Everyone is identified by their birth date, the name of their mother and their birth place. (Their own name is not that important, for example twins can pull off identity fraud easily, as they can pretend to have the name of their twin, and how would anyone know!?)
Sure, we can go full 1984 and GATTACA and use biomarkers and papers and whatever. But that just makes puts many edge cases out of scope, doesn't solve them at all.
If someone shows up at the bank and claims to be someone, they can produce documents, either via simple forgery or by stealing someone else's "identity".
They can then pass all the checks the bank runs. (Sure, if there is some database that says don't open accounts for these IDs, then the scammer can start with persuading the admins of that DB to unlock the corresponding ID.)
And this will always happen as long as we allow fallbacks for people to get access to (and create) their accounts after losing (or without creating) a strong cryptographic key (password).
The kicker is they reuse the SSNs. Had a gig where I was working with the 'death master' files. (It use to be much easier to get your hands on the files - https://ladmf.ntis.gov now) and it would list every SSN number used by the dead. Lots of duplicate SSNs, some malformed data, some just missing. An interesting data set to look at, and a great reminder why folks should not be using this as an identifier.
Everyone is identified by their birth date, the name of their mother and their birth place. (Their own name is not that important, for example twins can pull off identity fraud easily, as they can pretend to have the name of their twin, and how would anyone know!?)
Sure, we can go full 1984 and GATTACA and use biomarkers and papers and whatever. But that just makes puts many edge cases out of scope, doesn't solve them at all.
If someone shows up at the bank and claims to be someone, they can produce documents, either via simple forgery or by stealing someone else's "identity".
They can then pass all the checks the bank runs. (Sure, if there is some database that says don't open accounts for these IDs, then the scammer can start with persuading the admins of that DB to unlock the corresponding ID.)
And this will always happen as long as we allow fallbacks for people to get access to (and create) their accounts after losing (or without creating) a strong cryptographic key (password).