Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

Robbing the Cradle…Literally – Child Identity Theft Rising

By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

Child identity theft is exactly like stealing candy from babies. Easy. It’s easy because the crime is often not detected until the baby is an adult and has his/her credit and reputation ruined.

The Huffington Post relates the story of Jennifer Andrushko.   

When Jennifer Andrushko applied for public aid two years ago, a state employee entered her son Carter’s Social Security number into a computer and discovered something strange: The boy appeared to have been earning wages for the past eight years.

“I thought, ‘How could this be happening? He’s only three years old,'” Andrushko said.

It turned out an undocumented immigrant had been using Carter’s number to acquire jobs since before [Carter] was born. But Carter proved relatively fortunate. Unlike many child identity theft victims who do not realize their credit is ruined until they reach adulthood, his case was caught while he was young, giving him time to recover his good name.

Carter was lucky. He was living in Utah, one of the few states that cross-references its employment database with a list of children receiving public assistance. Well he wasn’t all that lucky. His mother was applying for public assistance.  Anyway, according to the Huffington Post, Utah found thousands of instances of child identity theft, including one where nine people used one nine-year-old’s Social Security number to get employment.

Parents hand over children’s Social Security numbers to schools and health care providers, and other institutions that often don’t have sufficient safeguards in place. It’s been suggested that a solution, or at least a partial one, would be if the Social Security Administration could do something with the numbers to make it possible for credit agencies to know that the holder is a minor.

Last year, more than 18,000 cases of child identity theft were reported to the Federal Trade Commission. The Huffington Post suggests even 18,000 doesn’t come close. “The real figure…is probably much higher because the crime often goes undetected….. ID Analytics estimates that more than 140,000 children are victims of identity theft each year, based on a one-year study of those enrolled in the firm’s identity protection service.

“In the largest study on child identity theft to date, researchers at Carnegie Mellon University found that 10 percent of children were victims of identity theft, compared with less than 1 percent of adults. The study, which was published this spring, analyzed more than 800,000 records — including 40,000 belonging to minors — compromised by data breaches in 2009 and 2010. The data was provided by the credit monitoring service Debix.”

The Huffington Post story says, “Thieves now exploit a gap in the system used by the three major credit bureaus to check consumer credit. When the bureaus pull reports, they look for matching names, birthdates and Social Security numbers. But identity thieves escape detection by pairing a child’s number with a different name and birth date, creating the appearance of a consumer who is applying for credit for the first time. Debix says it recently ran credit reports on 381 cases of confirmed child identity theft and found that credit reports only turned up fraudulent activity in four cases, or 1 percent.”

Companies are able to cross check names, birthdates and SSNs with the Social Security Administration, but the agency charges a $5,000 fee upfront, plus $1 for each check – a tab many companies don’t care to pay.

Stuart Pratt, president of the Consumer Data Industry Association, the trade association for the three credit reporting agencies, asked, “How can somebody open up any kind of account with just a name and Social on its own? Authentication should be much more than that. It has to be robust.”

In the late 1980s, the Social Security Administration started requiring parents to list their children’s SSNs to claim them as dependents. Newborns got spanking new credit histories that remained that way till they turned eighteen. It was an open invitation to crooks.

So what happens when thieves have a multi-year head start?  The Huffington Post relates the story of Jaleesa Suell of Oakland, California.  When Jaleesa was 17, a thief stole her identity to open a credit card. She didn’t find out until she turned 21 and was denied her first credit card. The reason?  She had a $300 unpaid credit-card debt, which had been sent to a collection agency.

Now 22, Suell has spent the last six months disputing the fraud with Plains Commerce Bank, based in South Dakota, where the account was opened. Before accepting the charges were fraudulent, the bank insisted that Suell provide a full police report. But the Oakland Police Department has refused to provide such a report because $300 does not meet the department’s threshold.

Identity Theft 911, which is working pro-bono to help Suell, plans to write letters to the FDIC, FTC and the Better Business Bureau to pressure the bank to “do the right thing,” according to Kelly Colgan, a spokeswoman for Identity Theft 911.

If her case is not resolved, Suell fears she will graduate college in May and be unable to rent an apartment or acquire student loans for graduate school due to her damaged credit.

“I’m at an impasse,” she said. “It’s extremely frustrating.”

Story after story follows the same pattern. Even when victims are able to clear their names, they have still been forced to devote big chunks of time and energy to that end. And that’s time and energy that could be put to better use like improving their grades, finding jobs, etc.

By ThreatMetrix Posted