Identity theft and fraud are substantial menaces to informational security in today's electronic age. Having one's identity stolen, or credit destroyed, can be life-destabilizing and can lead to literally years of agonizing phone calls, paperwork and attempts at reestablishing one's credibility. Moreover, victims of identity theft or financial fraud may suffer a permanent loss of peace of mind regarding financial matters, as well as in other areas of their life.
Identity theft and fraud are such life-shattering disasters because of the degree to which we depend on our credit. For example, when trying to secure a home or automotive loan, or when undergoing a background check for a job or condominium, one's credit is often carefully scrutinized. In fact, if one's credit is poor, home loans and high-end jobs can be all but off limits.
The situation is exacerbated by the fact that identity theft and fraud are nearly undetectable until they have occurred and begun to wreak havoc in one's life. That is, nearly no one is fortunate enough to catch an identity thief in the act of stealing one's identity or tampering with one's financial records. Only after bank account balances become inaccessible and credit cards are rejected do individuals realize that their identity has been stolen or misused.
In response to the threats of identity theft and financial fraud, banks and other financial institutions have created numerous security mechanisms to protect bank account and credit card information. For example, having a photograph of a credit card holder placed on their card, requiring online users to create usernames and passwords to access their online bank or credit card accounts, and providing transaction monitoring services have significantly enhanced financial security. One glaring chink in the armor of financial security, however, is one's credit report. Credit reports can be accessed using one's social security number (SSN)—and sometimes without any additional information. If a malicious individual obtains another's SSN, they have gained access to essentially all of that other person's financial information, including bank account and credit card numbers. Due to the pervasive use of SSNs in today's electronic age, one's SSN may be gleaned from, for example, cellular phone records, credit card statements, bank loan applications, housing documents, or employment forms. Once a malicious individual has seen obtained a victim's SSN, that individual may be able to take out a loan, make a purchase, or open a financial account in the victim's name.
The major credit bureaus, banks, and other entities that deal with financial transactions have tried several techniques to address the threats of identity theft and financial crimes. Often, accounts are protected with some sort of identifying feature. Institutions often require a password, SSN, date of birth, home address, or some other personal information before they are willing to grant access to an account. However, these security identifiers are only useful if they remain personal and unknown to potential perpetrators of identity theft. Therefore, it is critical that these security identifiers be protected and kept confidential. For example, if the password to an online credit card account is discovered by a potential identity thief, the identity thief might be granted full access to the account with the ability to purchase items upon its credit line. Obviously, there is no point to a password that can be obtained by thieves. Therefore, it is crucial that the means by which access is granted to these accounts be kept protected and private.
Security identifiers are used so often that a multitude of companies often posses this personal information about a person. Within each of these companies, numerous employees have access to this personal security information about a person. The risk that one of these people will misuse this information, or pass it along to someone that will misuse the information, is unfortunately not negligible. In addition, thieves target companies that possess this personal security information. By hacking into a computer system via the internet, or stealing laptops and other storage devices with personal information on them, thieves can gain access to consumers' account information and use it for their own benefit or sell it to the highest bidder. In addition, security identifiers such as one's SSN, address, and date of birth are often printed on materials that people carry around with them everyday. Simply losing one's wallet could produce dire consequences.
Even if security identifiers are kept private, one's account may not be entirely protected. If given unlimited opportunity, thieves may be able to simply guess or use a computer program to determine one's security identifier. One approach that has been used to combat this has been to disable a credit card or other account after someone has unsuccessfully tried to access it a certain number of consecutive times. For example, if an individual tried to use a credit card in an automated teller machine (ATM) several times in a row, but kept entering false personal identification (PIN) numbers, the credit card account may be frozen by the holder's bank. While this protects an account owner's assets and identity, it also is a great hassle for the account owner. In addition, legitimate users of the account, who may have forgotten which password, of several possible passwords, they used to protect the account, might also be locked out when they simply needed one more attempt to get the password right. Reactivating a disabled account takes both time and substantial effort. Often, a great deal of information and paperwork must be provided in order to reactivate a frozen account. Granted, the effort expended is not as great as it would have been had the thief been successful in their attempted fraud, but the effort is great nonetheless.
Financial institutions have also tried to combat identity theft and financial fraud by providing transaction monitoring services to customers. Such services, in their various forms, identify suspect transactions involving customers' financial accounts, and determine whether the transaction was legitimate or whether an investigation should be commenced. Such a service is retroactive, however, in the sense that it is powerless to prevent identity theft or financial fraud from occurring—at best, it can identify a wrongful transaction after it has taken place. Unfortunately for customers, nearly irreparable harm may be caused by the time such a system identifies a wrongful transaction. By that point, the customer may have faced the embarrassment of being denied a financial transaction, defaulted on loans, or even sunk into bankruptcy. Moreover, having to conduct an investigation into suspect transactions is an expensive and time consuming process, which, compared to a system of preventing wrongful transactions in the first place, is in the interests of neither financial institutions or customers.
In financial reports, such as one's credit report, the SSN is uniquely powerful. By simply providing this number, along with other readily obtainable information, such as one's address, it is possible to view one's entire financial history including account numbers and payment history. In reality, the SSN is the only line of defense against fraudulent access to one's credit report. This is a powerful ability that, if misused, could lead to fraudulent financial activity. As discussed above, one's credit report must be checked before one can secure a loan, purchase a house, etc. A third party is able to access an applicant's credit report when the applicant provides the third party with their SSN. Over the course of one's life, one could give such access to dozens upon dozens of third parties. The risk of abuse is great, as third parties might divulge one's SSN to potential thieves.
