Social Security Masking

Posted by BAS - 04 April, 2012

header-picture

As part of BAS' continuing effort to creatively enhance the security of MyEnroll.com, the first 5-digits of an employee’s Social Security Number (SSN) is now masked when the employee is logged into his or her own account.

An employee may confirm their complete SSN in MyEnroll.com by clicking the “Reveal” link associated with the SSN on the screen. The reveal link will initiate a pop up window in which the employee will be prompted to enter their complete SSN. If the SSN they enter matches the SSN in MyEnroll.com, they will be presented with a message confirming the match.

The Social Security Number Reveal window times out in two minutes, automatically (this will not affect the rest of the user’s session in MyEnroll.com).

Why do Social Security Numbers Need to be Masked for Employees Logged into their Own Accounts?
When an employee is logged into MyEnroll.com and using the Employee Home Page, their personally identifiable information (“PII”) (name, home address, SSN, date of birth, etc.) is completely visible. However, it may not be easy, or possible, for the employee-user to prevent nearby coworkers and others (e.g., visitors) from seeing the PII displayed on the employee’s screen. Therefore, to protect the employees’ Social Security Numbers from such viewing, MyEnroll.com now displays the SSN in a masked format.

Confirming the Complete Social Security Number when Masked
When an employee wants to confirm that their masked SSN represents their actual SSN, the employee can use the Reveal link corresponding with the masked SSN to expose the complete 9-digit SSN. The employee is required to enter their 9-digit Social Security Number in the input box provided within the Reveal window. If the employee’s entry matches the stored Social Security Number, MyEnroll.com confirms a match. If the employee’s entry does not match the Social Security Number stored in MyEnroll.com, MyEnroll.com confirms a mismatch. This confirmation process assures that if an employee leaves his or her computer unattended with Employee Home Page displayed and a passer by attempts to reveal the masked SSN, that there would be no way for that passer by to see the full SSN.

Topics: MyEnroll360 Security


Recent Posts

Question of the Week - Mid-Year Enrollment for Health Coverage

read more

OCR Reports to Congress on HIPAA Compliance and Breaches of Unsecured Protected Health Information

read more

Find your QELs in MyEnroll360

read more