Yes, I know that's often demanded by financial institutions, and that does add a layer of double-checking, if you will.
Part of the recommendation in the first report PIAC wrote on this was that businesses take a few more steps, simple steps like that, to try to verify identity.
Sometimes people will take your credit card from you and not even read the name or check the signature you scrawled down. A simple step is to train clerks to make sure they actually check that the signature matches, and that sort of the thing.
I'm not saying that's a bad thing. I'm thinking more of unnecessary credit checks. Someone is asked to have a credit check done for a new cellphone account. It may or may not be necessary. If it's not necessary, that SIN number gets stored in the cellphone company's database of records. If that database is then compromised, that SIN number goes out, and here we go. That's the sort of situation in which people are making credit applications part of their standard business procedure, and it may or may not be necessary. And they'll always ask for a SIN at that time.