It’s easy to think of identity fraud and the problems it causes as an adults-only issue. However, fraudsters know that children are easy targets as they are generally trusting and less aware of financial, security and privacy matters. Children spend countless hours on their mobiles, which produces a wealth of data that can be hacked by bad actors and used for financial gain by committing fraud or other financial crime.
It’s easy for fraudsters to glean data from children in game chat rooms, on social media, even from data breaches. Cases like the Anthem health insurance breach in 2015 meant thousands of children’s social security and personal details were shared on the dark web along with their parents’ information: a wealth of data for creating synthetic and not-so-synthetic IDs.
One of the main types of fraud is synthetic identity fraud, or SIF. With synthetic identity fraud, fraudsters curate real personal identity data (stolen or purchased on the black market) with fake information to create an entirely new identity. This process can take years to pay off, making it even more difficult to detect.
Another common problem is familiar fraud, where the person committing the fraud is a close relative. This can sometimes involve a level of synthetic identity fraud, for example, where the child’s name and other details are used with a false date of birth. A study in 2012 revealed that the perpetrator was a close family member or friend in 27 percent of child identity fraud cases.
The effects of identity theft on children
A synthetic identity might consist of a real name and date of birth but use a false address and social security number from somewhere else. Fraudsters will then try to acquire new driver’s licenses, passports and other identity documents. If successful, these child-based synthetic identities can join the 20 percent of credit losses that SIF is thought to be responsible for, according to a study by Auriemma Consulting Group.
Some of the worst harm can come when fraudsters manage to set up a synthetic identity that’s very close to the child’s real identity, changing only the date of birth. This can effectively give criminals a blank slate credit history that will come back to haunt the child when they are old enough to apply for their first financial products.
The fallout can even start before the child comes of age. It’s not unheard of for a minor to end up having to defend against fraudulent charges while still underage. In fact, with less legitimate paperwork tracking their real credit history, it can actually be harder for a child to prove their innocence.
Tips for parents
What can we, as parents and caregivers, do to protect our children from these risks?
- Educate: The most obvious step is to educate children and parents about data security and how to protect personal data online, including the reasons why it’s necessary. Age-appropriate learning should accompany all of these other steps, with all but the youngest children able to understand at least some of the risks and issues involved. By the time a child is old enough to be online unsupervised, they will need to know how to keep their data safe as well as themselves.
This information sheet from the ITRC is a great resource for parents, and it includes a list of red flags — such as additional types of mail to watch out for.
- Monitor: Parents need to know how to keep an eye on their children’s online behavior, including how to use parental controls and monitoring software where age-appropriate. Parents/guardians also need to know the importance of monitoring mail and other offline data trails. Age-inappropriate mailings can be a warning that someone is using part or all of a child’s identity for fraud.
From an organizational point of view, any company that deals with children’s personal details needs to be aware that these are also attractive to data thieves, and why.
Tips for businesses
Organizations also have a role to play; not only do organizations need to combat fraud for their own purposes, but fraud against children is especially heinous.
- Identity checks: Don’t rely on just one database to verify new accounts. By checking multiple databases that include alternative data sources, you increase the likelihood that you can spot identity anomalies. For example, mobile network operators have an abundance of data that is difficult for fraudsters to falsify.
The trick here is depth of data history. Real people have real histories, including those from third-party sources. Children and newly crafted synthetic identities will have shallow or non-existent data pools behind them. The more places you check, the clearer it will be that there’s little or nothing there.
- Identity authentication: Using authentication techniques helps ensure that the individual has some real-world connection to the identity. For example, ID document verification techniques require the individual to have government-issued documentation that matches the person, or mobile two-factor authentication (2FA) requires the person have access to the mobile number on the account.
- Fraud tools: There are a growing number of sophisticated fraud prevention tools that help spot questionable patterns and stop losses. Keep in mind that, while the techniques might make use of children’s identity, in the end their goal is to profit. Monitoring for unusual transactions, implementing additional security measures and deploying a security mindset will not only protect your business but also help protect vulnerable potential victims.
Why is fraud prevention important when it comes to children?
Identity fraud affects children far more than it does adults. Even for grown-ups, extracting yourself from the tangle of charges, fines and accusations that can occur alongside identity fraud is difficult. Knowing that, in many cases, child identity fraud goes undetected until the child applies for student loans (making students four times more likely to be the victim of identity fraud than the general adult population), one starts to realize how bad things can get.
Imagine how many different instances of fraud and how many different steep debts could be run up in a child’s name if their details were used fraudulently for a decade or more. Now, imagine how much time and effort it would take to put right and get that child back to the blank credit slate they deserve. In the meantime, it could affect borrowing for university, car loans, credit checks by landlords and more — many major life milestones.
Protect your organization and children
In today’s digital landscape, it’s never too early for cybercriminals to take advantage of a child’s personal data. This synthetic fraud can be run by organized criminals on a large scale, but it can also involve close family and friends changing just the age of the child to take advantage of another set of names already linked to that address.
Either way, it’s vital to take a holistic approach to identity verification to prevent child identity fraud. As this type of fraud can go unnoticed for some time, the consequences can be dire for both the companies and children involved. Using strong identity verification and authentication measures, such as identifying unique data points and alternative authentication channels, are always good ideas when opening any account. Ensuring effective due diligence procedures are especially important when considering the victims can be children.