How can I validate US Social Security Number?

UPDATE

On June 25, 2011, the SSA changed the SSN assignment process to "SSN randomization".[27] SSN randomization affects the SSN assignment process in the following ways:

It eliminates the geographical significance of the first three digits of the SSN, previously referred to as the Area Number, by no longer allocating the Area Numbers for assignment to individuals in specific states. It eliminates the significance of the highest Group Number and, as a result, the High Group List is frozen in time and can be used for validation of SSNs issued prior to the randomization implementation date. Previously unassigned Area Numbers have been introduced for assignment excluding Area Numbers 000, 666 and 900–999.

New Rules

• The Social Security number is a nine-digit number in the format "AAA-GG-SSSS". The number is divided into three parts.
• The middle two digits are the Group Number. The Group Numbers range from 01 to 99.
• The last four digits are Serial Numbers. They represent a straight numerical sequence of digits from 0001 to 9999 within the group.
• Some special numbers are never allocated:
  • Numbers with all zeros in any digit group (000-##-####, ###-00-####, ###-##-0000).
  • Numbers with 666 or 900-999 (Individual Taxpayer Identification Number) in the first digit group.
• SSNs used in advertising have rendered those numbers invalid.

http://en.wikipedia.org/wiki/Social_Security_number#Structure

Previous Answer

Here's the most-complete description of the makeup of an SSN that I have found.

This is obviously an old post, but I found some ways to shorten it. Also there are a few specific numbers to invalidate according to this link: http://www.snopes.com/business/taxes/woolworth.asp

Here's how I did it. I could have used regexes for repeating numbers, but with specific ones to invalidate we might as well add ones through fives to that list (over 5 will invalidate anyways due to area number validation). I also left out isNumeric(ssn) because the field is a numeric and already strips characters before calling the validate function.

function validateSSN(ssn) {
    // validate format (no all zeroes, length 9
    if (!ssn.match(/^[1-9][0-9]{2}[1-9][0-9]{1}[1-9][0-9]{3}/)
            || ssn.length!=9) return false;

    // validate area number (1st 3 digits)
    var area=parseInt(ssn.substring(0, 3));
    //  standard      railroad numbers (pre-1963)
    if (area>649 && !(area>=700 && area<=728)) return false;

    // disallow specific invalid number
    if (ssn=='078051120' || // fun fact: some idiot boss put his
                            // secretary's ssn in wallets he sold,
                            // now this is 40000 people's ssn
        ssn=='219099999' || // was used in an ad by the Social Security
                            // Administration
        ssn=='123456789' || // although valid it's not yet assigned and
                            // you're not likely to meet the person who
                            // will get it
        ssn=='123121234' || // probably is assigned to someone but more
                            // likely to find someone trying to fake a
                            // number (next is same)
        ssn=='321214321' || // all the rest are likely potentially
                            // valid, but most likely these numbers are
                            // abused
        ssn=='111111111' ||
        ssn=='222222222' ||
        ssn=='333333333' ||
        ssn=='444444444' ||
        ssn=='555555555') return false;

    return true;
}

As of 2011 SSN's are completely randomized (http://www.socialsecurity.gov/employer/randomization.html)

The only real rules left are:

• Cannot start with 900-999 (although the Individual Taxpayer Identification Number, which can be used like an SSN by temporary residents and undocumented/DACA/DAPA immigrants in some situations, is in the same format and does start with 9)
• Cannot start with 666
• Cannot start with 000
• Must be 9 numeric digits or 11 with the 2 dashes
• Cannot be any of the known fakes;
  • "078051120" — Woolworth Wallet Fiasco
  • "219099999" — Was used in an ad by the Social Security Administration
• Many people exclude repeating an sequential numbers as well, although these are now technically valid, and I feel sorry for the poor schmuck's who gets assigned these.

Answer 5 years after initial question due to changes in validation rules by the Social Security Administration. Also there are Specific numbers to invalidate according to this link.

As per my near-2-year-old answer I also left out isNumeric(ssn) because the field is a numeric and already strips characters before calling the validate function.

// validate social security number with ssn parameter as string
function validateSSN(ssn) {
  // find area number (1st 3 digits, no longer actually signifies area)
  var area = parseInt(ssn.substring(0, 3));
  return (
    // 9 characters
    ssn.length === 9 &&
    // basic regex
    ssn.match(/^[0-8]{1}[0-9]{2}[0-9]{2}[0-9]{4}/) &&
    // disallow Satan's minions from becoming residents of the US
    area !== 666 &&
    // it's not triple nil
    area !== 0 &&
    // fun fact: some idiot boss put his secretary's ssn in wallets
    // he sold, now it "belongs" to 40000 people
    ssn !== '078051120' &&
    // was used in an ad by the Social Security Administration
    ssn !== '219099999'
  );
}

According to updated information there are no other checks to perform.