| Tech trends

Child identity theft: how do I keep my kids’ personal data safe?

| 20 Jul 2023

Why is kids’ personal information in high demand, how do criminals steal it, and what can parents do to help prevent child identity theft?

Total identity fraud losses in the US were estimated at a whopping $43bn last year. While many of us are getting savvier about protecting our personal information online, can we say the same about our children’s data? 

Child identity theft is more common than you might think. Almost a million US children were victims in 2022, with incidents costing an average of $1,128 per household and taking 16 hours to resolve. That amounts to a problem costing Americans over $1bn annually.  This alone should be enough to focus our minds on the task at hand. So why is kids’ personal information in such high demand, how is it getting stolen, and what can parents do to stop it? 

A billion-dollar problem 

Fraudsters use children’s identity data for many of the same ends as they do adults’ information: 

  • Opening bank accounts to use in money laundering and scams 
  • Opening new credit card accounts to run up debt 
  • Fraudulently obtaining welfare benefits and loans 

Why are youngsters’ details so popular among the criminal fraternity? A big part of the attraction is the fact that children typically don’t have bad credit ratings. That means the fraudster has greater confidence that banks or government agencies will not block their attempts to monetise stolen identity data. The victim is also less likely to notice that their identity has been stolen because—even if they have one – kids won’t be primed to check their bank account or credit report regularly. Scams may go unnoticed for years. 

Another popular technique which lends itself well to child identity data is synthetic fraud. This is when a scammer combines personal data from several sources: some real, some fake. A brand-new identity is thus created using that all-important child data to ensure a clean credit history. 

How child ID theft happens 

The cybercrime underground is a well-oiled machine where different actors have different roles. Cybercriminals typically harvest personal data and sell it on dark web marketplaces and forums for fraudsters to use in follow-on attacks. 

Phishing via email, social media or even text. Individuals are lured to click on malicious links, potentially installing information-stealing malware, or else tricked into handing over their personal details – perhaps to enter a non-existent prize draw.

Third-party breaches. Roughly 1.7 million American children, or 1 in every 43, had their personal information exposed and potentially compromised via a data breach last year due to no fault of their own. 

Account takeover: Gaming, social media and even online learning accounts can be valuable troves of identity information. They can be compromised via phishing attacks, brute-force password cracking/guessing and other techniques. 

Oversharing on social media: Parents can be as guilty as their kids of sharing too much personal information via social accounts. Even birth dates and details about their schooling can be weaponised in follow-on scams designed to elicit more info.

Family members: Familial fraud is shockingly common. In an estimated 67% of households that experience child identity fraud, the victim personally knew the perpetrator(s). Close-up access to sensitive documents gives these family members the perfect opportunity, and an assumption of innocence means fraud can go undetected for years. 

Physical theft: The old ways are still popular, such as seizing documents from the trash or even direct from the mail. 

How to keep your child’s identity safe 

Fortunately, several tried-and-tested best practices can have a significant positive impact on child identity risk and need not be too onerous. They include: 

  • Avoid oversharing information about your child on social media. Sharenting is best avoided unless accounts are well locked down. 
  • Monitor for unusual activity on your child’s accounts (bank, phone, etc.). 
  • Consider a credit freeze for your child with the three US credit bureaus (Experian, TransUnion and Equifax) so banks and other providers cannot issue loans/credit in your child’s name. 
  • Keep all household machines/devices updated with the latest patches and anti-malware software. 
  • Explain to your children the dangers of oversharing on social media, phishing attacks or identity theft. 
  • Limit the number of accounts/services your child signs up for. Put in your details where necessary instead. 

Spot the warning signs 

Alongside preventative measures, it makes sense to stay alert to the prospect of fraud attempts using your children’s identity data. The following are tell-tale signs something may be wrong: 

  • Unusual or unexpected bills/statements arrive addressed to your child. 
  • Welfare benefits are denied because the government claims they’ve already been paid to your child’s Social Security number. 
  • IRS letters demanding taxes from your child. 
  • Bank account applications are rejected due to poor credit history. 
  • Collection agencies start calling, asking to speak to your child. 

What to do in a worst-case scenario 

If the worst happens, it’s important to take action quickly. Get a credit report for your child, and if there’s anything there, immediately freeze it. Next up: 

  1. Report the incident to Action Fraud
  2. Report the incident to the police. 
  3. Notify all three credit bureaus. 
  4. Notify any organisation where your child’s info has been used to open a fraudulent account. Ask them to close it and get a written confirmation that your child is not responsible. 
  5. Identity fraud is a part of life – sadly for our children too. Being a responsible parent in the digital age may require more effort than it did 20 years ago. But doing so is non-negotiable. 
ESET Parental Control for Android ESET Parental Control for Android

Make the internet safer for your children

With ESET Parental Control for Android

TRY FREE FOR 30 DAYS