In Sweden, the password is BankId, a two-factor authentication app that everybody has on their phones. It’s used by all government agencies, banks and insurance companies etc to establish identity. You literally use your ssn as username to login, plus a pin, to generate a one-time passcode (which happens behind the scenes so you don’t have type it in).
Not a swede, but we have a similar system in Norway. If you don't have a phone you can get this little device with a 7-segment display and a button that generates one-time authentication codes.
I know when you make an account with Nordea, they give you a page with several hundred codes printed on it. Each time you authenticate, you have to use the next code in the list. If you use any other code on the page, it's considered invalid. They instruct you not to mark the page so if someone takes your code page they do not know which one is the current code.
Because you guys have more forms of ID aside from SSNs, many od them with security features. For Americans, it's the only number that everybody has, so it's become the password to your entire financial life.
You can go to a bank, say "hi im John, my social is 123456789, I'd like to take a ten thousand dollar loan" and they'll give it to you if their records show that the name belongs to that number.
> You can go to a bank, say "hi im John, my social is 123456789, I'd like to take a ten thousand dollar loan" and they'll give it to you if their records show that the name belongs to that number.
If that's so, why isn't this happening in massive numbers, given for example the 143 million SSNs that leaked through equifax?
There's usually more verification than just that. There's an automated system that asks about old addresses, employers, loan amounts/dates, etc. It's probably fairly easy to get that information but enough of a bump in the road to prevent massive fraud.
My spouse's human resources dept was spearphished and sent all employees' tax forms. 1 in 3 employees called the IRS to get a PIN issued - the rest (hundreds) discovered someone had submitted fake tax returns on their behalf the next year. Many had credit cards issued to someone else before the credit lockdowns were in place. Any spouses or children whose SSNs were on the employees tax forms also had problems.
I am from Europe and i can't do anything except a random consultation about products without providing an actual ID (passport or ID card) in bank. The same goes for SIM swap - i have to go to mobile operator client center and provide ID before getting a new SIM. Obviously this is not 100% safe as the bank/mobile operator employee still could be social engineered somehow but it sounds miles better than what you have in US.
I’m in the US and every time I’ve applied for a loan, credit card, or SIM in person I’ve had to provide a drivers license. When I applied online I do not have to give an ID but most of the time they ask for the ID number.
When I had my identity stolen the crooks still had some Fake ID with my name and info. They found small cellphone kiosks (a makeshift promotional tent) inside large stores with lax security to make their purchases.
Here drivers licence isn't recognized as a valid ID (can't even buy alcohol or get packages at the post office with it) because of what i assume is lax built in security mechanisms and everyone must have a valid passport. I do think that any system can be abused (social engineering, employee doing his job poorly etc.). At the end of day it should be possible to prove that it was a scam but just the fact you have to deal with it for quite some time is pita.
Times do change. In 1996 a dumpster dive of the local computer store would reveal hundreds of names, addresses and full credit card numbers with expiry dates.
A super high end hotel in Singapore would leave client bookings at the check in counter with address, name, credit card also.
