Synthetic identity fraud has been a growing issue for the past decade. The darker side of this fraud is that minors are targeted at a much higher rate than adults. This portends a sizable, looming crisis as today’s minors, who have been unknowingly victimized, approach adulthood and uncover the financial crimes committed against them as they apply for driver’s licenses, college loans and employment after high school.

According to AllClear ID research on child identity theft, children may be victimized at a rate approximately 35 times higher than that of adults. Synthetic ID thieves need Social Security numbers (SSNs) with clean histories that are not currently being used, allowing them to attach a different name and date of birth to the number. According to a 2011 CyLab report, minors’ SSNs are valuable because there is currently no process for organizations to check which name and birth date is officially attached to an SSN.

How Does Child Identity Theft Work?

In the case of child identity theft, an identity thief compromises a child’s SSN and attaches a fictitious name and birth date to it. The thief then establishes a credit profile by applying for credit through an authorized user or by working with a data furnisher.

According to the Identity Theft Resource Center (ITRC), there are a few misconceptions about how the credit process works. Credit reporting agencies (CRAs) do not often verify the age of the credit applicant. The fact that credit issuers often do not request adequate proof of identity is a glaring weakness in our credit system; in today’s online world, everything from credit applications to funding can occur at a distance.

Many people believe that CRAs will identify the applicant as a minor and detect a fraudulent application. The fact is, the credit application is the means by which age is established on a credit file. The SSN of a child born in 2013 may have a birth date of 1985 fraudulently associated with it. That SSN would then be associated with an identity that has an “age” of 29.

Child SSNs are often compromised by entities entrusted with safeguarding children’s information, such as schools, doctors’ offices, youth sports organizations and family members. Child SSNs are not typically compromised as part of large data breaches because they often come from smaller-scale incidents. For example, the ITRC says that as of Nov. 18, medical and health care facilities accounted for 42 percent of all year-to-date data breaches; however, they accounted for less than 10 percent of all exposed records. Breaches perpetrated by insiders at doctors’ offices will more likely involve the compromise of a SSN. Meanwhile, the ITRC general business category accounted for 32 percent of incidents and 79 percent of records in which point-of-sale payment information was likely compromised.

Unfortunately, It May Be the Parents

While there is no data available to support an analysis of how often children are victimized by their own parents versus people unknown to the family, there is ample evidence that parents often use their child’s SSN to create new identities to obtain telecommunication services such as cable TV subscriptions or cell phone plans. According to David Howe of SubscriberWise, a national credit reporting agency for the telecom industry, parents often use their children’s SSN to obtain new cable accounts to avoid paying for an unpaid account in their names. Howe and his team have investigated scores of incidents over the past 20 years involving parents who fraudulently created new identities using their child’s SSN to obtain telecom services.

In one recent case, the mother of a 14-year-old in Ohio used her teenage daughter’s SSN to open a new cable account. The mother applied for a new account using her daughter’s legitimate SSN and a fabricated date of birth, changing the middle initial of the child’s name. In that case, the local prosecutor did not bring charges against the mother for many reasons, not the least of which is vague or nonspecific laws related to this type of child crime.

Effects on Children

Children who have been victims of identity theft face potentially severe financial consequences as a result. Since the underlying compromise may go undetected for many years, the potential for a child to be associated with bad debt amounting to tens or hundreds of thousands of dollars is daunting. Children and their families may spend years — and thousands of dollars — to completely resolve the problem.

There are hidden costs, as well. Children may lose the opportunity to attend the college of their choice or get a job after high school because a problem was identified during a background check.

Aside from the clear financial implications of this crime, there are also potential emotional impacts. Children, like any other victim of a crime, may experience emotional trauma if they are old enough to understand what has happened. Picture teenagers who have learned that their parent, whom they implicitly trusted, betrayed and violated their trust. The IRTC provides guidance for dealing with the emotional impacts to children.

