <<< Note 602.47 by CIMNET::KYZIVAT "Paul Kyzivat" >>>
RIGHT ON!! >>>>>> -< Better than bitching about directors >-
|
| 602.49 | | LUDWIG::JOERILEY | Everyone can dream... | Fri Sep 18 1992 06:26 | 1 |
| Can you spell paranoid?
|
| 602.50 | So tell us your SSN | FDCV14::DOTEN | stay hungry | Mon Sep 21 1992 12:33 | 8 |
| > Can you spell paranoid?
To show us all that you are not paranoid would you please post your SSN
as a reply to this note? If you won't, would you please explain why
not? It wouldn't be ........ paranoia would it? :-)
-Glenn-
|
| 602.51 | | STAR::BUDA | We can do... | Mon Sep 21 1992 15:24 | 24 |
| Note 602.49 by LUDWIG::JOERILEY
> Can you spell paranoid?
There is a good book out about how easy it is to get information
about a person. I will try to look up its title and pass
it on.
SSN numbers are easy to get.
You unlisted phone number can also be gotten.
Your birth date.
Where you were born.
How much you make a year.
etc...
All of this is available LEGALLY...
If you ONLY knew how easyit is and how it can be used against you.
You cannot be TOO paranoid about protecting personal information.
People who think otherwise need to pull their head out of
the sand and look around.
-mark
|
| 602.52 | So what's your point? | FDCV14::DOTEN | stay hungry | Mon Sep 21 1992 18:05 | 12 |
| >You cannot be TOO paranoid about protecting personal information.
>People who think otherwise need to pull their head out of
>the sand and look around.
But that doesn't mean you have to make your SSN known to every Tom,
Dick, and Harry that comes around.
DEFCU tellers don't need access to your SSN; so they shouldn't have
access.
-Glenn-
|
| 602.53 | Here's who can fix this | CSC32::K_KINNEY | | Tue Sep 29 1992 13:10 | 13 |
|
For anyone who happens across this and wishes to contact
the person at DCU who has the authority to correct this,
send correspondence to the following persons:
Ernie Chevrette, Operations Services Coordinator
141 Parker St.
Maynard,MA 01754
Charles Cockburn, President
Same address
|
| 602.54 | Just another outlook on life. | LUDWIG::JOERILEY | Everyone can dream... | Wed Sep 30 1992 02:49 | 16 |
| RE:.50 & 51
Sorry to take so long to reply back. To post my social security
number here is not the same as a DCU teller having access to it. The
teller is a professional doing a job, sure once in a while one goes bad
and posts your personal information on the company bulletin board but for
the most part I think they really could care less about your personal life
and just want to do their jobs as best they can. You could always keep
your money in your mattress but then the cleaning lady might get it so I
guess the only alternative is to spend it as you get it. I'm sure there are
abuses but then no system is perfect. Life is to short to waste it worrying
about small stuff so lighten up a bit and enjoy it while you can. If all this
means I got my head in the sand well at least I won't get an ulcer worrying
about it. I sure would like to read that book -mark, please post the title.
Joe
|
| 602.55 | | TOMK::KRUPINSKI | Repeal the 16th Amendment! | Wed Sep 30 1992 11:56 | 7 |
| > You could always keep your money in your mattress
With the current interest rates, you might just as well keep
your money under the mattress, at least then the government
doesn't know what you have!
Tom_K
|
| 602.56 | :-) | FDCV14::DOTEN | stay hungry | Wed Sep 30 1992 12:38 | 11 |
| RE: .55
How true. I chuckled watching that TV shows "Wings" the other night
when the pilot guy asked the mechanic if he had some money on him. He
said "yea". The pilot asked him "how much"? Says he: "$7000".
Now, the mechanic is a bit out of it to begin with but when he's asked
why he has so much money on him he says "well, you have heard the name
Charles Keating?"
-Glenn-
|
| 602.57 | can't beat Uncle Sam | MONTOR::KYZIVAT | Paul Kyzivat | Tue Mar 29 1994 23:29 | 15 |
| Maybe its time to change the subject and lighten things up a bit.
This probably isn't even the right conference for this subject, and the
topic is old and stale, but anyway...
If it is such a good idea to keep your social security number secret,
why is it that our Federal Government, every January sends out several
hundred million pieces of mail which have the recipients' SS# on the
address label?
And what can you do about it? I guess you can rent a post office box
so the mail isn't accessible, for one thing. Then only the postal
workers can get your SS# - no problem since they have been widely
documented as being paragons of virtue.
Paul
|