Data breaches are bad news for all victims but especially harmful to children. More than one million children were victims of identity fraud last year, costing $2.6 billion in total and $540 million in out-of-pocket costs to families.
The 2018 Child Identity Fraud Study, conducted by Javelin Strategy & Research and sponsored by Identity Guard, found 11% of households had at least one minor's data compromised in a breach last year. Nearly 40% of minors who found out their data was breached became victims of fraud. In comparison, only 19% of adults who were notified eventually became targeted.
High-profile breaches typically garner more attention; as a result, many people overlook the effects of identity fraud on minors. Children have limited financial histories, which presents a larger opportunity for fraudsters to leverage their information and build account networks. This "blank slate" lets perpetrators slowly grow accounts over time before tapping them.
Because children have no credit history, fraudsters usually fly under the radar as they build their schemes. They combine data from multiple victims to create identities. Social security numbers are particularly useful here because minors haven't yet established financial histories; as a result, their SSNs don’t raise red flags when they're used in identity fraud.
That said, the lack of history also makes things harder for perpetrators, who will have a tougher time getting high-value personal loans or credit cards using a minor's identity.
Sixty percent of child identity fraud victims personally know the fraudster using their data; the same can be said for only seven percent of adult fraud victims. Identity fraud against minors is hard to prevent because many perpetrators have legitimate access to the children's information. Two-thirds of child fraud victims are under the age of eight, 20% were between the ages of 8 and 12, and 14% were aged between 13 and 17.
Researchers also noticed a strong relationship between cyberbullying and fraud. Minors who were bullied online (6.67%) were more than nine times more likely to be fraud victims than those were not bullied (0.72%). The average fraud amount among bullying victims was $4,075, more than four times the average total among non-bullied targets.
"In many cases, fraud and bullying are not perpetrated by the same individual but arise from the same underlying vulnerabilities," says Al Pascual, senior vice president of research and head of Fraud & Security at Javelin. "Children who are unprepared to protect themselves from online risks are likely to encounter individuals who wish to target them emotionally or financially."
Most kids targeted with identity fraud are hit with new-account fraud, which affected 0.96% of minors in 2017, because they don’t have existing financial accounts. Adults, in contrast, usually experience existing-card fraud (ECF) because they're targeted for the value of their accounts.
Fraudsters do more than misuse children's identities to open new accounts and drain existing ones. Between 410,000 and 560,000 kids were affected by false tax claims in 2017, and attackers also use their data to gain unlawful employment or avoid punishment for crimes.
Ultimately, targeting minors leads to a bigger payout for perpetrators, who stole $2,303 when misusing the identities of children -- more than twice the mean fraud total for adult victims. It's also easier for adults to avoid liability for fraud, as they only have to pay an average of $104 per incident. The families of child identity fraud victims pay an average of $541 out of pocket.
Teaching kids to be cautious online lowers the likelihood of fraud. Only 0.69% of children of "highly cautious" guardians were affected by identity fraud in the past year, compared with 3.64% of dependents of less cautious guardians. More caution led to lower prevalence of fraud, and when fraud happened, it was for a lower amount and more easily contained.
You can monitor for new-account fraud by checking children's credit histories. Setting a credit freeze is among the most effective ways to prevent new accounts from opening in a child's or adult's name. Many states let parents or guardians freeze a child's credit.
Join Dark Reading LIVE for a two-day Cybersecurity Crash Course at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the agenda here. Register with Promo Code DR200 and save $200.Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio