When Carnegie Mellon researchers scanned more than 40,000 children’s identity records in a study released in April 2011, they found 10 percent of them tainted by Social Security numbers that were being used by at least one other person.
Now, the government is stepping up its efforts to educate parents on preventing the crimes and resolving the damage already done.
The findings of the unscientific study — combined with ongoing reports that child ID theft is increasing — prompted the Federal Trade Commission to team up with the Department of Justice to offer a free public forum, says Rebecca Kuehn, assistant director in the FTC’s Division of Privacy and Identity Protection. Called “Stolen Futures: A Forum on Child Identity Theft,” the July 12, 2011, event in Washington, D.C., featured representatives of government agencies, businesses, victims’ advocates, nonprofits and legal service providers, and focused on combating ID theft within families, foster care and the educational system.
“One of the reasons [children’s Social Security numbers] are useful to identity thieves is that they haven’t been used before, so they won’t come up in standard fraud databases that this number is associated with someone else. Among the things we’ll talk about at the forum is how this information is getting out and how better to protect it,” Kuehn says.
Numbers are often hard to come by in pinpointing the scope of child ID theft in the U.S., experts say. Most surveys have looked at adults. And the crime against children is hard to quantify because it usually is not discovered for many years, often until victims’ credit is checked when they apply for a job or college financial aid, and they find their names are attached to foreclosures or other delinquent accounts. Even when ID theft is discovered, it can go unreported — particularly when the perpetrator is a family member, someone who has used the child’s clean financial slate to hide their own tainted record or illegal resident status.
What the study found
Richard Power with Carnegie Mellon’s CyLab — a cybersecurity research and education center — got the rare chance throughout 2010 to study children’s identity files when Debix AllClear ID Protection Network offered to let his team examine 42,232 records for people 18 or under. They were enrolled in the network by parents who had been notified that their personal information may have been compromised during a data breach.
The study found 4,311 of the children had at least one other person using their Social Security numbers — 10.2 percent — a rate that was 51 times higher than the 0.2 percentage rate of adults in the study.
The study is not scientific because it is not randomized to the general population, but it concludes that children’s Social Security numbers are coveted by fraudsters, Power says, and that child ID theft is a danger that demands further large-scale study. As adults become aware of their own ID risks, Power says, they are more careful, which leads thieves to look increasingly at children’s information, which gets less notice.
The effects for children are severe and long-lasting. The largest fraud in the CyLab study, for instance, was $725,000 against a 16-year-old girl. Stolen identities can damage teens’ chances of going to college, getting a job and finding a place to live and can saddle them with monumental financial and psychological problems.
Changing to offer better ID protection
A just-implemented change by the Social Security Administration may have an impact. As of June 25, 2011, it changed the way it assigns new nine-digit numbers. Previously, the first three digits have been assigned based on the state in which the number was issued. The fourth and fifth digits — called the group number — have been linked to the order in which they were issued. That system made it easier for thieves to predict what new numbers will be issued and adds risk for those who live in small states, where there is less variation in the first three digits. Randomization will eliminate the predictability for new numbers, though current Social Security numbers will remain the same.
Another strategy for fighting ID theft is being tested in California, where Joanne McNabb, chief of the California Office of Privacy Protection, is leading a pilot project that centers on better protection for a particularly vulnerable population: foster children. They are often easy targets because their personal information is transferred frequently and many adults have access to their personal records. The office is working with credit reporting agencies to develop special procedures to better protect them.
What are the signs?
While parents should be on alert for signs of child ID theft — which include getting a preapproved credit card offer in the mail or a debt collection call for your child — repeatedly checking with credit reporting agencies to see whether your child has a credit file is not recommended, says Jay Foley, executive director of the Identity Theft Resource Center, a national agency that supports victims and educates consumers. That could actually result in a report being created, he says, which could put your child at more risk.
Check file at age 16
Children should not have a credit report before age 18 because kids can’t legally contract for credit. If they do, it’s typically either a mistake or the result of fraud. An exception to that rule, however, could be if a child is an authorized user on a parent’s credit card. Check with all three credit reporting agencies for existence of a report when the child turns 16, Foley advises. That way, if there has been fraud, families have two years to address it before the child enters adulthood. Be sure to ask the credit reporting agencies to check for activity not just under the name of the child and his or her Social Security number, but for the Social Security number only, because thieves can attach any name to a stolen number.MyFico.com has sample letters you can use to ask for the information from the three major credit bureaus.
If there has been activity, contact police and follow this step-by-step guide for checking your child’s credit report.
The other thing to check at age 16, Foley says, is whether your child has a inaccurate work history on file with your local Social Security Administration office. Finding that out can uncover information that the child’s number has been breached.
4 steps to take
So what else can parents do? Experts offer the following tips (and more are available in the CreditCards.com article,”Protecting your children from identity theft“):
1. Ask questions before you hand over a child’s Social Security number to organizations: Ask why they need the number, who will see it, how they will protect it and how they will dispose of it, Foley says. If you are not satisfied with the answer, don’t give out the Social Security number. For example, “I don’t know why a sports league would need your child’s Social Security number,” he says.
2. Don’t carry your child’s Social Security number in your pocket. Keep it in a safe place at home or in a safe deposit box.
3. Talk to teens before they go away to school about not giving out too much information and leaving information in the open. “You may trust your roommate, but what about your roommates’ friends and friends of friends?” McNabb says.
4. Talk to teens about limiting their exposure on social media. McNabb’s office has developed guidelines on this on the California Office of Privacy Protection‘s website. Among his tips: Don’t provide your home address or phone number, and don’t give your full birthdate.
Awareness is the first step in any effort to fight child ID theft. CyLab’s Power has this advice for parents: “Follow the issue. Learn more about it. You need to have a strategy both for your own protection of your ID and the protection of your child’s ID.” He also advises parents to consider using an ID protection service — some of which are free — for all members of the family.