How can I validate US Social Security Number?

Question

Anyone out there know how to improve this function? I\'m not worried about shortening the code, I\'m sure this could be done with better regex, I am more concerned about cor

Answer 1

As of the randomizing of social security numbers post-911, the entries in the 900 series and even 666 are now potentially valid numbers.

The only certain things at this point in time appear to be:
the first group of 3 will never be 000
the middle group pair will never be 00
and the last four will never be 0000

You can perform some testing by first testing to ensure that the numeric value of the entry is >= 1010001 [and < 1000000000] (a ssan of 001-01-0001 appears to be the lowest legitimately assigned). Then you can proceed to check for 00 in positions 4 and 5, and 0000 in the last four.

Answer 2

Here is my PHP version

/**
 * Validate SSN - must be in format AAA-GG-SSSS or AAAGGSSSS
 *
 * @param $ssn
 * @return bool
 */
function validate_ssn($ssn) {

    $ssnTrimmed = trim($ssn);

    // Must be in format AAA-GG-SSSS or AAAGGSSSS
    if ( ! preg_match("/^([0-9]{9}|[0-9]{3}-[0-9]{2}-[0-9]{4})$/", $ssnTrimmed)) {
        return false;
    }

    // Split groups into an array
    $ssnFormatted = (strlen($ssnTrimmed) == 9) ? preg_replace("/^([0-9]{3})([0-9]{2})([0-9]{4})$/", "$1-$2-$3", $ssnTrimmed) : $ssnTrimmed;
    $ssn_array = explode('-', $ssnFormatted);

    // number groups must follow these rules:
    // * no single group can have all 0's
    // * first group cannot be 666, 900-999
    // * second group must be 01-99
    // * third group must be 0001-9999

    foreach ($ssn_array as $group) {
        if ($group == 0) {
            return false;
        }
    }

    if ($ssn_array[0] == 666 || $ssn_array[0] > 899) {
        return false;
    }

    return true;
}

Answer 3

This is obviously an old post, but I found some ways to shorten it. Also there are a few specific numbers to invalidate according to this link: http://www.snopes.com/business/taxes/woolworth.asp

Here's how I did it. I could have used regexes for repeating numbers, but with specific ones to invalidate we might as well add ones through fives to that list (over 5 will invalidate anyways due to area number validation). I also left out isNumeric(ssn) because the field is a numeric and already strips characters before calling the validate function.

function validateSSN(ssn) {
    // validate format (no all zeroes, length 9
    if (!ssn.match(/^[1-9][0-9]{2}[1-9][0-9]{1}[1-9][0-9]{3}/)
            || ssn.length!=9) return false;

    // validate area number (1st 3 digits)
    var area=parseInt(ssn.substring(0, 3));
    //  standard      railroad numbers (pre-1963)
    if (area>649 && !(area>=700 && area<=728)) return false;

    // disallow specific invalid number
    if (ssn=='078051120' || // fun fact: some idiot boss put his
                            // secretary's ssn in wallets he sold,
                            // now this is 40000 people's ssn
        ssn=='219099999' || // was used in an ad by the Social Security
                            // Administration
        ssn=='123456789' || // although valid it's not yet assigned and
                            // you're not likely to meet the person who
                            // will get it
        ssn=='123121234' || // probably is assigned to someone but more
                            // likely to find someone trying to fake a
                            // number (next is same)
        ssn=='321214321' || // all the rest are likely potentially
                            // valid, but most likely these numbers are
                            // abused
        ssn=='111111111' ||
        ssn=='222222222' ||
        ssn=='333333333' ||
        ssn=='444444444' ||
        ssn=='555555555') return false;

    return true;
}

Answer 4

In Hive, the SSN validation or ITIN validation is like:

select case when '078051120' rlike '^(?!1{9}|2{9}|3{9}|4{9}|5{9}|6{9}|7{9}|8{9}|9{9}|219099999|078051120|123456789)(?!666|000|9[0-9]{2})[0-9]{3}(?!00)[0-9]{2}(?!0{4})[0-9]{4}$' then 'SSN' 
     when '078051120' rlike '^9[0-9]{2}(7[0-9]|80|81|82|83|84|85|86|87|88)[0-9]{4}$' then 'ITIN' 
     else 'INVLD'
end as ssn_flg;

change the dummy '078051120' to column name of your table.

Answer 5

I know this is an old question, but for the sake of others looking for answers, I figured I'd add a quick javascript function for checking that a given SSN is valid.

function checkSSN() {
    var inputSSN = #YourInput#,
        ssnRegex = new RegExp("^(9[0-9][0-9]|666|000|078051120|219099999|123456789|123121234|321214321)|^([0-8][0-9][0-9]00)|^([0-8][0-9][0-9][0-9][0-9]000)$"),
        repeats = /^(.)\1+$/;
        
    //make sure we have 2 dashes in the input Social Security number
    if( inputSSN.match(/./g).length === 2) {
        //Once we have confirmed that there are the right number of dashes, remove them, and make sure that the resulting string is a number (you may or may not need this logic depending on the format of your input SSN.
        inputSSN = inputSSN.replace(/-/g, "");

        if(!isNaN(inputSSN)) {
            //Test the input SSN against our regex to ensure that it doesn't contain any disqualifying combinations.
            if(!ssnRegex.test(inputSSN)) {
                //Make sure the input SSN isn't just a repeated number
                if(!repeats.test(inputSSN)) {
                    //If it lands inside of this, we know it's a valid option for a social security number.
                }
        }   
    }
}

For the ssnRegex logic:

The first section handles if the SSN starts with a number 900-999, 666, 000, or one of the known disqualifying SSNs mentioned above.

^(9[0-9][0-9]|666|000|078051120|219099999|123456789|123121234|321214321)

the second section ensures that the 2 digit portion isn't 00

^([0-8][0-9][0-9]00)

The third section ensures that the last portion isn't 0000

^([0-8][0-9][0-9][0-9][0-9]0000)

We additionally check to make sure they have inputted a number, and that they aren't just using a repeated number.

Answer 6

As of 2011 SSN's are completely randomized (http://www.socialsecurity.gov/employer/randomization.html)

The only real rules left are:

• Cannot start with 900-999 (although the Individual Taxpayer Identification Number, which can be used like an SSN by temporary residents and undocumented/DACA/DAPA immigrants in some situations, is in the same format and does start with 9)
• Cannot start with 666
• Cannot start with 000
• Must be 9 numeric digits or 11 with the 2 dashes
• Cannot be any of the known fakes;
  • "078051120" — Woolworth Wallet Fiasco
  • "219099999" — Was used in an ad by the Social Security Administration
• Many people exclude repeating an sequential numbers as well, although these are now technically valid, and I feel sorry for the poor schmuck's who gets assigned these.