Few things evoke a more visceral response than the prospect of a child being endangered. Any study that says that child identity theft is a significant and growing problem is bound to garner a significant amount of attention. In this case, it isn't just hype; the problem is indeed real and growing.
A study published in March by Carnegie Mellon University's CyLab and sponsored by the identity protection services provider Debix found that 10.2% of the 43,000-plus Social Security numbers belonging to minors in a sample population already had an active credit file. There is little reason for a child to have an active file, and in this case 76% of the credit activity on the minors' files was found to be fraudulent. While the population was not statistically significant, it is notable that only 0.2% of the adult SSNs that were part of the same study had experienced unauthorized use. This trend is echoed by Q3 2011 Aite Group interviews of fraud mitigation executives at 32 North American financial institutions, including 19 of the top 35 banks. A number of the respondents said they saw child identity theft as a growing issue.
As with many types of fraud, a family member is often to blame for child identity theft. However, children's Social Security numbers are an increasingly valuable target of the organized crime rings that perpetrate financial fraud. A child's Social Security number represents a clean slate, so it is relatively easy to establish a new credit file using a bogus identity. The unauthorized use of the Social Security number typically takes much longer to detect than it does for an adult, as it is not actively in use. The issue is not limited to the exposure of a child's financial identity; there have been many cases in which compromised Social Security numbers were used by criminals to create synthetic identities, which then became associated with arrest warrants and a host of other problems.
Assuming that the vast majority of parents do wish to proactively protect their child's financial identity, the question is how can the financial services industry enable them to do so? One obvious tool is the credit bureau security freeze, which locks an individual's data at a credit reporting agency until that person gives permission for the release of the data. The challenge with this approach is that a credit file does not exist until a credit issuer reports activity. Most children, therefore, do not have a credit file to freeze. A request to freeze a nonexistent file is a cumbersome process, and there is no guarantee that it will serve the purpose, as most credit bureaus use multiple data elements in the formation of the credit file, and do not necessarily rely on the Social Security number as the primary key. So instead of a freeze, potentially monitoring services are a better enabling tool. A few of the monitoring companies have already packaged their services for this very purpose.
There are other tools that are readily available today, and in use to varying degrees. Credit bureaus and other identity verification tools have flags that can highlight the fact that the applicant identity has no prior history. They can also flag if an Social Security number was recently issued, though unfortunately the Social Security Administration is about to migrate to a random issuance approach, which means the recent issuance flag will soon be rendered useless.
The most effective way to address the issue would be if credit bureaus or credit issuers had the ability to query the Social Security Administration to positively verify the name, Social Security number and date of birth of the applicant. Such access would go a long way toward helping to weed out a significant amount of synthetic identity creation, and would help make a security freeze much more effective. The financial services industry has been lobbying for better access to this data for some time, with little success.
Today, there is no silver bullet. A handful of products purport to help prevent child identity theft are on the market today, and there are sure to be more. There is certainly an opportunity to increase consumer awareness of the issue, and bring to market services that enable proactive vigilance, though no product or service can truly solve the issue. The best approach to mitigating the child identity theft exposure is for parents to be aware of the vulnerability, periodically monitor their child's financial identity and question any entity that asks for a child's Social Security number.
Julie Conroy McNelley is a senior analyst with Aite Group's retail banking practice, where she covers fraud, data security, anti-money laundering and compliance issues.