validating social security numbers

2019-10-01

 | 

~2 min read

 | 

375 words

I continue to be enamored with the power of regular expressions — a feeling that only grows the more I understand them.

Today, for example, I needed to validate Social Security numbers. This, it turns out, is a fantastic use case for regular expressions: a somewhat complicated pattern that can be distilled into relatively simple rules. Let’s see how.

So, what makes a valid Social Security number anyway? The rules per Wikipedia1

Prior to June 25, 2011, a valid SSN could not have an area number between 734 and 749, or above 772, the highest area number the Social Security Administration had allocated. Effective June 25, 2011, the SSA assigns SSNs randomly and allows for the assignment of area numbers between 734 and 749 and above 772 through the 800s. 34 This should not be confused with Tax Identification Numbers (TINs), which include additional area numbers. 35

Some special numbers are never allocated:

  • Numbers with all zeros in any digit group (000-##-####,###-00-####, ###-##-0000). 36 37

  • Numbers with 666 or 900–999 ( Individual Taxpayer Identification Number ) in the first digit group. 36 Until 2011, the SSA published the last group number used for each area number. 38 Since group numbers were allocated in a regular pattern, it was possible to identify an unissued SSN that contained an invalid group number. Now numbers are assigned randomly, and fraudulent SSNs are not easily detectable with publicly available information. Many online services, however, provide SSN validation. Unlike many similar numbers, no check digit is included.

Now, for validating. A simple checklist of rules. A valid SSN will:

  1. Not start with 000, 666 or a 9 (we’re only up through the 800s at this time)
  2. Have be nine digits total
  3. May be separated by dashes

So, a regex expression to capture these rules might look like this: /^(?!(000|666|9))\d{3}-?(?!(00))\d{2}-?(?!(0000))\d{4}$/.2

To use this as a quick validation of an SSN in Javascript, you might do the following:

const validSsn = (value: string) =>
  value &&
  /^(?!(000|666|9))(\d{3}-?(?!(00))\d{2}-?(?!(0000))\d{4})$/.test(value)
    ? true
    : false

Footnotes



Hi there and thanks for reading! My name's Stephen. I live in Chicago with my wife, Kate, and dog, Finn. Want more? See about and get in touch!