Unfortunately search terms under 3 letters long doesn't work, so it is tough to search SIN.


When purchasing a fake SIN, how does it come? On a chip?
Do you receive it as a download to your commlink? Can you house multiple fake SINs on a single commlink? or to be safe do you make it a package deal Fake SIN + Additional Commlink Setup.

A player noted that it would behoove the Fake SIN provider to make sure that it was provided on a relatively secure medium, less chance of anything getting back to the provider. ie: an at least middle grade commlink + decent Firewall. I can't fault his thought, but do you really want to get your hardware preloaded with a Fake SIN and OS from a hacker... backdoors away.

I can see the benefit as well as the problem with having more than 1 Fake SIN on a commlinkm hackers haven.
I can also see the benefit as well as the problem to having multiple Fake SINs each on its own commlinnk; money sink.

Why does the provider have to worry about stuff getting back to them? An anon email account sends you the SIN number, name, and whatever fake history is behind it. It's not the actual number that is that important, it's the data in the collection of worldwide databases. When a cop asks you for your SIN, you give him the fake number, he looks it up online and gets a bunch of pictures, fingerprints, etc that look like you, so the SIN must be yours, right?

So you can house multiple fake SINs on the same commlink and just choose which one to give out when someone (or some agent, or whatever) asks you for your SIN. Of course, someone hacking your commlink might discover your collection of fake sins, but then again, maybe not. It's probably also possible to simply remember your several fake SINs, and manually input whoever you wanted to be into your commlink.

The SIN is a number, really -- that's what the "N" stands for. The "S" is for the system that the number is stored in. A fake SIN is "present" on numerous secure (well, mostly secure) databases, which is why you can't just make your own. You pay to have that information, and to have the biometric data massaged to resemble your own. It's not a thing like a car or a krill burger or a gun; it's data stored in various places. The rating corrseponds to how those data hold up to scrutiny.

A 'Fake SIN' is just a data package, with names, backgrounds, telling you what the description and fake biometrics if any are, etc, that has hooks into one or more valid SIN issuers databases which could be whoever (Ares, UCAS, or indeed an expired corporation (a favorite choice as it is totally impossible to validate most of the history and many, many people are in the same boat so its not even remotely suspicious)).

When someone gives you a fake SIN they have any number of options, including copying it onto some cufflinks and sending you a present, leaving it in a matrix dead drop and telling you where to get it, sending it via a data call, whatever.

Using two SINs on one commlink is completely retarded as the cops know at a glance that A) one is fake and B) that they should get right on arresting the shit out of you for fraud.

Changing SINs in a public place is also retarded, as some system might notice, and that gets you arrested. Its risky to change in a mall (even in the toliets) because they may (if they are looking, which is by no means a given) notice that Jane Citizen went in, but Joe citizen came out.

So if a cop or any other person running a SIN check sends a confirmation request, and gets back info matching the person with the SIN... then that means that the database has the biometrics of the subject. Which implies that if you get a fake Evo sin, *your* biometrics go into both Evo and SIN registry databases. Which means that if Evo ever gets your biometric data any other way, and spend the resources on cross-checking databases, then they'd be able to connect the two instances of matching biometric data.

Which means don't ever get a fake Aztechnology SIN, and if you're a troll or orc, don't get a Renraku or MCT SIN, unless you happen to trust those particular corps with your biometrics.

Yeah, this is the thing that people where banging on about in the other thread. I have it work like this:

Corps and governments will not ever, ever under any circumstances let anyone run a broad based check against their SIN-base (So all EVO SINs are held on an EVO master server somewhere). The only thing people outside of EVO's top security people are allowed to do is give a set of biometrics, and a SIN, and you can see if they match to authenticate. But thats no good if you want to match the DNA you found on the crime scene to someone, which is intentional. Ares' don't give a toss if Evo cannot find out who assassinate the CEO/blew up the research plant/whatever. They don't want Evo to know either and want to make it as difficult as possible to find out.

They will let you scan their databases of criminal SINs though no problem however, especially anyone they have a warrant out for.

Your statement seems to imply that there is a single repository of SINs somewhere. I don't think this actually has to be the case (though nothing says its not) as all these people are seperate nations, they like nations today probably keep that information themselves, and let other people check against it.

The justification for me is that they are so paranoid, is that the request might be for something else - say Ares extracted a Renraku scientist, Renraku might run a DNA scan for the guy so they can find his new ID so they can steal them back. Or it maybe they are preparing to run a ritual team against the DNA sample and want more info. You never know. So they don't let anyone find out.

