Social Security: Background Checking: Flaws in Website and Database Design

Recently, I was hired by the company IQNavigator. The hiring process involve a background checking done by the company ADP. While ADP was doing my background checking an issue shows up with my Social Security. I would like to use my current personal issue to talk about website and database design.

Continuing with my story, ADP requested me a letter verifying the validity of your social security number. So, I went to the Social Security Administration office at Greeley, CO. The SSA representative told me that they didn’t issue such letter. The only letters they provided was when a change was done to the social security or when requesting a social security number. After some seconds on the computer, the SSA representative notice that while my full name was correctly printed in my social security card, my last name was shorter by one letter in the SSA database system. She fix this issue in the database and gave me a receipt of the transaction.

The SSA transaction receipt was not accepted by ADP; therefore, ADP requested me other documentation. I am going to skip this part of the story with ADP since will move us out of the point I wish to do with this posting. Perhaps, I will write another posting about it.

Later, I decided to create an account at the SSA website without success. The last name field in the form do not allow me to type completely my last name. The field cuts my last name by one letter; therefore, I cannot create an account.

When creating fields on the form and/or in a database, the length should have between 10 to 20 percent extra space of length. This approach is quite common in engineering. For example, the tires of your car display a maximum amount of P.S.I. you can inflate that tire; however, it you inflate the tire to the maximum displayed, it shouldn’t explode in your face. Why? Because a good engineer design the tired to provide a margin above the maximum P.S.I. in case a user exceed the maximum by mistake.

Another lesson is in the SQL query in the software being used by ADP for the social security number verification. I am assuming that they are using my first name, last name, my birthday, and my social security number to make a match. The fact that my last name is missing a letter it could create problems. If their software doesn’t use the same field length limit as used by the SSA, then their query would try to search for “CARLSTEIN RAMOS MEJIA” instead of “CARLSTEIN RAMOS MEJI”.

If the company who build the software which is used by ADP would have the proper communication with the SSA, they could have known the size of each field and prevented this issue to happens.

I hope this doesn’t get in the middle of my employment and any future transactions which requires my Social Security number.