Comment by EvanAnderson
9 months ago
I think we've got liability pretty well buttoned-up in the banking industry. I'm more concerned about the non-bank businesses. (I recently obtained utilities at a new house. All three utilities-- electrical, gas, and water/sewer-- use my SSN as an authenticator for my account. In 2024.)
It isn't great, but I don't think there's much risk there. There's not really much of a motivation for some random person to get into my utility account. The balance is never positive. Utilities are physically bolted to my house. They're pretty heavily regulated too. If someone wanted to steal electricity from my house, they can use the outlet on my patio that has zero authentication whatsoever.
You should read some fraudster diaries. Having the SSN as authentication, means you can con the utilities employee into handing over all of your other personal information. Date of birth, current and past adresses, spouse or roommates, parents if they are with the same utility company. They can then turn around and use that information to apply for a credit card. Now all they need is to wait by your mailbox or pay the postal worker $100 to not deliver the card and letter.
That info is, in fact, already easily obtained trough leaks, but I just wanted to give your "utilities" case some clarity. Now the fraudster can apply for a creditcard in your name, and before the month has passed you are on the hook for $3000 in cc charges/debt which cost the fraudster a mere 12 minute phone call and 10 minutes skimming trough the leaked records from this HN post to find your SSN.
Yeah, I’m aware that any data that can be used to obtain more data is an issue. But I figure if someone knows my utility company and SSN, they probably already have an address. And with an address it’s easy to get the rest of that information through people search and public records.
When I obtained utilities for my house, none of them required my SSN. The water company asked, but I declined, so they asked for a fax of my DL (which I could have probably photoshopped, but didn't).
Just because people ask for something, doesn't mean you have to give it to them. I leave fields blank all the time on different (paper) forms (including when they ask for SSN), virtually no one hassles me.
I maintain my utilities account by email.