From: smith@sctc.com (Rick Smith)
Date: Wed, 13 Nov 1996 14:31:40 -0800 (PST)
To: Black Unicorn <unicorn@schloss.li>
Subject: Validating SSNs
Message-ID: <v01540b09aeaff516ed6d@[172.17.1.61]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:13 PM 11/13/96, Black Unicorn wrote:

>Exercise for the reader:  How does the bank verify SSNs?

OK, I'll bite.

My guess is that the bank sticks the SSN in a report to the IRS and the
bank is happy with the SSN as long as the IRS doesn't complain about it.

Now, does the IRS check? I suspect that they don't, either. Their objective
is to look for "matches" with SSNs that show up on filed tax forms, since
they want to verify the data on the tax form. Given the behavior of every
other large database I've ever seen, I'd guess that there would be a huge
number of SSNs that don't in fact associate with tax forms. If someone High
Up hasn't decreed that they should chase such things down (and allocated
heaps of money to do it), they'll ignore the mismatches.

This seems consistent with the reports of people who use bogus SSNs for
decades at a time.

Rick.
smith@sctc.com