Vulnerabilities / Threats

4/27/2018
04:30 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

More Than 1M Children Victims of Identity Fraud in 2017

Total fraud against kids amounted to $2.6 billion and more than $540 million in out-of-pocket costs to families, a new report finds.

Data breaches are bad news for all victims but especially harmful to children. More than one million children were victims of identity fraud last year, costing $2.6 billion in total and $540 million in out-of-pocket costs to families.

The 2018 Child Identity Fraud Study, conducted by Javelin Strategy & Research and sponsored by Identity Guard, found 11% of households had at least one minor's data compromised in a breach last year. Nearly 40% of minors who found out their data was breached became victims of fraud. In comparison, only 19% of adults who were notified eventually became targeted.

High-profile breaches typically garner more attention; as a result, many people overlook the effects of identity fraud on minors. Children have limited financial histories, which presents a larger opportunity for fraudsters to leverage their information and build account networks. This "blank slate" lets perpetrators slowly grow accounts over time before tapping them.

Because children have no credit history, fraudsters usually fly under the radar as they build their schemes. They combine data from multiple victims to create identities. Social security numbers are particularly useful here because minors haven't yet established financial histories; as a result, their SSNs don’t raise red flags when they're used in identity fraud.

That said, the lack of history also makes things harder for perpetrators, who will have a tougher time getting high-value personal loans or credit cards using a minor's identity.

Sixty percent of child identity fraud victims personally know the fraudster using their data; the same can be said for only seven percent of adult fraud victims. Identity fraud against minors is hard to prevent because many perpetrators have legitimate access to the children's information. Two-thirds of child fraud victims are under the age of eight, 20% were between the ages of 8 and 12, and 14% were aged between 13 and 17.

Cyberbullied

Researchers also noticed a strong relationship between cyberbullying and fraud. Minors who were bullied online (6.67%) were more than nine times more likely to be fraud victims than those were not bullied (0.72%). The average fraud amount among bullying victims was $4,075, more than four times the average total among non-bullied targets.

"In many cases, fraud and bullying are not perpetrated by the same individual but arise from the same underlying vulnerabilities," says Al Pascual, senior vice president of research and head of Fraud & Security at Javelin. "Children who are unprepared to protect themselves from online risks are likely to encounter individuals who wish to target them emotionally or financially."

Most kids targeted with identity fraud are hit with new-account fraud, which affected 0.96% of minors in 2017, because they don’t have existing financial accounts. Adults, in contrast, usually experience existing-card fraud (ECF) because they're targeted for the value of their accounts.

Fraudsters do more than misuse children's identities to open new accounts and drain existing ones. Between 410,000 and 560,000 kids were affected by false tax claims in 2017, and attackers also use their data to gain unlawful employment or avoid punishment for crimes.

Ultimately, targeting minors leads to a bigger payout for perpetrators, who stole $2,303 when misusing the identities of children -- more than twice the mean fraud total for adult victims. It's also easier for adults to avoid liability for fraud, as they only have to pay an average of $104 per incident. The families of child identity fraud victims pay an average of $541 out of pocket.

Teaching kids to be cautious online lowers the likelihood of fraud. Only 0.69% of children of "highly cautious" guardians were affected by identity fraud in the past year, compared with 3.64% of dependents of less cautious guardians. More caution led to lower prevalence of fraud, and when fraud happened, it was for a lower amount and more easily contained.

You can monitor for new-account fraud by checking children's credit histories. Setting a credit freeze is among the most effective ways to prevent new accounts from opening in a child's or adult's name. Many states let parents or guardians freeze a child's credit.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for a two-day Cybersecurity Crash Course at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the agenda here. Register with Promo Code DR200 and save $200.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
4/30/2018 | 10:54:23 PM
Monitoring
Only thing that can be done now is monitoring unfortunately now that the information has already been lost. There are services that can be leveraged both paid and free, just depends on how much manual oversight you wish to put into this endeavor.
mmckeown
50%
50%
mmckeown,
User Rank: Apprentice
4/29/2018 | 11:55:13 PM
Re: Pending Review
Excelent summary.  Appreciate the report.  As a parent what are our recourses.  I was part of the OMB breach, which had information of my child in the data.  How do we confirm their information is safe until they take over control of maintaining their information.  Thanks, again for your article.
How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
Ricardo Arroyo, Senior Technical Product Manager, Watchguard Technologies,  1/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6497
PUBLISHED: 2019-01-20
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.
CVE-2018-18908
PUBLISHED: 2019-01-20
The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) attacks, whereby an attacker would be able to obtain the data sent in these requests. Some of the requ...
CVE-2019-6496
PUBLISHED: 2019-01-20
The ThreadX-based firmware on Marvell Avastar Wi-Fi devices allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of...
CVE-2019-3773
PUBLISHED: 2019-01-18
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
CVE-2019-3774
PUBLISHED: 2019-01-18
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.