I think that is the best way to handle it as well.
With this approach one eliminates the strange distinction between numbers that are in the system,
and numbers that are not, but are still recognized by the system as valid.
_____

The biggest problem I see here anyway, is a dubious definition of SIN.
It just is not well enough explained to really work with by RAW in any halfway precise way.

What keeps me from just looking at the SINs of people around me and copying one?
Sure, it might not be a good match, but maybe it might, since I can choose whose SIN i display.
Why should I pay money for that? I can do it myself in a couple of simple actions.
Or is there a yet unmentioned mechanic that keeps me from displaying just any SIN,
or which keeps me from seeing the SINs other people are willingly displaying?



I explained the way in which I think that the Licensing system is too simplistic for the complexity the SIN system requires by fluff,
specifically for the purpose of 'forged papers', in the circumstance of infiltration situations,
which I undermined with hypothetical in-game situations.

Making it any clearer is impossible for me, since you do not mention where our disagreement lies.

As silly as it seems, I simply just didn't think about having all fake SINs use a valid (or once valid) SIN. Rereading this, and thinking about a SIN as meaning in one case a number and in another an identity, this makes sense.

Actually Bertramn, I think that Fake Licenses might cover the added cost if you are attempting to be in the wrong place at the wrong time.



Otherwise, you could vary the Availability a point or two if your players ask after more specific backgrounds for their fake SINs/Licenses.

Here's the way I run it in my games. I'm positive it's not by the book, but it works for me.

1. Any fake SIN will auto-succeed on a casual check. So, when you walk down the mall or across the street, you don't have to worry about random checks. I dislike random encounters, so my preference here is to avoid accidental diversions. I don't want my entire plot derailed just because a scanner got a lucky roll.

2. Related to 1, You only roll on a targeted check. Someone has to stop you and deliberately run your SIN before you have to worry. That said, this can happen frequently, like at checkpoints or secured entrances. If you manage to avoid being targeted, and instead go past an automated system that scans everyone, you pass.

3. Denver Rules are in Effect. Denver is a city loaded with border checkpoints, and I believe it was impossible to go through most of the Missions without passing at least two border crossings. That said, the Denver rule was that if you failed your SIN check, the border guards would detain you for a bit, harass you for an hour or three, then you could bribe then 500 nuyen or so and they'd let you go with a warning. So, if it's a routine check that still requires a targeted scan, even if you fail the penalty is merely a delay and a small bribe.

Again: this is what I've found works best for me. YMMV and all that-- these are my house rules, and definitely not RAW. However, I do think this is a good way to handle SINs, because it reduces the amount of rolling, and eliminates random checks from destroying a fake SIN, and turn a runner going for coffee into #1 Most Wanted.

Missed something, sorry.



I'm pretty liberal about things. For one, I assume any runner with a Middle or better lifestyle is smart enough to rotate fake SINs on a regular basis. I just mention it to them every time they pay Lifestyle, and tell them they can change the names on their fake SINs. The rating stays the same, though. If a SIN is burnt, it's lost, and they have to replace it a book cost. But changing the name-- trading in John Smith, Fake SIN rating 2, for Johann Schmidt (fake SIN rating 2) is just cosmetic. I'll assume they handled it automatically, and they "keep" a rating 2 fake SIN until it's burnt.

Runners with lower Lifestyles don't get this discount. Little harsh, but you have to get some benefit from a higher lifestyle, right?

As I said before, I can see the way Licenses can be used to make the background of the fake SIN you are using more believable, I can, but the kind of fake background I am talking about is one where it requires data-manipulation in the database of the facility you intend to infiltrate,
or databases in general, which are separated from the central SIN registry.

My hypothetical in-game situation -> You want to infiltrate an MCT-Arcology:
For you to not immediately raise suspicion in the Arcology, you need to display a SIN which the internal MCT system can distinguish from a legal civilian who does not work for MCT, or in that Arcology for that matter.
The MCT system has a registry of the people that work inside the Arcology, so it has a list of people that are allowed to be in there.
For this system to recognize you as a legal denizen, your SIN needs to be inserted into the Arcology staff registry.

It is all about forging data, to receive access.

A similar service might get you officially recognized as Knight Errant employees, with all the benefits this entails.
In this case, an entry in the Knight Errant database of the city needs to be made.

While this is a nice opportunity for your hacker to shine, there should be rules and prices for this service.
This might need to be combined with the Licenses in the end as well by the way.