There's not a single repository, and more importantly the data are shared across different repositories, which is why it's hard for one hacker to fake it -- changes have to be made everywhere before they're cross-checked and spotted, or something like that.

bingo, one database may have entries like this:

SIN: 1234567890
first name: joe
last name: wageslave
date of birth: 01-01-2034

while another have something like this:

SIN: 1234567890
fingerprint hash: AAB3FF2746

and a third:

SIN: 1234567890
bank balance: 10000 ares scrip

and so, when joe goes to get a soycaf off the office vending machine he press his finger at the sensor, send over his SIN number and the machine checks database two for verification of print hash, and then deduct the amount of scrip needed from database tree.

Yeah, I echo most of the comments above. Corps guard their databases, so you are not getting a free ride cross-referencing their data.

SINs are out there all over the place. What makes the SIN work are the details. I've had players hack an NPC's comm and grab a ton of their information. They then overwrote the comm data with a bunch of crap and started broadcasting the NPC's information. Now, none of the biometric data would match, but depending on where it was being used, you might not need much. As it wouldn't be that hard to purchase everyday goods using that SIN as long as you had funds (which would likely be re-routed out of your own accounts) to pay for them.

But, if the two were together and got scanned, it would be too hard to tell who the SIN really belonged to.

Actually changing SIN's in a public place is the best place to do it. The more crowded the better, just switch your commlink to hidden, swap your SIN's, and then switch it to public again after a few minutes. Changing it in a back alley where noone is there is the worst place to change it, because then there's not the crowd of people to wonder which one it is. Just the single guy standing there.

As long as you aren't in a place where it is incredible illeagle to be operating in hidden mode. But even then with an easy con check, you can just tell the person who stopped you that you were getting really irritated by the pop-up ads. Flip your commlink back to public and there are no problems. I've directed teammates to do this before. Left a junk commlink in one room broadcasting his Fake SIN (with spoofed cameras), so he could operate in another part of the building without anyone knowing he as there. Then when we were done I shut down his junk commlink and as soon as a guard stopped him for not broadcasting, he just had to flip his commlink out of hidden mode, and apologize to the guard. He's fairly computer illiterate for a character, so him accidently switching it into hidden wasn't much of a stretch for him in the con check

Uhmm... Thats a good way to get yourself busted. Unless you have a new comlink number to go with it. I've had characters busted because they considered a cheap (nonrun) comlink as disposable and had a few fake SINs in it. Turns out the system gets interested when comlink #345r34f ownership changes from Bob Johnson to John Smith. Freaking Sec team was able to ferret out 3 of my fake SINs that way.
"We know that his com number is #345r34f. Tracking data shows that number has been used by these 3 SINs in the last 48 hours. Flag them all as fake and send out an alert next time the comm number shows up."

Needless to say from then on I had a one SIN per comlink limit from then on in.

Depends on the records and how it's done. Both the data available and process can yield vastly different results

Consider a system with biometric data and multiple SINS for a Runner X.
Assumption 1 - SIN is a unique single value, it will either match or not.
Assumption 2 - Biometric data is inherently fuzzy, you can get degrees of matching.

SIN 1 + Runner X Biometric
SIN 2 + Runner X Biometric
SIN 3 + Runner X Biometric
SIN 4 + Runner X Biometric

If you send the system SIN 1 + Runner X Biometric and ask it if it matches, it will say "Yes"
If you send the system SIN 2 + Runner X Biometric and ask it if it matches, it will say "Yes"
If you send the system SIN 3 + Runner X Biometric and ask it if it matches, it will say "Yes"
If you send the system SIN 4 + Runner X Biometric and ask it if it matches, it will say "Yes"

If you send the system Runner X Biometric and ask for a match, you will get at least one. At this point it would depend on the protocol, it could easily offer a selection of SIN to choose from, or offer the "best" match, or the top 3 matches. (Note in the RAW the advice of an additional dice check for SIN verification that is a result of this type of scenario. Also look at situations where you are asked to provide corroborating identifying information in your day to day activities. It happens every time I go to my doctor, they ask for an additional piece of data from me to verify they are billing/pulling medical records of the right person. They need more then the exact match on the data I initially provided.)

There's plenty more variations that easily allow for a "dumb" remote query to allow a fake SIN to pass, and it would take a significant effort and data analysis for the fake SINS to be detected and removed. Keep in mind that there are always legitimate positive matches of biometric data between different individuals which always creates room for fuzziness in matching routines.