U.S. Pat. No. 6,985,608, issued to Hoffman, Pare and Lee on Jan. 10, 2006, is an identity verification method whereby an individual's personal identification number and a biometric sample are compared against their records in a database. A successful match signifies the authenticity of an individual's identity, and permits a transaction to proceed. Unlike the present invention, the invention of Hoffman, et al., does not replace an existing identifier, such as a SSN. Furthermore, by using a biometric sample as an integral component of its identification process, the invention of Hoffman, et al., does not provide for the easy alterability of identifiers that the present invention does. Additionally, unlike the present invention, the invention of Hoffman, et al., does not replace the SSN as a solitary identifier in accessing credit reports and other financial information.
U.S. Pat. No. 7,047,416, issued to Wheeler and Wheeler on May 16, 2006, is a user authentication method that uses a private identifier, a public identifier, and a digital signature. Once a user provides his private identifier and digital signature, the private identifier is checked against the public identifier to ensure authentication. Unlike the present invention, Wheeler and Wheeler's invention does not replace an existing identifier, such as a SSN. Moreover, Wheeler and Wheeler's invention contemplates using a physical “device” as an integral component of the authentication process, rather than relying on a purely numerical system, as the present invention does. Additionally, unlike the present invention, Wheeler and Wheeler's invention does not replace the SSN as a solitary identifier in accessing credit reports and other financial information.
U.S. Publication Number 2005/0125686 A1, published for Brandt on Jun. 9, 2005, is an individual verification system whereby a trusted third party provides the individual with primary and secondary identifiers, which, together with an identifier provided by the individual, are processed by an encryption key. The encryption key then produces an identifier for the individual, which may be varied by the individual. Unlike the present invention, Brandt's invention does not replace an existing identifier, such as a SSN. Moreover, unlike the present invention, Brandt's invention does not replace the SSN as a solitary identifier in accessing credit reports and other financial information.
U.S. Publication Number 2003/0028481 A1, published for Flitcroft and O'Donnell on Feb. 6, 2003, is a financial transaction system featuring limited use credit card numbers. Limitations on the use of such numbers may include particular merchants or merchant types, amount thresholds, or prior permission. Unlike the present invention, Flitcroft and O'Donnell's invention does not replace the SSN as a solitary identifier in accessing credit reports and other financial information. Furthermore, it does not provide increased protection against wrongful access of credit reports and other financial information.
U.S. Publication Number 2004/0243518 A1, published for Clifton and Guagliardo on Dec. 2, 2004, is an individual authentication system whereby a user provides a SSN and a personal identification number, which are crosschecked in a database. Unlike the present invention, Clifton and Guagliardo's invention does not replace the SSN as a solitary identifier in accessing credit reports and other financial information. Instead, it requires the individual to retain and use an additional number that is used in conjunction with the SSN. Furthermore, Clifton and Guagliardo's invention does not provide for periodic or customizable alterability of the identifier, as the present invention does.
U.S. Publication Number 2004/0230538 A1, published for Clifton and Guagliardo on Nov. 18, 2004, is an authentication method for accessing a credit report whereby financial institutions and their employees are each provided with identifiers, as are account holders. When an employee provides his identifier, the identifier of the financial institution (his employer), the individual's identifier, and the individual's SSN, the individual's credit report becomes available if all the numbers correspond in a 3rd party's database. Unlike the present invention, Clifton and Guagliardo's invention does not replace the SSN as a solitary identifier in accessing credit reports and other financial information. Furthermore, Clifton and Guagliardo's invention does not provide for periodic or customizable alterability of the identifier, as the present invention does.
U.S. Publication Number 2003/0070101 A1, published for Buscemi on Apr. 10, 2003, is an individual verification method whereby an individual submits his personal identifier along with his SSN to a third party, who checks those data against a database. If the submitted personal identifier and SSN match, the individual's identity is thereby successfully verified. Buscemi's invention also provides for alterability of the individual's identifier. Unlike the present invention, Buscemi's invention does not replace an existing identifier, such as a SSN; it simply provides an additional identifier which corresponds to the individual's SSN. Moreover, unlike the present invention, Buscemi's invention does not replace the SSN as a solitary identifier in accessing credit reports and other financial information. The present invention, on the other hand, eliminates the need for the individual to provide his SSN in order to access his financial records.
W.O. Publication Number 2005/038572 A2, published for Sorrentino on Apr. 28, 2005, is an individual authentication system whereby an individual's credit card contains an account number and a security identifier. Once an individual presents the card, together with a secondary identifier, his identity may be verified. Unlike the present invention, Sorrentino's invention does not replace the SSN as a solitary identifier in accessing credit reports and other financial information. Furthermore, Sorrentino's invention does not provide for periodic or customizable alterability of the identifier, as the present invention does.
Therefore, there is a need for a method of securely accessing credit reports and other financial information that does not rely on the uniquely powerful, yet dangerous, capabilities of the SSN. Such a system must provide a replacement for the SSN which, unlike the SSN, is limitlessly changeable in order to elude potential identity thieves. In essence, a system is needed that provides the simple and effective identification power of a SSN without the security pitfalls SSNs entail. Moreover, there is a need for a method of preventing credit accounts from being opened in a user's name without the user's permission. The SSN is no longer a safe way to allow credit to be opened and used.