Social Security numbers visible in Simplifi SS direct deposit transactions
We are retired on Social Security. I use Simplifi to budget our fixed income. SSA direct deposits into our PNC account. Unfortunately SSA uses SS numbers in the direct deposit routing. PNC masks SS numbers with xxx in the PNC customer’s view. Apparently, it’s not masked when Simplifi downloads the transaction. This results in Simplifi transactions containing SS numbers and also SS numbers in the email notifications. I created a rule to rename the SS transactions and remove the SS numbers. Can Quicken Simplifi duplicate banks masking of SS numbers when downloading into Simplifi? I can’t be the only person noticing this.
Comments
-
Wow, I find that hard to fathom. SSA has never put a social security number on our direct deposits and I would think it would be against their privacy rules.
Here is what our bank downloads and a description of it from AI Search:
"SSA TREAS 310 XXSOC SEC PPD" indicates a direct deposit from the US Treasury on behalf of the Social Security Administration. This is a legitimate payment for social security benefits—such as retirement, disability (SSDI), or survivors benefits—and often represents a retroactive payment, cost-of-living adjustment (COLA), or annual adjustment.
In addition, if PNC is masking the number with xxx's, Simplifi would have no way of knowing how to fill in those xxx's when it downloads the bank's payer information.
I hope you can get to the bottom of this.
Steve
Quicken Simplifi (Safari & iOS) Since 2021
Quicken Classic (MacOS) Since 2009
MS Money (1991-2009) and Dollars & Sense (1987-1991)0 -
Hello @MSM,
Thanks for reaching out! I agree with @SRC54 here. I am not sure Quicken Simplifi would be able to differentiate between what is an SSN and the rest of the Payee. Have you contacted your bank regarding this issue? I would also have you verify whether the SSNs appear when you download and view the transactions in a CSV file from the bank's website. Let us know!
-Coach Jon
0 -
My social security deposits look a little different from SRC54's. Both on the bank website and in the original statement name ("Bank Payee" field) in Simplifi they look like this:
SSA TREAS 310 XXSOC SEC *********** SSA
Note the series of "*" in mine which SRC54's deposit doesn't seem to have. I have always taken that to represent my masked SS number (although it could be some other masked account identifier).
I assumed the bank did that masking it because I couldn't imagine why the SSA would bother to include it in the transaction if they were going to mask it anyway. The bank uses similar masking for the account numbers of accounts to which I transfer money.
DryHeat
-Quicken Classic (1990-2020), CountAbout (2021-2024), Simplifi (2025-…)1 -
This is PNC’s description for the SSA direct deposit transaction:
“SSA TREAS 310 XXSOC SEC ACH CREDIT X(Redacted - last 4 SSN numbers)SSA”
This is what Simplifi reads at the bottom of the SS direct deposit transaction:“Appears on your PNC Checking statement as ACH CREDIT (Redacted-ACTUAL SSN) SSA TREAS 310 XXSOC SEC (Redacted-ACTUAL SSN) SSA XXSOC SEC SSA TREAS 310.”
So you can see a discrepancy between what the PNC customer sees and what Simplifi downloads. Although PNC masks SSNs for the customer, Simplifi is able to download the actual SSN. Simplifi includes the entire PNC transaction description to the Simplifi client without redacting SSNs. The problem is the email notifications that include all of the above and are transmitted via unencrypted email.
0 -
Hello Coach Jon!
I located the PNC CSV download page and viewed the export. The CSV export file from PNC did not contain the full SSN, just the last four numbers. In spite of that Simplifi reads exactly as I posted before at the bottom of the transaction where it always says exactly what Simplifi downloads from the financial institution. It seems Simplifi is getting our SSNs from somewhere.
I did call PNC previously but didn’t come to a conclusion. They told me to contact the vendor.
0 -
Hello @MSM,
Thank you for the update. It appears that this is how the data is sent to Quicken Simplifi when downloading transactions from this bank. Since we cannot access a specific user's Social Security Number in this situation, the application would not be able to distinguish between a masked and an unmasked Payee.
I wish I had a better answer for you!
-Coach Jon
1 -
This is what AI says FWIW:
The Social Security Administration (SSA) does not add any part of your Social Security number (SSN) to online or electronic payments received by beneficiaries.
Direct deposit payments use your bank routing/transit number, account number, account type, and SSN Claim number (which differs from your SSN) for setup and verification, but the SSN itself is not included in the payment data or transactions
So are you SURE those numbers are your social security numbers? If so, it's probably your bank that is doing it, and that's really dumb. I think I would contact Social Security Administration if the number is being divulged somehow.
For my clarification, is the entire number being downloaded into Simplifi or just the last four digits? I sure hope it's the latter; while that is bad, a lot of businesses do use your last 4 digits of your SS number for identification. But they shouldn't.
Steve
Quicken Simplifi (Safari & iOS) Since 2021
Quicken Classic (MacOS) Since 2009
MS Money (1991-2009) and Dollars & Sense (1987-1991)0 -
Yes, they are exactly our FULL SSNs followed by an A. Not just the last four numbers.
This is what I discovered about Social Security Claim Numbers. “It consists of a nine-digit Social Security number (SSN) followed by a suffix that indicates the type of benefits the claimant is eligible for@
In every way I view our PNC Bank account online or download a CSV the only numbers I can see is the last four SSN’s.However, Simplifi is able somehow to download the entire transaction description including the FULL SSN. I know this because Simplifi includes our FULL SSNs in Simplifi’s transaction description and at the bottom of the transaction which starts with “Appears on your PNC Checking…..”
I’m curious if you or anyone who has Social Security direct deposit would report on what Simplifi says at the bottom of the direct deposit transaction. Does it display the full SSN, masked, just the last four numbers. Maybe it’s just PNC Bank that is doing this.
0 -
@MSM. Thanks for confirming. Very curious. Good luck with it. PNC needs to truncate this. I have a friend who banks with PNC and he is on SS, but doesn't use Simplifi. I can ask him to check on the PNC site to see if it shows his SS number.
At least you are the only one who should have access to this data since it is on your bank site and in your Simplifi account. You can also turn off the email notification within Simplifi and just use in-app notifications.
Steve
Quicken Simplifi (Safari & iOS) Since 2021
Quicken Classic (MacOS) Since 2009
MS Money (1991-2009) and Dollars & Sense (1987-1991)0 -
I’m curious if you or anyone who has Social Security direct deposit would report on what Simplifi says at the bottom of the direct deposit transaction.
You may have missed it, but I did exactly that in this post yesterday:
It certainly sounds like your bank is embedding your SSN in the Payee text downloaded by Simplifi. I doubt that Simplifi will be able to set up a system to delete that. I'm not sure how they could reliably sort SSNs out from the various numbers in the Payee text of other transactions.
Is there any way for you to contact PNC and complain about this security breach? I think if you phrase it as exactly that — a security breach exposing your SSN — they might take notice.
DryHeat
-Quicken Classic (1990-2020), CountAbout (2021-2024), Simplifi (2025-…)2
