[RPG] How exactly are SINs checked

shadowrun-sr5

In the core rulebook, there is a section about checking fake System Identification Numbers (SINs) which details on how the SIN check is handled mechanically (p. 368):

In game terms, the gamemaster should make a Simple Device Rating x 2 Test with a threshold equal to the rating of the fake SIN (use Device Ratings, p. 234, for SIN verification system ratings).

However, I wonder what is actually going on in the game world, both for role-playing it and for planning the run settings as a GM.

The SINs seem to contain a lot of information such as DNA samples and retina scans. In addition, background information on the person is attached to it in some database.

How can I imagine different SIN checking device ratings to operate?

  • A rating one device would probably only check, like, the sex and age, probably entered by the operator themselves.

  • A rating two device might additionally take a retinal scan and check it against the data in the SIN.

  • A rating three device could also take a DNA sample, e.g. from saliva or blood.

  • A rating four device …?

I’m also thinking through this from a security perspective. If I read the rules correctly, the SIN is also stored on the Commlink (it has to be stored somewhere, I mean, it is likely a 100+ character string, you don’t simply remember that, and I don’t think anyone still believes in paper in 2075. Also, p. 221 “A commlink is combination computer, […], passport, wallet, credit card, […]”). What would stop a decker from simply copying the SIN from a cracked victim commlink and using it (with respect to the rules) like a Rating 1 Fake SIN? (Assuming the victim has roughly matching age and sex)

So to summarize the questions:

  • What do different SIN check levels look like?

  • Is the background information ever checked in an automatic procedure?

  • Is there anything in the checking procedures which protects against a SIN being copied or is it inherently impossible to steal a SIN from another person?

Best Answer

In summary:

  1. Details of SIN checks can be found on pg. 364 of the core rule book

  2. Yes

  3. No, but stealing one isn't a good idea

First, let's look at the SIN Verification Details on pg. 364 of the core rulebook:

Rating 1 - Do you have a SIN?

Rating 2 - Basic redundancy check on the number and vital statistics

Rating 3 - Redundancy check on number and statistics; query for external data attached to SIN

Rating 4 - Verify all vital statistics; external data checked for obvious conflicts; biometric must be present

Rating 5 - Full verification and consistency check; biometrics tested against sample

Rating 6 - All possible verification; multiple biometric samples must match; random supporting data verified externally

Reading the chart above, it appears to me that up to Rating 4 the scan can be considered "automatic". Rating 5 and 6 appear to require input from the runner. Pg. 364 includes:

Biometric data associated with a high-Rating SIN will be from a real person with the same sex and nationality as the purchaser with (if the extra fee is paid) matching organic samples available (blood, skin cells, hair—just don’t ask where they came from).

Essentially, 1–4 take the form of some device that is of unknown size and volume. 5 and 6 likely include some sort of scanner, either retinal, DNA, or all of the above. There is no set form factor, so it's left to our imagination.

The book doesn't mention at all stealing one that I can find, and that makes sense: If you steal someone's commlink, then you likely have their SIN, and can use it when you need (provided you have the technical mojo). But, if you steal a SIN and the person isn't dead, then you'll likely get caught as soon as their SIN history is checked or they recover their SIN from wherever they would do such a thing.

Duplicating a SIN would be an extremely dangerous affair. Remember, a SIN is required for almost every purchase (pg. 363 mentions “Hastily created identities may work if someone just wants to be able to buy a Nuke ’em Burger at the Stuffer Shack”), and chances are a legal SIN will constantly be broadcasted. Suddenly broadcasting the same SIN would immediately rouse suspicion. Essentially, you'd run into the same issue as above.

In most cases these devices would be automatic. I would expect a level 5 or 6 would be found at an extremely exclusive club, the offices of corporate CEO's, or other higher-level places. Level 4 assumes the biometric data is broadcasted along with the SIN (Unrelated to the rating, but “Related information such as biometric data will likely be missing or obviously false if checked (‘Hey, this is the DNA of a chicken ...’).”)

Comment Answers

I see that stealing long-term might not be a good idea, but is there anything against copying it, keeping it secret and then use it for a few seconds while passing an entrance check?

In RAW, not that I've found. I would allow it under most circumstances. It could be a very useful part in breaking into a secure part of a facility, as example. I wouldn't allow it under the more extreme situations that I can't think of.

What kind of roll would you take to determine whether this temporary duplication raises suspicion?

Probably an edge test. I would either allow them to use a point of edge to make it work, or use the difficulty threshold chart to determine what sort of edge test would need to be passed. It should be a hard thing to do, after all. I would give modifiers based on factors like how soon it's been since it was stolen, if anyone was aware it's stolen So, in a situation where a middle manager was walking down the hallway and someone sniffed away the commlink, I would give a +2 or +3 since it's unknown and recent.

Obligatory Disclaimer: Since this isn't RAW it's up to the GM to make the best decision. I've provided my point of view as a GM.

Related Topic