I hope I have made myself a little clearer. (IMG:style_emoticons/default/biggrin.gif)

We have always handled such things as part of the legwork phase in our games.
We wanted to insert a Data Specialist into an MCT work environment. So we obtained ID (Fake ID Rating 6, Enhanced), hacked the foreign office to send transfer orders to the Hong Kong office for a Data Security Specialist (complete with historical background information) and then he just showed up for work from the airfield, just transferring in (passing all the required security and physical checks prior to being assigned a work pod. Worked wonders. Granted, the run was a long term insertion and we had built to this point over the course of about 18 months or so, but we needed internal access to the system for the final legwork on the ZZ we were aiming to infiltrate. Worked in the Tower for 2 weeks doing all manner of Security for the Tower Host. While I was thus engaged, I would run some private (and hidden) inquiries (using OTHER people's credentials - you would be amazed what people leave lying around the office), all the while collecting data on the ZZ and its defenses.

It was a fun infiltration. Took a lot to set it up, but it paid off in spades. (IMG:style_emoticons/default/smile.gif)

That is pretty ingenious, I gotta admit.

My point is though, that more stuff about Identity, and Security ID, as well as Background and such,
needs to be spelled out more clearly than it is.
The other SIN thread did not evolve into a debate of that magnitude, and with trenches dug that firmly,
for no reason. It is because the fluff is not clear, as it is written.

________________

By the way, if we assume that every forged SIN is a SIN which already existed in the system...
There will be SINs that are being used twice at the same time, once by the original owner,
and the other time by you.
What happens when you add a forged License to that SIN then?
Does the original owner just notice it after a while and go like:
'Well... I can not remember getting a diploma in theoretical physics,
or the authorization to use Magic in public for that matter...
I am not even a mage.'

Well, sorta. In my home games, I've seen lots of players figure ways around this.

If you can convince the system you belong there, you won't have a problem. That doesn't mean you need to insert a fake SIN, though. Spoofing one might work, which gives the decker something to do. Another trick is for the Face to convince a guard that your commlink isn't working, and get a temporary badge issued.

For one of my SR5 characters, his M.O. is to track down and mug the janitors. He steals their commlinks, and broadcasts their SIN to get into the building. It won't hold up under a detailed check-- I once stole the ID of a female dwarf, and my character is a human in a cowboy hat-- but it's enough to fool a low-rating system.

But how does "regular" SIN check work, then?

I have rethought things since this was written, but let me explain where I was and I'll explain where I am.

This is still valid and still works. Kinda like where a person refers to their computer case as the hard drive when its all those components, but you know what they mean.
Originally, my thought was (comparing to SR5, pg368):
Verification R1: Just check that it looks like a SIN in number format only. Ergo, 2-A looks legit, but no external checks.
Verification R2: Check to see that the SIN data (ergo 2-B) looks valid, but again no external checks.
Verification R3: Check external known/subscribed external databases for presence of SIN. No serious validity checks.
Verification R4: Check SIN against facial recognition input. (Is the SIN holder an older female troll of Chinese ancestry?) Is there biometric data on the SIN?
Verification R5: R4 + Check that SIN picture and other details match person presenting SIN AND finger prints or retinal.
Verification R6: The person presenting the SIN must match all the details on the SIN file. Also, those details are randomly checked against external databases for data conflicts.

After some thought and conversations about using real, registered SIN numbers for fake SINs and the fact that in the everything connected age of 2075, checks against the GSR should be easy to perform, I think I'll modify my definitions of fake SINs to be:
1. A fake SIN has a number in the GSR not in use by someone else, currently. ergo: It was inserted into the GSR by an authorized person (hospital worker, corporate records clerk, etc) illegally or it belonged to someone now dead, though the death has not have been properly reported. A valid SIN number that is used by a runner, unknown to its current owner is referred to as a stolen SIN.

Verification checks of those fake SINs then are modified to the following:
Verification R1: SIN number in the GSR = TRUE.
R2-R6 from above still hold true.

Now my outstanding question comes to be: What data from a SIN file, besides the SIN number, is or needs to be in the GSR?

I guess that bears a resemblance to today and any online records you hold ?

obvious basic fields like name and DOB.
state of origin, metahumanity, DNA scan, blood type and any health issues noted at doctors appointments.
magical nature and corporate allegiance (if sponsored by a corp for education etc.)

you can always ADD more data for Legal SIN people, I mean, why not .. you have nothing to fear right ?
upload or link credit history and your work history, travel records etc.

the SIN then becomes C.V. a living breathing record of your accomplishments.

OR for the more privacy minded folk, it has the pure basics that you need to pass validation. and nothing else .. in fact you have "people" actively trying to reduce your footprint in case of attack.

