Why is children’s personal information so desirable, how do criminals steal it, and what can parents do to help prevent child identity theft?
Total loss of identity fraud in the US estimated at a whopping $43bn last year. While many of us are becoming increasingly savvy about how we protect our personal information online, can we say the same about our children’s data? Child identity theft is more common than you might think. Almost a million US children are victimized by 2022, with an average incident cost of $1,128 per household and taking 16 hours to resolve. That equates to a problem that costs Americans more than $1 billion a year.
This alone is enough to focus our minds on the task at hand. So why is children’s personal information so desirable, how can it be stolen and what can parents do to stop it?
The billion dollar problem
Fraudsters use children’s identifying data for many of the same purposes as adult information:
- Opening bank accounts for use in money laundering and fraud
- Opening a new credit card account to run a debt
- Fraudulently obtaining benefits and welfare loans
Why are details of young people so popular among the criminal fraternity? A large part of the appeal is the fact that kids don’t usually have bad credit ratings. This means that fraudsters have greater confidence that their attempts to monetize stolen identity data will not be blocked by a bank or government agency. Victims are also less likely to realize that their identities have been stolen, because – even if they had – children would not be prepared to check their bank accounts or credit reports regularly. Fraud may go unnoticed for years.
Another popular technique suitable for child identity data is synthetic fraud. This is when scammers combine personal data from several sources: some real, some fake. Thus, a new identity is created using that all-important child data to ensure a clean credit history.
How does child ID theft happen
Underground cybercrime is a well-oiled machine in which different actors have different roles. Cyber criminals will typically harvest personal data and then sell it on dark web marketplaces and forums, for fraudsters to use in follow-up attacks. Again, the methods for obtaining this data are similar to those used to compromise adults. They include:
- deception via email, social media or even text. People are lured into clicking malicious links, potentially installing information-stealing malware, or tricked into giving up their personal details – perhaps to enter into a non-existent prize draw.
- Third party violation. Roughly 7 million American childrenor 1 in every 43, had their personal information disclosed and potentially compromised through last year’s data breach, through no fault of their own.
- Account takeover: Games, social media, and even online learning accounts can be valuable sources of identity information. They can be compromised through phishing attacks, password cracking/guessing, and other techniques.
- Oversharing on social media: Parents can be as guilty as their children of sharing too much personal information through social accounts. Even their date of birth and details about their schooling can be used as weapons in a follow-up scam designed to get more information.
- Family members: Family scams are very common. In estimates In 67% of households experiencing child identity fraud, the victim personally knows the perpetrator. Close access to sensitive documents gave these family members the perfect opportunity, and the assumption of innocence meant fraud could go undetected for years.
- Physical theft: The old ways are still popular, such as confiscating documents from the trash or even straight from the mail.
How to keep your child’s identity safe
Fortunately, some tried and tested best practices can have a significant positive impact on a child’s identity risk, and need not be overly burdensome. They include:
- Avoid sharing too much information about your child on social media. Sharenting is best avoided, unless the account is properly locked down.
- Monitor unusual activity on your child’s account (bank, phone, etc.).
- Consider a credit freeze for your child with each of the three US credit bureaus (Experian, TransUnion, and Equifax). This means that banks and other providers will not be able to issue loans/credit on your child’s behalf.
- Keep all household machines/devices updated with latest patches and anti-malware software.
- Explain to your children the dangers of social media oversharing, phishing attacks, or identity theft.
- Limit the number of accounts/services registered by your child. Enter your details if necessary.
Look for warning signs
In addition to precautions, it makes sense to stay alert to possible fraudulent attempts to use your child’s identifying data. The following are signs that something is wrong:
- Unusual or unexpected bills/statements arrive addressed to your child.
- Welfare benefits were denied because the government claimed they had been paid to your child’s Social Security number.
- IRS letter demanding taxes from your child.
- Bank account applications are rejected due to bad credit history.
- Collection agencies start calling asking to speak to your child.
What to do in the worst case scenario
If the worst happens, it’s important to take action quickly. Get a credit report for your child and if there’s anything on it, freeze it immediately. Furthermore:
- Report the incident to the Federal Trade Commission (FTC).
- Report the incident to the police.
- Notify all three credit bureaus.
- Notify any organizations where your child’s info has been used to open fraudulent accounts. Ask them to close it and get written confirmation that your child is not responsible for it.
Identity fraud is a part of life – unfortunately for our children too. Becoming a responsible parent in the digital age may take more effort than it did 20 years ago. But doing so is really non-negotiable.