Think of a simple SIN checker as a box with an idiot light that goes red or green, and the more sophisticated SIN validators providing a higher level of detailed analysis.

When dealing with billions of people and non unique matching values it's not so simple to get exact results for matching.

I believe its a complex action software check to change your commlinks ID. Threshold 2 if I remember correctly. Commlinks change ID's easier than runners.

The problem I had was that I kept the same number because I was expecting a call from a contact. My ex-ganger never changed the number because he was afraid people wouldn't be able to contact him. My GM was nice, because it is the type of screwup that a newbie runner would make and it wasn't egregious. I lost 2 lvl1 SINs and a lvl 2 SIN.

Honestly I don't know to many players who remember to do that, unless of course the GM forgets that means the EVERY contact and player has every Com Code for each fake SIN.

Pass contacts through a randomizer node, not only does this make your number nearly impossible to track. All you have to do is goto the randomizer and put in a change of number for it to route your calls to. One change, not all your contacts. I'd also assume you could have multiple numbers on the randomizer, so any call will be sent out to all of those mailboxes.

Maybe I've just done alot more fluff reading and rules reading of the matrix, but changing ids and connections are really simple in 2070.

nice approach Nwalker. It really pays off when one starts thinking and makes the whole game world much more consistent.

Cheers!

Max

I subscribe to the logic that a SIN number is just an authority-issued number (I hesitate to use the word "government") that holds your government identity. Everything else is just attached by secondary authorities. The bank account attached to your SIN has absolutely nothing to do with whomever your issuing authority is. I would actually think that the more that you attach to a SIN, the more veracity you attach to it. It obviously presents the risk that if you bust on your SIN, you lose your cash.. but what runner keeps money in a real bank anyway?

earlydawn, bingo

on that note, im starting to suspect that every service provider in SR keeps a record of its customers for a indefinite time. for one, storage is cheap, and one can always make a extra buck by selling the data to a datamining company.

so expect your kindergarten to keep a record of your years there, along with the record of your parents SINs and so on.

also, the changing id by keeping accessid stuff, change it to but route all calls vis 1 or more forwarding services, services that dont care if you change the accessid ever so often

*sigh*
I guess my problem is that that is how deckers and "professional" shadowrunners do it. My ex-ganger phys adept has a hard time doing math, preferred to have his fixer handle is money for him "For safekeeping. People rob banks, no one robs Uncle Tony. Besides do you want some hacker stealing all your cash?", and can't figure out how to turn the AR spam filter off on his commlink.

If it had a clock, it would be blinking 12:00.

So while all these tips and tricks are great for deckers and maybe some Sams, where is the line between meta-gaming and they way professionals operate?

Its pretty much survival. If you can't figure out ways to cover your trail, especially since most of what I've said are available through shadow services. You could probably get a hacker to write you a simple program to change your identities on your commlink easily. If you can't figure out ways to do this, whether doing it yourself or trusting someone else to do it, how can you expect to live long? Why do gangers only mess with other gangers, because the other gangers have very little chance of one upping them. If you mess with a corp you need to be on top of your game or you're a short lived runner.

You'd be suprised how much you can actually trust your hacker with. Most hackers would gladly help you provide security on your commlink, because if you get caught you're likely to bring the whole team down with you. All it takes is one commlink with bad security and they are in your groups communications, either listening or filling it with static so you can't even communicate. In 2070, if your a runner its expected that you know the ins and outs of your own commlink. Only a hacker needs to know the ins and outs of everyone elses.

so have the hacker deal with the comlink like the fixer/face deal with the cash

Like I've said before, not a whole lot of reason to go into a high security area where you need a comlink. He dealt with the security aspect buy hiding and living very deep in the Barrens. He was great at dealing with gangs and people in the Crime Mall, but he had a nightmare of a time going shopping for a nice dress for his mother (and this was in the Ork Underground).
I guess its more of a thematic issue and RPing. He let the face do his thing when it was time to talk in the civilized areas, but he was the face in the street.
As for dealing with the corps, there are TONS of ways to deal with that on the low tech. My ganger carried a squeeze bottle of bleach on every run to nail bloodstains with, primarily wore flats and gloves on runs, made sure we shaved almost all the body-hair he could off before a run and scrubbed loose all the loose skin, never cared anything on a run that he had a personal attachment too (even the gun he carried was discarded after every un if he had to use it. He was a throw adept and tended to use cards).

he did have one commlink he ONLY used for runs and the rigger configured that for him every run. And there one only 1 SIN on that and it was flimsy as hell.



