Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/27/2018
04:30 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

More Than 1M Children Victims of Identity Fraud in 2017

Total fraud against kids amounted to $2.6 billion and more than $540 million in out-of-pocket costs to families, a new report finds.

Data breaches are bad news for all victims but especially harmful to children. More than one million children were victims of identity fraud last year, costing $2.6 billion in total and $540 million in out-of-pocket costs to families.

The 2018 Child Identity Fraud Study, conducted by Javelin Strategy & Research and sponsored by Identity Guard, found 11% of households had at least one minor's data compromised in a breach last year. Nearly 40% of minors who found out their data was breached became victims of fraud. In comparison, only 19% of adults who were notified eventually became targeted.

High-profile breaches typically garner more attention; as a result, many people overlook the effects of identity fraud on minors. Children have limited financial histories, which presents a larger opportunity for fraudsters to leverage their information and build account networks. This "blank slate" lets perpetrators slowly grow accounts over time before tapping them.

Because children have no credit history, fraudsters usually fly under the radar as they build their schemes. They combine data from multiple victims to create identities. Social security numbers are particularly useful here because minors haven't yet established financial histories; as a result, their SSNs don’t raise red flags when they're used in identity fraud.

That said, the lack of history also makes things harder for perpetrators, who will have a tougher time getting high-value personal loans or credit cards using a minor's identity.

Sixty percent of child identity fraud victims personally know the fraudster using their data; the same can be said for only seven percent of adult fraud victims. Identity fraud against minors is hard to prevent because many perpetrators have legitimate access to the children's information. Two-thirds of child fraud victims are under the age of eight, 20% were between the ages of 8 and 12, and 14% were aged between 13 and 17.

Cyberbullied

Researchers also noticed a strong relationship between cyberbullying and fraud. Minors who were bullied online (6.67%) were more than nine times more likely to be fraud victims than those were not bullied (0.72%). The average fraud amount among bullying victims was $4,075, more than four times the average total among non-bullied targets.

"In many cases, fraud and bullying are not perpetrated by the same individual but arise from the same underlying vulnerabilities," says Al Pascual, senior vice president of research and head of Fraud & Security at Javelin. "Children who are unprepared to protect themselves from online risks are likely to encounter individuals who wish to target them emotionally or financially."

Most kids targeted with identity fraud are hit with new-account fraud, which affected 0.96% of minors in 2017, because they don’t have existing financial accounts. Adults, in contrast, usually experience existing-card fraud (ECF) because they're targeted for the value of their accounts.

Fraudsters do more than misuse children's identities to open new accounts and drain existing ones. Between 410,000 and 560,000 kids were affected by false tax claims in 2017, and attackers also use their data to gain unlawful employment or avoid punishment for crimes.

Ultimately, targeting minors leads to a bigger payout for perpetrators, who stole $2,303 when misusing the identities of children -- more than twice the mean fraud total for adult victims. It's also easier for adults to avoid liability for fraud, as they only have to pay an average of $104 per incident. The families of child identity fraud victims pay an average of $541 out of pocket.

Teaching kids to be cautious online lowers the likelihood of fraud. Only 0.69% of children of "highly cautious" guardians were affected by identity fraud in the past year, compared with 3.64% of dependents of less cautious guardians. More caution led to lower prevalence of fraud, and when fraud happened, it was for a lower amount and more easily contained.

You can monitor for new-account fraud by checking children's credit histories. Setting a credit freeze is among the most effective ways to prevent new accounts from opening in a child's or adult's name. Many states let parents or guardians freeze a child's credit.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for a two-day Cybersecurity Crash Course at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the agenda here. Register with Promo Code DR200 and save $200.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
4/30/2018 | 10:54:23 PM
Monitoring
Only thing that can be done now is monitoring unfortunately now that the information has already been lost. There are services that can be leveraged both paid and free, just depends on how much manual oversight you wish to put into this endeavor.
mmckeown
50%
50%
mmckeown,
User Rank: Apprentice
4/29/2018 | 11:55:13 PM
Re: Pending Review
Excelent summary.  Appreciate the report.  As a parent what are our recourses.  I was part of the OMB breach, which had information of my child in the data.  How do we confirm their information is safe until they take over control of maintaining their information.  Thanks, again for your article.
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Active Directory Needs an Update: Here's Why
Raz Rafaeli, CEO and Co-Founder at Secret Double Octopus,  1/16/2020
New Attack Campaigns Suggest Emotet Threat Is Far From Over
Jai Vijayan, Contributing Writer,  1/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20391
PUBLISHED: 2020-01-22
An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash.
CVE-2019-20392
PUBLISHED: 2020-01-22
An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.
CVE-2019-20393
PUBLISHED: 2020-01-22
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
CVE-2019-20394
PUBLISHED: 2020-01-22
A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
CVE-2019-20395
PUBLISHED: 2020-01-22
A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.