How to Protect Your Child’s Identity

Why children are ideal fraud victims and what you can do to protect them from identity theft.

Identity theft and financial fraud are ever-present threats in the digital landscape, and consumers are quickly learning the value of enrolling in credit and identity theft protection services. We as consumers are frequently reminded of the importance of these services every time we fill our personal details on a web form –– social security numbers on credit applications, home address and phone number when shopping online, and an email address/username and password for every site we sign up for. When protected by an identity monitoring service, we proceed confidently and without worry. However, consumers often overlook the need to protect their children from identity theft as well.

Why Children are Ideal Fraud Victims

To hackers, child identity theft is a goldmine. The tablet is the modern pacifier. According to the American Academy of Pediatrics, “up to 75% of young children have their own tablets, and infants are estimated to start handling mobile devices during the first year of life.” Mobile apps, video games, and online educational resources often require an account –– which is sometimes linked to a credit card or bank account. This leaves hackers with lots of low-hanging fruit to target for account takeover and financial fraud. And not to mention, children have social security numbers too, making them prime targets for identity theft.

Common Types of Fraud Against Children

1. Synthetic Identity Fraud – Credit Theft

You don’t often associate children and credit scores because children don’t apply for credit, and threat actors love that. A child’s social security number represents a blank slate –– a credit history that won’t be checked by its owner for years to come. A valid social security number is required to apply for a line of credit, and the applicant must be at least 18 years old. Due to the nature of how they are allocated, you can’t crosscheck identity attributes (age, for example) against an SSN. And so, threat actors leverage a concept known as Synthetic Identity Theft to combine a child’s valid SSN with fabricated identity elements to generate a synthetic identity. Sometimes, fraudsters will even charge and pay off small balances on credit accounts opened with these synthetic identities to boost their credit rating. This allows the fraudster to open much larger lines of credit they have no intention of paying back. Years later, when the fraud victim goes to open their first credit account and establish a credit history, they’ll get denied for decade-old accounts that defaulted.

2. Account Takeover

While synthetic identity fraud can be very lucrative for threat actors, it is a reasonably challenging feat that requires time, skill, organization, and patience. On the other hand, account takeover attacks can be quick, easy, and repeatable paydays for malicious actors. Having a high rate of access to an internet-connected device, children are ideal target victims of digital attacks, as they are naturally more naïve and less experienced than adults, and therefore more likely to be manipulated by a threat actor. As children get older, parents trust them to make responsible app-store purchases and link their credit card to their child’s account. Children unfortunately are not adept at looking for signs of fraud, nor do they have access to the linked account’s ledger to reconcile charges and purchases they authorized; furthermore, since parents expect a certain level of charges each month, it’s easy for fraudulent charges to slip through the cracks.

Attack Methods

Armed with decades of internet experience, even tech-savvy adults are not safe from cyber-attacks. The same attack vectors that work on adults, work with an even greater rate of success against children since they are less experienced in detecting that something is awry and still susceptible to common cybersecurity mistakes like password reuse.

1. Phishing

phishing attack succeeds when the victim is tricked into clicking a malicious link and entering their credential information. Unfortunately, a child is exceptionally susceptible to this kind of manipulation as children as it takes years of experience to learn how to identify legitimate emails, secure websites, and suspicious requests for information.

2. Identity Theft

Through no fault of their own, even a child may have their identity stolen because of personal details exposed in a data breach. Because fraud against children is often undetected for years, children are prime targets for identity theft.

3. Account Takeover

It is common for children to have various internet accounts with their parents’ payment account linked. Video games often have in-game currency, add-ons, and extras that can be purchased or unlocked for a price (of real money). In some video game “economies”, in-game currency or items are sold to other players for real money. An account takeover of a video game account can be very lucrative for a hacker, as they can purchase in-game items on the stolen account and quickly offload them to other players for money.

4. Password Reuse

Common to nearly every internet user, password reuse is a common habit that creates a big vulnerability. Children are more likely to use less sophisticated passwords that are easy to remember, and to make matters worse, very few account security questions are applicable to children. (Where did you meet your spouse? What was the make of your first car? What was your college mascot?) This limits the security questions a child can choose from, and their answers to these may be easy to guess.

How Do I Protect My Child from Identity Theft?

Children can be defrauded with the same methods that are effective against adults, so naturally they can be protected with the same methods as well. The best way a parent can protect their children’s identity and digital accounts is by enrolling them in an Identity Protection and Credit Monitoring Service. In fact, many of the top providers offer both family and children-specific plans.

An identity theft and credit monitoring service will give you the option to freeze your credit – this is a great way to prevent any lines of credit to be opened with you or your child’s SSN without your express approval. This can help avoid nasty surprises in your child’s credit history.

Identity monitoring is another critical component to protecting your children’s digital presence. Be sure to monitor their SSN, email addresses, usernames, and online gaming profile ID’s (sometimes known as gamertags). Knowledge of your child’s PII and credentials exposures on the dark web is an important step in preventing any fraud that may ensue.

Education– it’s never too early to teach your children how to identify phishing attempts, suspicious links, look to make sure a site is secure (often indicated by a locked padlock in the URL bar), never re-use passwords, create strong passwords and be suspicious of offers that are too good to be true.

How Constella Can Help

Constella Intelligence’s vast data lake of curated identity exposures brings industry-leading quality to deep and dark web identity exposure alerts. Carefully validated identity records ensure delivery of high-quality, actionable alerts. Six of the top 10 identity theft protection providers trust Constella to monitor over 195 million partner assets, providing access to over 66 billion compromised identity records. Constella supports monitoring of common PII attributes such as email address, SSN, telephone number, credit card numbers, name, and address, while also providing support and data for less common attributes such as Gamertags, medical insurance account numbers, and IP address. Finally, with the recent release of our Phishing and Botnet Protection service, can deliver an alert within hours of a monitored user providing credentials to a phishing website or botnet––a revolutionary new technology that can help the end-user remediate the risk of fraud before the threat actor can make use of the stolen credentials.

Keon Ramezani headshot

Keon Ramezani

Sales Engineer