Referrals, W-9, and SSN numbers


#1

tldr; emailing SSN is bad.

Hey, so payments are going out for referrals, which is super great!
I did over $500, so when my notice came today to fill out the form to get my referral money, I got a notice that I need to fill out a W-9, and email that in.

I get it, GF needs to report to the IRS when they pay out at this level, and I’m more than happy to supply my form.

BUT: Form W-9 requires your social security number, and email is not a safe way to send SSN! This is like, basic email security. Granted, with the Equifax breach we should pretty much assume every American’s SSN is out in the wild, but let’s not add to that chance, okay?


#2

Send it via the mail. Or email as a secure document. Like a password protected pdf. It’s a very common practice for companies and individuals.

Congrats on the referrals!


#3

Those enterprise however have secure methods to transmit that type of dat such as doing it on two way trusted systems, 2fa, not sending at all but having a locked down sever for someone to log into and upload content. Zip and password protection is not acceptable because… To get them the password you need to email them the password so if the email is already compromised because someone got the file then they also got the password, so then you say well to diffrent emails but we already established that the email system is compromised so a second email doesn’t fix the problem.

So now we are left with fax it lol

Realistically I am not sure of the best way to go about it but email in this fashion is not.


#4

According to Equifax, my information was stolen in the Equifax breach. My wife’s was not. I assume it’s because I have subscribed to Equifax’s credit monitoring services for the last 12+ years, but I had my wife subscribed to Transunion’s credit monitoring; ironic much?

Given what I do for a living, I can most definitely tell you that even the largest enterprises have weaknesses in the way that they handle this type of information.

This is true, but it is still often handled by organizations through email; just not having the zip and password in the exact same email.

This is the one reason that I wish organizations still maintained fax environments. But, since most people don’t have fax machines in their houses (and fax modems have mostly gone the way of the dodo bird), many of the online fax services still require you to send your outbound faxes through email–it’s very frustrating.

The best way right now is to physically mail the document. Although, physical theft of information still occurs quite frequently–it’s just not as “cool” as the cyber stuff, so you rarely hear about it.


#5

I don’t know a lot about this stuff, but you may be able to use a personal Federal EIN. You can apply for one as a sole proprieter and (in theory) use it in places where you would prefer not to disclose your SSN. If anyone knows more about that, please chime in :blush:


#6

I already got my form in through a dropbox link, but I think a simple secured webpage with an upload button would be reasonable.


#7

I’ve used https://whisp.ly to transfer documents securely. It works pretty well, and I’ve dug in to the technology quite a bit, and believe it to be strong enough to do what we’re talking about here.


#8

Interesting! Never heard of it but I will look into it for the future.


#9

Thanks for the discussion – we’ve updated the process.


#10