tags:

views:

1385

answers:

4
+1  Q: 

How to Check a (Canadian) SIN is a genuine SIN?

A Canadian SIN is equivalent to American SSN.

I am not asking for the algorithm to check if any given 9-digit number passes the validation of the Luhn validation.

The problem I have is some users are smart enough to generate a fake SIN that can pass the above validation, but the SIN would not exist in the government database.

Therefore, what I am asking is how I can check the given SIN number is genuine and actually issued by the Canadian Government. Is there any database/services you can get or is there any special algorithm you use to verify this?

Thank you very much in advance.

+4  A: 

That seems like data that's extremely unlikely to be made public. You will probably need to be a government agency to see a list of SINs.

Also, as Paul noted above, any algorithm which verifies whether a SIN is a possible candidate can also be used to manufacture SINs that aren't legitimate through brute force.

John Feminella  2009-08-19 18:46:47
A service wouldn't necessarily have to expose a SIN to the public in order to validate that it exists. However, even if such a service existed, access to it would still probably have to be controlled.
wcm  2009-08-19 19:00:09
@wcm: If such a service existed, all you'd have to do is run the algorithm Paul mentioned, querying each SIN in turn and accreting a list of the valid ones. Since there's only 1 billion possible SINs with 9 digits, of which at least some must not be legal SINs.
John Feminella  2009-08-19 19:13:01
+2  A: 

As an added note to John and Paul's answers. If there is an algorithm to generate SIN's and a database of assigned SIN's you could combine the two to search through and find a real SIN in fairly short order allowing you to gather a list of all active SIN's. In a pseudo code manner you could use ...

foreach(SIN in SINGenerator)
{
    if(govtdatabase.verify(SIN) == true)
    { store into file as valid SIN }
}
Scott Vercuski  2009-08-19 18:53:25
+1  A: 

I don't know about Canada, but here in the Netherlands such webservices are only available to government related organisations, insurance companies, healthcare providers, etc.

I'm actually working with such a service at the moment. It's not just number validation. It allows retrieval of name, address, date of birth and so on based on the number.

It's unlikely something like that will be public. See also this privacy FAQ. Read it. It also contains information on valid uses for SINs.

Thorarin  2009-08-19 18:55:31
+2  A: 

Having worked with SINs before I do know that there's some correlation to the beginning 3 numbers of the SIN and the person's age. As well, there are some validation rules much like credit card numbers (which you've noted.)

With that said Why are you using SIN numbers? It is an extremely vital piece of information - If you have someone's SIN number you effectively are them - and should under no circumstances be used by anyone except for government related purposes!

Secondly if you have a legitimate usage of SIN numbers, are you familiar with PIPEDA? If not you should be!

Gavin Miller  2009-08-19 18:57:30
I am working in a project for a financial institution. The client has some fake SINs slipped through the cracks and now they want to be able to identify and validate against the fake SINs that are not issued by the government.
Ryan Liang  2009-08-19 19:09:09
Have you asked the financial institution how they validate the SINs? They ought to know if how they're using the information...
Gavin Miller  2009-08-19 19:12:05

related questions

Would you override ScriptControl or BaseValidator for an async ASP.NET validator control?
Handling HttpRequestValidationException gracefully and ASP.net AJAX compatible?
How to Dynamically Generate String Validation?
Validate email address in Javascript?
Data Validation Design Patterns
Strong Validation in WPF
How to evaluate an IP?
Validating a HUGE XML file
Validate (X)HTML in Python
ValidationRule To Enforce Unique Name
Checking if userinput is a valid URI in XUL
XML Parser Validation Report
Email SMTP validator
MVC - where to implement form validation (server-side)?
How do you remove invalid hexadecimal characters from an XML-based data source prior to constructing an XmlReader or XPathDocument that uses the data?
How to check set of files conform to a naming scheme
What's the best way to implement field validation using ASP.NET MVC?
How do I validate xml against a DTD file in Python
What's the best way to validate an XML file against an XSD file?
Problem databinding an ASP.Net AJAX toolkit MaskedEditExtender
Validating posted form data in the ASP.NET MVC framework
Best method for varchar date validation in Sybase (T-SQL)?
How important is W3C XHTML/CSS validation when finalizing work?
How far should one take e-mail address validation?
ASP .Net Custom Client-Side Validation