FTC: Reduce data theft by regulating Social Security numbers

One of the best ways to limit ID theft? Cut down on using Social Security numbers (SSNs) to authenticate users.

That's one of the conclusions of a new report this week from the Federal Trade Commission that says new ways must be found to identify corporate customers and employees.

The FTC report also recommended other measures to help prevent SSNs from being used for identity theft.

“Identity theft continues to be a major problem in this country, with victims numbering in the millions each year and out-of-pocket losses (primarily to businesses) in the billions of dollars,” the report states.

The report says that adopting nationwide regulations for how businesses verify the identity of new and existing customers would make it harder for identity thieves to use Social Security numbers and stolen information for fraud. Right now, only financial institutions regulated by the federal banking agencies are governed nationally.

The FTC report also recommended that steps be taken to reduce the unnecessary display and transmission of SSNs, though it noted that any such restrictions must be applied carefully. That is, a number of important functions in the U.S. economy rely on SSNs, so overly restrictive limits could cause a negative impact.

The report also recommended steps to improve data security, increase outreach to consumers and businesses on the protection of SSNs, and enhance coordination and information-sharing among organizations that routinely use SSNs.

The recommendations come after the President's Task Force on Identity Theft in April 2007 called on member agencies that regularly work with the private sector — including the FTC, Department of Justice and Social Security Administration —  to detail certain uses of SSNs in private businesses to determine if they are necessary.