They are much to valuable for identity theft to be online. The only place we have them even on a computer that is off-net is in the payroll program that has to communicate them to the payroll provider. One should never need them for any other purpose at least in the US.

Comments

jmcgonegal’s picture

jmcgonegal commented

I do agree with you. Putting this online it was my intention to have nongovernmental entities a working baseline to establish a secure way to accept SSNs and TINs for things like credit checks and payroll. One way to go about this is to do hook node_presave or entity_presave and communicate with your payroll system to replace the SSN stored in the database with the value of the non-personal identification number used by the payroll system.