National Identifier Mask - United States - Social Security Number (SSN)

The SSN consists of 9 digits which are typically separated by hyphens as shown in the example below:


Historically, each digit group had special significance; however, effective as of June 25, 2011, the US Social Security Administration (SSA) changed the way Social Security Numbers are issued such that the digits no longer have any particular significance except for a few range restrictions as explained below. The SSA describes this new issuing scheme as 'SSN randomization'.

Consider that the SSN format is represented as:


The range restrictions are:

AAA: The 'Area' number. Must be between 001 and 899 inclusive; except that 666 is excluded.

GG: The 'Group' number. Must be between 01 and 99 inclusive.

SSSS: The 'Serial' number. Must be between 0001 and 9999 inclusive.

DataVeil provides an SSN mask that can be used in a deterministic or non-deterministic manner.  The determinism of the SSN mask can be set in the Determinism tab.


Format Preservation

If the SSN is a text field then DataVeil shall attempt to preserve the format of every original SSN value by preserving all non-numeric characters. Therefore, SSN values that are hyphen separated shall be masked using the same hyphen separated format while other rows that may be space separated shall be maintained as space separated.

Note: A format discrepancy can arise for SSN values that contain less than 9 digits because DataVeil shall generate SSNs across the full 9 digit SSN range. For example, if the original SSN value is '12-12-1234' then internally DataVeil shall regard this as equivalent to '012-12-1234' (leading zero inserted) and may therefore calculate the masked SSN as '321-45-6789' (the masked value contains 9 digits instead of the original 8' in this example.)


NULL values are preserved.


Invalid SSN values

Invalid SSN values are preserved.

An SSN is considered invalid:

* When any of AAA or GG or SSSS contain only zeros. E.g. 123-00-6789 is invalid.

* When AAA is 666 or greater than or equal to 900.

* The values 078-05-1120 and 219-09-9999 are invalid.

* When more than 9 digits are present.

Note: a value with fewer than 9 digits shall first be left padded with zeroes and then tested for validity.


Deterministic mode


If the SSN mask is deterministic then every SSN value shall be mapped in a distinct manner.

Therefore a specific original SSN will always be masked to the same value whenever using the same deterministic seed value.

Preserve first digits

You have the option to preserve up to the first three digits of the original SSN by specifying a number 0 to 3 inclusive.


Non-Deterministic mode


When this mask is non-deterministic, SSN's shall be generated sequentially beginning with the value shown in the 'Default start SSN' field.

This mask can generate all of the valid SSN values starting from 001-01-0001.

Although these SSN values are generated sequentially, they are assigned to target rows in an unpredictable order each time that this mask is executed.

Continue sequence numbers

The 'Continue sequence numbers' checkbox is only relevant if you have multiple Non-Deterministic SSN masks in the same column.

It means that if there was a previous non-deterministic SSN mask in the same column then this mask shall start generating SSN values from the next SSN in sequence after where the previous mask completed. This continuation shall work even if there are other non-SSN masks between the current and previous non-deterministic SSN mask.

If there was no such previous mask (or the 'Continue sequence numbers' checkbox is not selected) then the value in the 'Default start SSN' field shall be used as the start value.


Pre/Post SQL

Please refer to the Pre/Post SQL Option.