I guess we never really cared that much about our commlinks. We just had a good firewall on them and used them sparingly on runs. Are people much more reliant on them in their games?

With all the extractions one would expect that multiple SINs would be a relatively common occurence; don't want your old employer to track you down by watching people accessing their database, nor get you into trouble by criminalising your SIN.

There are tons of useful things you can do with a mesh of commlinks and a couple hackers!!

I have a group of players who are scanning / datasearching / hacking cameras and relaying info and positions all the time. A Matrix integrated group has a huge tactical advantage in the field, especially in Corporate Enclaves like this one campaign is. Of course, the team works for the government, so needn't worry much about erasing their tracks and all... (for now)

Cheers!

Max

yep, working for the big dog has its benefits. gits:sac keeps coming to mind as an example. most likely as its tech presentation is very contemporary, and kind of SR4-like if one think of the implant comlink as a cyberbrain

i guess the best bit is when they borrow a echelon sat to track every phone call in japan in real time, looking for a guy

I guess it's all about how oppressive you want to make your universe. I like my universe pretty oppressive, but not 1984-oppressive, so if a runner gets a second SIN, it's going to have to get a lifestyle to accompany it, an apartment and everything that surrounds that; it has to have proper energy consumption, because if the energy-bill is nonexistent, then perhaps questions could be raised. It needs to run like an active household, so food needs to be purchased and delivered, commcall costs (if applicable) need to run up, insurrance bills need to be paid, water needs to be run, etc. etc. Not just that, but this person needs an income, a job, and the money to support the lifestyle needs to come from somewhere. So either your fixer needs to find a bullshit job down at the docks and pay off a small company to keep you on the books and send you a monthly or bi-weekly salary, or your decker needs to find a loophole in some company administration somewhere. All in all, getting a fake ID that's going to hold up under scrutiny is a massive undertaking and requires upkeep and, in my universe, shouldn't be as easy as just injecting a new SSN into a government database.

I never really understood how multiple fake SINs work, especially when it comes to biometrics.

I'm working with large databases in real life. With the processing power and storage available in 2070 it shouldn't be too hard to implement some kind of crosscheck that searches a fingerprint database for other matching SINs, when a biometric sample is compared to a sample in said database. A runner would have a lot to explain, if the check returned three different SINs matching his fingerprints.

It is possible to encrypt such data in a way that makes comparisons between the samples impossible. But why in this case? The only ingame explanation I can think of is, that the SIN system is left insecure deliberately.

I think a previous post on corps not allowing access is the best fluff. You're right, that if everything was in a single database, it would be easy to cross-reference...or even multiple databases...but I think the sticking point is the access. Corps aren't going to be sharing all that data with other corps...

That could be an explanation. But not a good one, because it only works under the assumption, that the fingerprint for someones ID #1 is never stored in the same database as the fingerprint for his ID #2.

High security places would be stupid not to save id verification data. That means using another ID with the same biometrics in the same compound should always trigger an alert. Given 2070's technology that should even work on a government- / corp-wide scale.

stupidity is rampant in SR

but then i would say that its the same in real life to...

True, but your talking the same government/corp. I'm talking about spanning different government/corp properties/compounds. Assuming I have two SINs, one registered in the NAN and one in UCAS, they may share some data, but I don't think they would share all of it. And depending on what that SIN is being checked for, they may not need fingerprints, just a valid ID and funds...

Again, I think its been said before, that when it comes down to it, SINs are rated 1-6 and people can have multiple ones that work. Like many things SR4, its abstract. You have tests to verify validity when you need to and when you are at the gaming table, that is what matters, not the fluff.

Unfortunately I think this happens to be one of those issues that you gloss over.

Logic dictates; technological progression based on today will give us *at least* what is presented in SR4 as ID/ Security measures. That being said, maybe Corps will not share the ID data they have, but unless that majority of SIN holders are pent up in Arcologies, then multiple databases will be established eventually with the majority of data identical.

The SIN will have a basic set of required Identifying measures, else by nature it would be severely unreliable. If that SIN has some basic features: Name, Birthplace, Nationality and so on (I don't recall the list as described in the BBB regarding what the SIN Number actually contains.) Then those basic features should always be accessible.

If a SIN requires more information to be valid, such as DNA, Biometric and so on, then that information must be accessible else the SIN is invalid.

Now lets take an exec level legal SIN: Outside of the corp the SIN is just as legit as everything else with its basic information. With-in the Corp, however, the SIN is tied to more restricted access, so the biometric data is required and accessible, but only with-in the Corps DB.

