U.S. Policy on Medicare Cards Is a Boon for Identity Thieves

LA Times ^ | 9/17/05 | Kathy M. Kristof

[Crackingham]

To guard against identity theft, John and Mary Benbow of La Jolla took their first names off their personal checks, using their initials instead. They shred documents that show any of their identification numbers and carry credit cards only when they plan to use them. Whenever they see a doctor or go to the pharmacy, however, they must present Medicare cards inscribed with their Social Security numbers — numbers widely viewed as the keys to identify theft. Photocopies of the cards are routinely attached to their medical records, making the information available to anyone with access to their files.

Seeking to cut the risk of identity theft, California and other states have passed laws forcing private insurers to remove Social Security numbers from healthcare cards. But these laws don't apply to federal agencies and programs such as Medicare or to other institutions that use Social Security numbers for identification, including many colleges and universities.

"I feel it's very dangerous to have to carry a Medicare card with my Social Security number on it, knowing how valuable this is to people who are trying to steal my identity," said Mary Benbow, 67.

"This is something that we have been screaming about for years," said Linda Foley, co-executive director of the Identity Theft Resource Center in San Diego. "Our most vulnerable populations due to overexposure of their Social Security numbers are students, seniors and members of the armed forces."

Foley and others say the federal government's widespread use of Social Security numbers is even more exasperating given that the Federal Trade Commission — the government's primary consumer protection agency — is on the front lines of efforts to combat identify theft.

[conservatism_IS_compassion]

Identity theft is a serious problem in principle. If I have a number which uniquely identifies me, anyone who uses that method of identifying me has to have access to that number! Seems like you'd need public key encryption to be able to get around that, and you can't exactly do that at the drug store.

I hope the system is more secure than it looks to me to be.

[dennisw]

bttttttttytttttttttttttttttttt

[DH]

In the state of Texas it is required that all resale businesses display their sales and use tax permit in an area that can be seen by all customers.  Until recently, any sole proprietor's sales tax permit number was comprised of a number, a dash, THEIR SOCIAL SECURITY NUMBER, followed by a dash and a number.

Their (and mine too) social security number, name and address was displayed in public for all to see!   Recently, this was changed and all sole proprietor's tax permit numbers were changed. 

Just think how many of these old permits were thrown in the trash and how many other related pieces of paperwork still have this information.

 

[FarmerW]

Even worse then SS# are Electronic Fund Transfers from banks. I got zapped by one of those and I did nothing wrong but pay my cell phone bill.

I mailed the check in, it is a company check and does not contain any info other then the name, address and the two series of numbers printed on the bottom of the check and required by the bank. These are the routing number (bank identifier) and my account number. This check was stolen somewhere along the line. The police believe it is from the post office.

The thieves then started paying other peoples cell phone bills to that company out of my checking account using electronic funds transfers.

When I alerted my bank to this, just a few hours after it happen because I check my balance on line daily, the bank said they did nothing wrong. ANYONE that has those two numbers can deduct anything they want from my account. It is up to me to find it. No authorization from me is needed. They just file with the bank, give them the numbers and the money is transfered anywhere the bank is told to send it.

Congress needs to act to ensure some sort of auth is needed to procede with electronic transfers, it is a growing crime and one we can not protect ourselves from if we write checks. The police even in my small town new all about it. They said the usually pay bills to companys the victim deals with making it less noticable to the victim.

[FarmerW]

Even worse then SS# are Electronic Fund Transfers from banks. I got zapped by one of those and I did nothing wrong but pay my cell phone bill.

I mailed the check in, it is a company check and does not contain any info other then the name, address and the two series of numbers printed on the bottom of the check and required by the bank. These are the routing number (bank identifier) and my account number. This check was stolen somewhere along the line. The police believe it is from the post office.

The thieves then started paying other peoples cell phone bills to that company out of my checking account using electronic funds transfers.

When I alerted my bank to this, just a few hours after it happen because I check my balance on line daily, the bank said they did nothing wrong. ANYONE that has those two numbers can deduct anything they want from my account. It is up to me to find it. No authorization from me is needed. They just file with the bank, give them the numbers and the money is transfered anywhere the bank is told to send it.

Congress needs to act to ensure some sort of auth is needed to procede with electronic transfers, it is a growing crime and one we can not protect ourselves from if we write checks. The police even in my small town new all about it. They said the usually pay bills to companys the victim deals with making it less noticable to the victim.

[aimhigh]

Authorization is required in the NACHA rules. It can be written or electronic.

[FarmerW]

The company taking the money submitted the auth directly to my bank. That is how my bank explained it to me.

Is that possible under the NACHA rules?

I should have been clearer that I think my bank, should get an auth from me.

[aimhigh]

Is that possible under the NACHA rules?

I'm not sure. Your authorization has to be somewhere. The company taking the money should have your authorization. I'd recommend you contact your state banking regulator.