Kevinleary.net, LLC.

Social Security Number Validation Rules (Regex)

Validate a US Social Security Number (SSN) with JavaScript, PHP, Python, Ruby and more.

If you’re building a web application or custom WordPress plugin that needs to validate a US Social Security Number (SSN) then the following approach will provide a way to validate user input without the use of any third-party verification API.

Social Security Card Example

Validation Logic

The US government provides details on the SSN Numbering Scheme used for a social security number, to a degree that allows for validation but not manipulation or generation. We can use this to determine a set of rules and verify if a number could be a real social security number.

This doesn’t validate if the number is a real social security number, only if it could be.

Formatting Rules

Nine-digit social security numbers are broken down into three parts:

  • First three digits is called the Area Number
  • Next two digits is called the Group Number
  • Final four digits is the Serial Number

The area number can be validating based on the following information:

Prior to June 25, 2011, a valid SSN could not have an area number between 734 and 749, or above 772, the highest area number the Social Security Administration had allocated. Effective June 25, 2011, the SSA assigns SSNs randomly and allows for the assignment of area numbers between 734 and 749 and above 772 through the 800s.[36] This should not be confused with Tax Identification Numbers (TINs), which include additional area numbers.[37]

Additionally, the two-digit group number can be verified as accurate based on the following documented patterns:

Within each area, the group number (middle two (2) digits) range from 01 to 99 but are not assigned in consecutive order. For administrative reasons, group numbers issued first consist of the ODD numbers from 01 through 09 and then EVEN numbers from 10 through 98, within each area number allocated to a State. After all numbers in group 98 of a particular area have been issued, the EVEN Groups 02 through 08 are used, followed by ODD Groups 11 through 99.

Finally, the serial number follows a set of rules as well:

  • Within each group, the serial numbers (last four (4) digits) run consecutively from 0001 through 9999.

Another way to interpret the information provided is to consider what is not valid:

  • Numbers with all zeros in any digit group (000-##-####, ###-00-####, ###-##-0000)
  • Numbers with 666 or 900–999 (Individual Taxpayer Identification Number) in the first digit group

Data Sources

Code Examples

The approach I use for this makes use of a specific regular expression pattern to validate a string against the rules provided by the US goverment that I’ve outlined above. This provides a nice flexible way to work with it, it can really be used in any web programming language.

I’ve included examples below for the most common web programming languages including JavaScript, Node.js, PHP, Python and Ruby. To see examples in other languages like .NET, Java or Golang you can refer to the following demo on Regex101.com.

JavaScript / Node.js

If you’re working on the frontend of a WordPress theme or plugin, or any environment using JavaScript (including Node.js) then this approach will validate a social security number.

var ssn = "012-78-0928";
var pattern = /^(?!666|000|9\d{2})\d{3}[- ]{0,1}(?!00)\d{2}[- ]{0,1}(?!0{4})\d{4}$/
var valid = ! ssn.match(pattern);
var invalid = ssn.match(pattern);

if ( valid ) {
  console.log("Look's good!");
}

if ( invalid ) {
  console.log("Not a valid SSN!");
}

PHP

This is the approach you’d use with custom WordPress theme development, or working with a Laravel web application.

$ssn = '012-12-0928';
$pattern = '/^(?!666|000|9\d{2})\d{3}[- ]{0,1}(?!00)\d{2}[- ]{0,1}(?!0{4})\d{4}$/';
$valid = (preg_match($pattern, $ssn) === 1);
$invalid = (preg_match($pattern, $ssn) !== 1);

if ( $valid ) {
  echo 'Look's good!';
}

if ( $invalid ) {
  console.log('Not a valid SSN!');
}

Python

To validate a social security number in Django use the following approach:

import re

pattern = r"^(?!666|000|9\d{2})\d{3}[- ]{0,1}(?!00)\d{2}[- ]{0,1}(?!0{4})\d{4}$"
ssn = '012-12-0928'
valid = re.match(pattern, ssn)

if valid:
  print("Look's good!")
else:
  print("Not a valid SSN!")

Ruby

To use the same pattern based approach to validate a social security number (SSN) in Ruby:

pattern = /^(?!666|000|9\d{2})\d{3}[- ]{0,1}(?!00)\d{2}[- ]{0,1}(?!0{4})\d{4}$/
ssn = '012-12-0928'

ssn.match(pattern) do |match|
    puts match.to_s
end

Meet the Author

Kevin Leary, WordPress Consultant

I'm a freelance web developer and WordPress consultant in Boston, MA with 15 years of experience building websites and applications. View a portfolio of my work or request an estimate for your next project.