Looking at Braintree's Marketplace docs, it appears you have to "onboard" each sub-merchant you want to send payouts to, which requires entering their name, address, date of birth, and their social security number. It then says "If [the social security number] is not provided, we will attempt to retrieve the full Social Security number based on the other applicant details."
So my question is: How is it possible / how do they retrieve someone's social security number using apparently just a name, address, and birth date? (Maybe I'm naive, but I thought socials were pretty secure)
Kristi from Braintree here. We work with one of the major credit bureaus to cross-reference the data provided to match it with a social security number.
FYI, if you want to learn more about a specific patent, you can read the examiner's reasons for allowance at the public pair website (http://portal.uspto.gov/pair/PublicPair)
Looking at that site, the reasons for allowance are the claimed features of:
"...displaying to a reader, who can leave a reader comment in response to said online information, an offer associated with said online information, said offer being an offer to alter a reader comment from said free default format to a distinctive format for a fee"
If anyone's interested in learning more of how you can use the private key of a server to monitor all communications: see, for example, US Pat. 7,543,051
It describes a way to passively/non-intrusively ("invisible to the server") capture and analyze all network traffic using a cable-tap.
Bottom of column 8: "In order to accomplish decryption in a timely manner the secure traffic decryption unit needs the private key of the server. Usually providing the server's private key to another device would be considered a security flaw, since private keys are not meant to be communicated to any other party. But since it may be assumed that usually the server's owner or operator will use the present invention to monitor his/her own server, providing the server's private key to the secure traffic decryption unit does not pose significant security risks."
I talked with BrainTree's customer support yesterday. They currently have a "payouts"/"marketplace" in beta. He should they should officially release it in the next few months.
So my question is: How is it possible / how do they retrieve someone's social security number using apparently just a name, address, and birth date? (Maybe I'm naive, but I thought socials were pretty secure)