| Comment Number: | 531096-00087 |
| Received: | 8/6/2007 3:26:10 PM |
| Organization: | |
| Commenter: | Comfort |
| State: | MD |
| Agency: | Federal Trade Commission |
| Rule: | Private Sector Use of SSNs |
| No Attachments |
Comments:
Experian uses the SSN in a dangerous way on their website for authentication. In order to log in, a username and password is asked for first. After the username and password are accepted, it asks for your full SSN. Spoofing the website to accept any username/password pair and then requesting a SSN could easily allow any phisher access not only to a user's SSN, but also to the user's Experian credit report. This "security" enhancement on Experian's site is ill conceived and is not necessary to ensure security.