Btukfyl

As of 2011 SSN's are completely randomized (http://www.socialsecurity.gov/employer/randomization.html)

The only real rules left are:

• Cannot start with 900-999 (although the Individual Taxpayer Identification Number, which can be used like an SSN by temporary residents and undocumented/DACA/DAPA immigrants in some situations, is in the same format and does start with 9)


• Cannot start with 666


• Cannot start with 000


• Must be 9 numeric digits or 11 with the 2 dashes


• Cannot be any of the known fakes;
  
  
  
  
  • "078051120" — Woolworth Wallet Fiasco
  
  
  • "219099999" — Was used in an ad by the Social Security Administration
  
  
  
  


• Many people exclude repeating an sequential numbers as well, although these are now technically valid, and I feel sorry for the poor schmuck's who gets assigned these.

Answer 5 years after initial question due to changes in validation rules by the Social Security Administration. Also there are Specific numbers to invalidate according to this link.

As per my near-2-year-old answer I also left out isNumeric(ssn) because the field is a numeric and already strips characters before calling the validate function.

// validate social security number with ssn parameter as string

function validateSSN(ssn) {

    // find area number (1st 3 digits, no longer actually signifies area)

    var area = parseInt(ssn.substring(0, 3));

    return (

        // 9 characters

        ssn.length === 9 &&

        // no set can start with zero

        ssn.match(/^[1-9][0-9]{2}[1-9][0-9]{1}[1-9][0-9]{3}/) &&

        // disallow Satan's minions from becoming residents of the US

        area !== 666 &&

        // it's over 900

        area < 900 &&

        // fun fact: some idiot boss put his secretary's ssn in wallets

        // he sold, now it "belongs" to 40000 people

        ssn !== '078051120' &&

        // was used in an ad by the Social Security Administration

        ssn !== '219099999'

    );

}

According to updated information there are no other checks to perform.

It's all at socialsecurity.gov: Numbering scheme, allocations, highest numbers updated monthly.

This is obviously an old post, but I found some ways to shorten it. Also there are a few specific numbers to invalidate according to this link:
http://www.snopes.com/business/taxes/woolworth.asp

Here's how I did it. I could have used regexes for repeating numbers, but with specific ones to invalidate we might as well add ones through fives to that list (over 5 will invalidate anyways due to area number validation). I also left out isNumeric(ssn) because the field is a numeric and already strips characters before calling the validate function.

function validateSSN(ssn) {

    // validate format (no all zeroes, length 9

    if (!ssn.match(/^[1-9][0-9]{2}[1-9][0-9]{1}[1-9][0-9]{3}/)

            || ssn.length!=9) return false;



    // validate area number (1st 3 digits)

    var area=parseInt(ssn.substring(0, 3));

    //  standard      railroad numbers (pre-1963)

    if (area>649 && !(area>=700 && area<=728)) return false;



    // disallow specific invalid number

    if (ssn=='078051120' || // fun fact: some idiot boss put his

                            // secretary's ssn in wallets he sold,

                            // now this is 40000 people's ssn

        ssn=='219099999' || // was used in an ad by the Social Security

                            // Administration

        ssn=='123456789' || // although valid it's not yet assigned and

                            // you're not likely to meet the person who

                            // will get it

        ssn=='123121234' || // probably is assigned to someone but more

                            // likely to find someone trying to fake a

                            // number (next is same)

        ssn=='321214321' || // all the rest are likely potentially

                            // valid, but most likely these numbers are

                            // abused

        ssn=='111111111' ||

        ssn=='222222222' ||

        ssn=='333333333' ||

        ssn=='444444444' ||

        ssn=='555555555') return false;



    return true;

}

As of the randomizing of social security numbers post-911, the entries in the 900 series and even 666 are now potentially valid numbers.

The only certain things at this point in time appear to be:

the first group of 3 will never be 000

the middle group pair will never be 00

and the last four will never be 0000

You can perform some testing by first testing to ensure that the numeric value of the entry is >= 1010001 [and < 1000000000] (a ssan of 001-01-0001 appears to be the lowest legitimately assigned). Then you can proceed to check for 00 in positions 4 and 5, and 0000 in the last four.

I know this is an old question, but for the sake of others looking for answers, I figured I'd add a quick javascript function for checking that a given SSN is valid.

function checkSSN() {

    var inputSSN = #YourInput#,

        ssnRegex = new RegExp("^(9[0-9][0-9]|666|000|078051120|219099999|123456789|123121234|321214321)|^([0-8][0-9][0-9]00)|^([0-8][0-9][0-9][0-9][0-9]000)$"),

        repeats = /^(.)1+$/;



    //make sure we have 2 dashes in the input Social Security number

    if( inputSSN.match(/./g).length === 2) {

        //Once we have confirmed that there are the right number of dashes, remove them, and make sure that the resulting string is a number (you may or may not need this logic depending on the format of your input SSN.

        inputSSN = inputSSN.replace(/-/g, "");



        if(!isNaN(inputSSN)) {

            //Test the input SSN against our regex to ensure that it doesn't contain any disqualifying combinations.

            if(!ssnRegex.test(inputSSN)) {

                //Make sure the input SSN isn't just a repeated number

                if(!repeats.test(inputSSN)) {

                    //If it lands inside of this, we know it's a valid option for a social security number.

                }

        }   

    }

}

For the ssnRegex logic:

The first section handles if the SSN starts with a number 900-999, 666, 000, or one of the known disqualifying SSNs mentioned above.

^(9[0-9][0-9]|666|000|078051120|219099999|123456789|123121234|321214321)

the second section ensures that the 2 digit portion isn't 00

^([0-8][0-9][0-9]00)

The third section ensures that the last portion isn't 0000

^([0-8][0-9][0-9][0-9][0-9]0000)

We additionally check to make sure they have inputted a number, and that they aren't just using a repeated number.

Here is my PHP version

/**

 * Validate SSN - must be in format AAA-GG-SSSS or AAAGGSSSS

 *

 * @param $ssn

 * @return bool

 */

function validate_ssn($ssn) {



    $ssnTrimmed = trim($ssn);



    // Must be in format AAA-GG-SSSS or AAAGGSSSS

    if ( ! preg_match("/^([0-9]{9}|[0-9]{3}-[0-9]{2}-[0-9]{4})$/", $ssnTrimmed)) {

        return false;

    }



    // Split groups into an array

    $ssnFormatted = (strlen($ssnTrimmed) == 9) ? preg_replace("/^([0-9]{3})([0-9]{2})([0-9]{4})$/", "$1-$2-$3", $ssnTrimmed) : $ssnTrimmed;

    $ssn_array = explode('-', $ssnFormatted);



    // number groups must follow these rules:

    // * no single group can have all 0's

    // * first group cannot be 666, 900-999

    // * second group must be 01-99

    // * third group must be 0001-9999



    foreach ($ssn_array as $group) {

        if ($group == 0) {

            return false;

        }

    }



    if ($ssn_array[0] == 666 || $ssn_array[0] > 899) {

        return false;

    }



    return true;

}