_

I guess legal SINs would need to be rated as well ... otherwise you'd have the proletariat able to get into pretty much anywhere ?
and no corp exec wants THAT to happen ..

or is that where licences come in ?
A sec licence
AA sec
AAA sec etc.

keep the masses segregated

As I just looked around for the answers, I noticed several things about SINs in SR5:


I guess there is no question as to what's in the SIN at the GSR.

The SIN itself carries some information, like birthdate, gender, etc. So, you could verify some stuff without checking the registry.

This is how I would envisage it too,

Low level scanners check for the "presence" of data in the base fields

mid level scanners check the presence of more data AND the validity of some of the fields against the GSR

Top level scanners CROSS check the presence and validity of more fields and possibly more databases to make sure the information is correct

Lvl 1 SIN = equivalent of a visual passport check

Lvl 3 SIN = equivalent of a roadside police license/registration check

Lvl 6+ SIN = Interpol database search against CIA/FBI records for a known offender

Agreed. Basically, the higher rating the check, the more details it tries to match. So, for a burrito at Stuffer Shack, it will just try and identify if the SIN is valid and if there's enough money to buy it. If you try to buy a car, expect to give biometrics and a genetic sample.

What keeps me from just looking at the SINs of people around me and copying one?

I would imagine some level of security (this is my opinion not RAW though)

take your Visa card,

YOU see - 1234-4567-7890-0123

the stuffer shack sees ***-****-7890-0123

the police scanner sees ***-4567-7890-0123

Your average joe that pings your comm in AR sees ****-****-****-0123 .. or actually it only sees Munchkin_kitty-Lover-23

Nothing, really. It's the levels of verification that matter.

Let's say you get my bank account number. There's a lot you can do with it, you can read my statements, for one. But what would happen if you tried to withdraw money? You couldn't to it at the ATM, without my card and my PIN. You couldn't at the bank, without supporting ID and/or a signature. So, even though you have this information, you can't do anything with it.

I always assumed a R1 check was basically a PIN. Minimum confirmation, like checking your license when you try and buy alcohol: they only give it a quick look, make sure there's no glaring inconsistencies. So, if you clone the SIN to a lady troll, they'll notice. Higher checks use more verification points, so they're even more likely to catch a quick fake like that.

Cain: Here to offer a counterpoint, Jeremy Clarkson.

Once again, this is the kind of topic where the answer depends a lot on the kind of setting you want.
If you want runners to be outcast with no chance of blending in for long in society, you can't have long-lived fake SINs. You need them to be cheap, expandable and quite easily defeated. SINs will be the social equivalent of maglock pass, and there will be little to no bookkeeping.
If you want runners to be able to fully interact with the SINner world, you need to have fake SINs that can stand a daily usage. In that case, the SINs will be mostly a way to manage the runner's identities and a way to "punish" a runner who made a mistake/didn't stay below the radar.

The first will work wonder in a pink mohawk setting, the second will be better for a black trenchcoat setting.

You can't have one good rule that will fit all. You could have both short and long-lived SINs in the same setting, but then you don't know what you're playing anymore and you'll have one half of the table that will happily pull out the rocket launcher in a AAA neighborhood, instantly destroying the carefully planned and detail secret identiites of the other half, and this won't end well.

Actually, there's many places that do similar things. McDonalds doesn't run PINs for purchases under $25, so if someone stole my card, they could get $24.99 worth of imitation food several times a day.

Still, it generally takes more than just the account number to get you. Usually you need more, like a debit card or some form of verification.

I would think that nothing really stops someone from copying the SIN number, like finding out an SSN. I play it that creating a SIN file (for loading on your comlink) using that SIN number is where the "creating a fake SIN" comes into play.

One possible idea for more secure SINs:

A "SIN" consists of a public/private key pair, used as part of an asymmetric key encryption system. What you broadcast (to whatever extent this is required) is your public key, and a frequently updated simple timestamped geolocation tag that's been encrypted using your private key.

If something is encrypted using your private key, it can be decrypted using your public key. So, it's very easy for someone to verify that you really have both parts.

But, as long as no one gets your private key, they can't believably walk around pretending to be you.

Unless you or your players are CS majors, this is basically just technobabble, but maybe it works as plausible sounding technobabble?

Wouldn't that be closer to using a Stolen SIN since you are using an already active SIN for yourself?

Plus I suspect Bertramm is implying why would you pay 2500+ for what amounts to copying some other guys SIN and using it for yourself however briefly.