Fake SIN: Outside or inside any Corp the SIN will operate as per a normal level access (ie: public) legal SIN, until it fails a security check. At this point we assume a legal SIN never fails (unless the main DB is hacked to make sure it fails) but it goes through the same check as Illegal SINs.
However, if that SIN is to be tied in with higher security measures in a specific Corp or Government, then that specific DB must be hacked for that specific intent, implanting the required Biometric data.

At that point multiple SINs that require Biometric Data within the same private DB should be flagged instantly. It isn't inconcievable that the Corp or Government isn't running a simple background compare utility on its DB. Flagging duplicates of any and all information, based on multiple instances of duplicate info. For example:
I get mail to Jon, John, Jonathan and Johnney. All the other information is largely the same so all instances that are not the majority (I say vast majority, as close calls would be manually verified) would be auto corrected. High security SINs with indentical biometrics would be flagged for followup with simple verification.

Basically if you have 2 fake SINs for Corp XYZ and *both* have biometric data that is the same, one of both of the SINs are hosed before you even attempt a use.

As far as how often or how does the biometric data get sampled from you? Assuming technology advances nothing will be as crude as we have it today, It may simple be a specialized spectrometer or similiar tech. Scanning you instantly and comparing that data, I would hazzard to guess that those would not be single stand-alone gateways, but tied into the general wireless security system and network of the place you must have the biometrics to access. IE: so ingrained and constant that it would be nigh impossible to not be scanned. I imagine a very good hacker that managed to hack and control the entire host may manage to disable that specific feature. But if thats so, then why even worry about getting a fake SIN with implanted biometrics?

Back to the logic and theory: if biometric data is required in public, then all levels of fake SIN should require it (since legal SINs have no level... they just have the required data). And all that required data is accessible publicly though any check system. The data should be consistant across public SINs (fake and legal) ie: no blood here, retinal there, fingerprint over yonder. That also implies a check for such data, else why require it.

Lets face it, we are not talking about alot of data to check through particularly in 2070. Little to no calculations are needed just a simple does X = X, y = y.

I know the thought is about small errors being so common that this simple method would not work. My argument is if the system has so many errors that a simple X=X check won't work then the system won't work period. What would be the point of the level of security and connectivity and dependence of SR( the game and SR the gameworld) on a system that can never be reliable.

That is beyond red tape, forms in triplicate or beauracracy in general, that is a people truely insane and should consider letting the horrors in to start over.


Post Scriptum:
The way I traditionally handled SINs (SR3 style) was that they hardly came into use, except for legally purchasing items, or the occasional security check for border crossings or passing through an A+ area while driving an inappropriate vehicle/ clothes and so on. (Americar driving through areas full of Mansions).

Any specific SIN use, infiltrating a corp, was a specific access key code + employee SIN Bundled together. typically limited use type things.

SR4 wise, I believe I will have to do the same, and assume that wireless isnt constantly being monitored. And datatrails are not as 'blinking sign' like as discribed.

I think that the whole shadowy-networks-that-make-fake-SINs thing should be able to cover a lot of that. They've got teams of hackers and guys on the inside.

one thing that a lot people dont think about is the fact that there is a limited amount of DNAs (iffy wording but there are a set number of possisble bases) meaning that there could be a dance even now for your DNA to be held by not just you. Now if you take into acount population growth these numbers make it lily to be more people than possisble DNA combinations. Pula finger prints and irises aren't 100% indervisual meaning that in the 2070s cross checking could be redundant due to these factors. That my two cents.

Not really all that likely; the genome is too large (6 billion is nothing compared to the size of the genome, even the bits that actually matter to the differences between perfectly healthy humans).

I point again to the fact that we know that some people will work for a new employer, leaving their old one with hostilities flaring. Since their previous employer was also likely their nation, they would want to be a full citizen of their new employer to prevent their previous employer from pulling something to inconvenience them. So, multiple SINs are likely to be an occurance that pops up every so often and one should expect systems to be able to handle multiple SINs automatically.

Most SIN checks are going to be attempting to identify fakes or criminal suspects anyway, the procedure is going to be as unintrusive as possible because it needs to be fast and meatspace responses are generally far slower than a server farm - they want to scan entire streets of traffic. The whole purpose of the SIN scan is not to catch Shadowrunners in particular, but criminals as a whole. A fake SIN is indicative of suspicious activity and likely a felony anyway.