Legislative Initiatives

There is currently no federal law or congressional legislative effort to slow down the rate of child ID theft. Howe is spearheading an effort to bring attention to this issue and advocating for the establishment of an index of child SSNs that could be referenced to dramatically reduce child identity theft. The index could be used to alert creditors that a SSN used in an application matches that of a minor. The concept is very similar to the Social Security Death Index produced by the Social Security Administration.

This year, U.S. Sen. Kirsten Gillibrand of New York introduced the Cyber Information Sharing Tax Credit Act, a new piece of legislation that would encourage businesses to share information about cybervulnerabilities through third-party information-sharing organizations. Likewise, several states have enacted laws or are pursuing legislation at the state level. While the objectives of these legislative efforts are positive, they do nothing to prevent synthetic child identity theft.

In 2011, U.S. Rep. Jim Langevin of Rhode Island proposed a provision that would protect children in foster care as part of the Child and Family Services Improvement and Innovation Act, which was signed into law by President Barack Obama. The provision mandates free credit checks for foster youth over 16 years old before they age out of the system and requires that they receive assistance in clearing inaccuracies from their records. While the law will certainly aid some victims, research performed by AllClear ID found that upward of 99 percent of credit reports of children known to have been victimized failed to detect the identity theft.

What Can Parents Do?

Good parents will nurture their children and are generally good at protecting them from physical threats. They are great at teaching their children to look both ways when crossing the street, to not play with matches or run with scissors and, of course, to beware of “stranger danger.” However, it is much more difficult to protect a child from having his or her identity stolen.

There are some steps parents can take to minimize risk. The Federal Trade Commission and ITRC have provided valuable information concerning red flags and steps to take to prevent or detect problems. Additionally, there are professional services that offer specialized assistance.

The following are some general warning signs to look out for:

  • Credit card offers in the name of your child;
  • Calls from collection agencies;
  • Collection notices in the mail;
  • A notification from the Internal Revenue Service that your child’s SSN has already been used in a tax return.

The following are some preventative measures you can take:

  • Keep your child’s SSN private, even to family.
  • Keep sensitive information located within your house.
  • Don’t carry your child’s Social Security card or SSN with you.
  • Use a cross-cut shredder to destroy all personal information when disposing of it.
  • Question and protest the use of SSNs by youth organizations.

If your child’s SSN must be provided, the ITRC offers some advice. Show the papers to the coach or organizer and then place the documents in a sealed envelope. Write your initials over the seal in colored ink to ensure it has not been tampered with when it is returned. Alternatively, initial the back of each document in colored ink to ensure you have received the original. It is also important to ask the organization how and where the documents will be stored during the season or for how long it will possess the documents.

More from Banking & Finance

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

Why Cybersecurity Risk Assessment Matters in the Banking Industry

When customers put money in a bank, they need to trust it will stay there. Because of the high stakes involved for the customer, such as financial loss, and how long it takes to resolve fraud and potential identity theft, customers are sensitive to the security of the bank as well as fraud prevention measures. Banks that experience high volumes of fraud are likely to lose customers and revenue. The key is to protect customers and their accounts before problems…

Cost of a Data Breach: Banking and Finance

The importance of cybersecurity has touched almost every industry. Beyond that, robust cybersecurity is table stakes for several sectors, particularly health care and the banking and finance industry. Not only is financial data at risk, but so is customer trust. In banking and finance, trust means everything. Yet, consumers are hesitant to share their confidential data. A recent McKinsey survey revealed that no industry achieved a trust rating of 50% for data protection. Here’s the most sobering stat: 87% of…

What Do Financial Institutions Need to Know About the SEC’s Proposed Cybersecurity Rules?

On March 9, the U.S. Securities and Exchange Commission (SEC) announced a new set of proposed rules for cybersecurity risk management, strategy and incident disclosure for public companies. One intent of the rule changes is to provide “consistent, comparable and decision-useful” information to investors. Not yet adopted, these new rules – published in the Federal Register on March 23 – could change reporting requirements. Take a look at some of the big-ticket items and what your organization needs to know.…