I'm not a legal expert but from my experiences, most banks and credit card companies use the last 4 digits as authenitication. Wells Fargo in particular uses the SSN number in entirety for online access to user accounts. If there are legal restrictions, it would appear that quite a few companies have ignored them.
-Jim David Greenstein wrote: > How legal is the use of the SSN for authentication. My understanding > is that the SSN is to be used by state and federal government only > Please, any legal expert, help us to understand the issue > Thank you > > -----Original Message----- > From: Jim Lawton [mailto:jblii@;hotmail.com] > Sent: Saturday, November 02, 2002 8:00 AM > To: [EMAIL PROTECTED] > Subject: Risk of using SS#s (last 4 digits) for authentication > > We are currently considerring the limited use of employee's Social Security > numbers to authenticate them when they request a password reset from the > Help Desk. We have chosen two items (in total) for authenticating them: > their employee # and the last 4 digits of their SS#. Only the last 4 digits > would be stored in the Help Desk app, and these would be viewable only by > Help Desk technicians. They would only be able to see them by selecting a > specific toolbar button (the SS# screen would not visible at all times). > > We are concerned with the privacy issue potential if we use any part of a > SS# but are unaware of any legal precedent, standard or guideline either > supporting or against this use. Does anyone have knowledge they can share, > or know of web resources that might be useful to research this issue? > > We are a corporation of roughly 1200 specializig in healthcare, and HIPAA > privacy/security regs, NCQA and URAC acredidations must be taken into > consideration. > > Thanks in advance for any suggestions or information. > > JBL > > _________________________________________________________________ > Surf the Web without missing calls! Get MSN Broadband. > http://resourcecenter.msn.com/access/plans/freeactivation.asp