The SIN system has to intrude as little as possible on your normal citizens and far less than that on famous citizens (because they're likely to turn large numbers of people against the scheme if it seriously inconveniences them) - case in point, more famous people will have multiple SINs and so the system will have to tolerate multiple responses on a biometrics check without really intruding on those people.

Technically genetic fingerprinting techniques don't involve the whole genome. They use a selection of hypervariable regions across the genome, and ignore most of it since it's the same from individual to individual. It is extremely unlikely for people to share the same genetic fingerprint, however, there are complicating factors involved ranging from the simple such as contamination, to the rare (chimerism). How useful DNA fingerprinting would be as a routine biometric is debatable, since today it takes a significant time (a day or more at least) to carry out all the scientific procedures required. Even with tech as advanced as 2071 SR I doubt the turnaround is much less than an hour, and so would only be tested at high ratings.

Fingerprinting or retinal analysis is faster, but as has been mentioned, they have a greater degree of fuzziness, and with the prevalence of cybereyes retinal and iris analysis would be useless. I think SINs involve tying recognisable biometrics with known addresses, occupations and the like. Obtaining a false SIN would perhaps be similar to identity theft today. It would in all likelihood be necessary to grind through SINs at a high rate, depending on how much you used them, and how obvious it was to the original holder. Perhaps tying a SINs rating to it's duration would work?

Fascinating thread.

Two questions to throw in for consideration: assuming a fake SIN claimed a runner worked for Corp X. Lone Star would have access to it's own, and probably government, databases that would verify this (which a corp would register when an employee joined them or a specialist would spoof when making a fake ID). The Star would not have access to Corp X's database to verify it, although, if there was any doubt, it could easily request verification assuming Corp X had a cordial (and why wouldn't they?) relationship with the Star, especially if it meant weeding out people who were falsely claiming to work for them. So....

When setting up a fake SIN, does its creator have to crack corp X's database as well as Lone Star and local govt?

Also, (I've posted this on another thread too but looking for an answer), when a runner gets new kit, how do both fake and real SINs get updated? Does the runner have to go back and pay the SIN spoofer another nominal fee? Is that the price of the fake license? And, for those with real SINs, who updates that?

Hm, a chip with a few dozen thousand microsatellites/SNPs/hypervariable regions could be done now in less than a day, I bet. It's possible to detect single specific molecules with electrochemistry (the DNA in the sample hybridizes to the fragments coating the sensor and then there's a detectable change in conductivity, an integral computer analyzes it as you'd analyze a gene chip, and it's automatically crosschecking a database -- wirelessly, of course), although today's detectors are nowhere near the sort of sensitivity required I think that 60 years is more than enough time to develop a gene scanner that takes only as much time as is needed to make the scene tense.



Depending on how much of the natural eye remains, the retina could remain. Additionally, given that both cybereyes and retinal scanners are fairly common by the book, I think it's reasonable to assume that cybereyes have unique identifiers that would be visible in a retinal scan; faking this is possible (even easy, maybe) but the secondary retinal pattern hardware is super-duper illegal. This is sort of analagous to radio jamming, which (IRL) is very easy, easier than real broadcasting, but highly illegal.

Also, sciencedaily.com is so damn awesome.

A gene chip is an interesting point (they're sick expensive right now, though), but one still has to extract the dna from the cell, which isn't as quick as all that.

It makes a lot of sense that cyber eyes would have some form of identifier, be it a barcode or a serial number. I was thinking that scanning them would be useless since it would be (relatively) easy to tamper with. You make a good analogy regarding radio jamming.

My post was really just trying to suggest that a cursory SIN check would only search for more easily faked or manipulated biometrics.

Security costs money. So not everywhere will have the same level of security. It's difficult to be specific about the measures taken at any given point or level of security, so we just have to assign the ID ratings and the check a comparative rating and let the dice tell us the result, then describe it to the players. Some IDs wouldn't have any sort of valid SIN; these would work fine for most casual commercial transactions. Others might just have the government entry that everyone checks. The best would have supporting entries in other authoritative ID stores.

Biometrics are not precise. They have fuzzy parameters. It's quite possible for two different fingerprints to have hashes that overlap a little. If there are other differences which can separate the two identies this wouldn't necessarily be a stopper. A guard might be required to check for a visually distinguishing mark, for example.

Cross-checks take time, too and there is always the balance between security and convenience to draw. You don't want RFID-operated doors opening late because they have to take a second or two to cross-check more than "Is that RFID on the list for this door?"

If a check is going to take more than a few seconds, then it's a pretty deep background check and would take a high rating fake to pass. It might even take a high rating and a disguise roll.