Government turns spotlight on child ID theft problem
By Marcia Frellick
When Carnegie Mellon researchers scanned more than 40,000
children's identity records in a study released in April 2011, they found 10 percent
of them tainted by Social Security numbers that were being used by at least one
Now, the government is stepping up its efforts to educate
parents on preventing the crimes and resolving the damage already done.
The findings of the unscientific study -- combined with ongoing
reports that child ID theft is increasing -- prompted the Federal Trade Commission
to team up with the Department of Justice to offer a free public forum, says
Rebecca Kuehn, assistant director in the FTC's Division of Privacy and Identity
Protection. Called "Stolen Futures: A Forum on Child Identity Theft," the July 12, 2011, event in Washington,
D.C., featured representatives of government agencies, businesses, victims'
advocates, nonprofits and legal service providers, and focused on combating ID theft
within families, foster care and the educational system.
"One of the reasons [children's Social Security numbers] are useful to identity thieves is that they haven't been used before, so they won't come up in standard fraud databases that this number is associated with someone else. Among the things we'll talk about at the forum is how this information is getting out and how better to protect it," Kuehn says.
Numbers are often hard to come by in pinpointing the scope
of child ID theft in the U.S., experts say. Most surveys have looked at adults.
And the crime against children is hard to quantify because it usually is not
discovered for many years, often until victims' credit is checked when they
apply for a job or college financial aid, and they find their names are attached
to foreclosures or other delinquent accounts. Even when ID theft is discovered,
it can go unreported -- particularly when the perpetrator is a family member,
someone who has used the child's clean financial slate to hide their own tainted
record or illegal resident status.
What the study found
Richard Power with Carnegie Mellon's CyLab -- a cybersecurity research and education center -- got the rare chance throughout
2010 to study children's identity files when Debix AllClear ID Protection
Network offered to let his team examine 42,232 records for people 18 or under. They
were enrolled in the network by parents who had been notified that their
personal information may have been compromised during a data breach.
The study found 4,311 of the children had at least one other
person using their Social Security numbers -- 10.2 percent -- a rate that was 51 times
higher than the 0.2 percentage rate of adults in the study.
The study is not scientific because it is not randomized to
the general population, but it concludes that children's Social Security
numbers are coveted by fraudsters, Power says, and that child ID theft is a
danger that demands further large-scale study. As adults become aware of their
own ID risks, Power says, they are more careful, which leads thieves to look
increasingly at children's information, which gets less notice.
The effects for children are severe and long-lasting. The
largest fraud in the CyLab study, for instance, was $725,000 against a
16-year-old girl. Stolen identities can damage teens' chances of going to
college, getting a job and finding a place to live and can saddle them with
monumental financial and psychological problems.
Changing to offer
better ID protection
A just-implemented change by the Social Security Administration may have
an impact. As of June 25, 2011,
it changed the way it assigns new nine-digit numbers. Previously, the
first three digits have been assigned based on the state in which the number
was issued. The fourth and fifth digits -- called the group number -- have been
linked to the order in which they were issued. That system made it easier
for thieves to predict what new numbers will be issued and adds risk for those
who live in small states, where there is less variation in the first three
digits. Randomization will eliminate the predictability for new numbers, though
current Social Security numbers will remain the same.
Another strategy for fighting ID theft is being tested in California,
where Joanne McNabb, chief of the California Office of Privacy Protection, is
leading a pilot project that centers on better protection for a particularly vulnerable
population: foster children. They are often easy targets because their personal
information is transferred frequently and many adults have access to their
personal records. The office is working with credit reporting agencies to
develop special procedures to better protect them.
What are the signs?
While parents should be on alert for signs of child ID theft
-- which include getting a preapproved credit card offer in the mail or a debt
collection call for your child -- repeatedly checking with credit reporting
agencies to see whether your child has a credit file is not recommended, says
Jay Foley, executive director of the Identity Theft Resource Center, a national
agency that supports victims and educates consumers. That could actually result
in a report being created, he says, which could put your child at more risk.
Check file at age 16
Children should not have a credit report before age 18
because kids can't legally contract for credit. If they do, it's typically either a
mistake or the result of fraud. An exception to that rule, however, could be if a child is an authorized user on a parent's credit card. Check with all three credit reporting agencies for
existence of a report when the child turns 16, Foley advises. That way, if
there has been fraud, families have two years to address it before the child enters
adulthood. Be sure to ask the credit reporting agencies to check for activity
not just under the name of the child and his or her Social Security number, but
for the Social Security number only, because thieves can attach any name to a
stolen number.MyFico.com has sample letters you can use to ask for the information from the three major credit bureaus.
If there has been activity, contact police and follow this
step-by-step guide for checking your child's credit report.
The other thing to check at age 16, Foley says, is whether
your child has a inaccurate work history on file with your local Social Security
Administration office. Finding that out can uncover information that the
child's number has been breached.
4 steps to take
So what else can parents do? Experts offer the following tips (and more are available in the CreditCards.com article,"Protecting your children from identity theft"):
1. Ask questions before
you hand over a child's Social Security number to organizations: Ask why they need
the number, who will see it, how they will protect it and how they will dispose
of it, Foley says. If you are not satisfied with the answer, don't give out the Social Security number.
For example, "I don't know why a sports league would need your child's Social Security
number," he says.
2. Don't carry your
child's Social Security number in your pocket. Keep it in a safe place at
home or in a safe deposit box.
3. Talk to teens
before they go away to school about not giving out too much information and
leaving information in the open. "You may trust your roommate, but what
about your roommates' friends and friends of friends?" McNabb says.
4. Talk to teens
about limiting their exposure on social media. McNabb's office has developed guidelines on
this on the California Office of Privacy Protection's website. Among his tips: Don't provide your home address or phone number, and don't give your full birthdate.
Awareness is the first step in any effort to fight child ID
theft. CyLab's Power has this advice for parents: "Follow the issue. Learn more
about it. You need to have a strategy both for your own protection of your ID and
the protection of your child's ID." He also advises parents to consider using
an ID protection service -- some of which are free --
for all members of the family.
See related: Credit card charges made by minors are invalid
, 10 things you must know about credit reports
Updated: July 12, 2011
Three most recent Legal, regulatory, privacy issues stories: