Identity thieves prefer the Personal-Identifying Information (PII) of children and young adults under the age of 18, as opposed to adults, because children are less likely to be checking their credit reports and catch the fraud.

The paper Child Identity Theft: New Evidence Indicates Identity Thieves are Targeting Children for Unused Social-Security Numbers written by Richard Power, Distinguished Fellow at Carnegie Mellon’s CyLab, offers the following proof:

● 4,311 or 10.2% of the children in the study had someone else using their SSN — 51 times higher than the 0.2 percent rate for adults in the same population.

● Child IDs were used to buy homes and automobiles, open credit card accounts, secure employment, and get driver’s licenses.

● The largest fraud ($725,000) was committed against a 16-year old girl.

● The youngest victim was five months old; 303 victims were under the age of five.

In that same paper, Power includes several what he calls “stranger than fiction facts every parent should know”:

Fact one: Many commercial and public-sector entities do not treat SSNs as unique identifiers. It is possible for one SSN to appear on more than one credit file, employment report, or criminal history — all mapped to different names.

Fact two: One reason minor SSNs are so valuable, there is currently no process for organizations, like an employer or creditor, to check what name and birth date is attached to that SSN. As long as an identity thief has an SSN with a clean history, the thief can attach any name and date of birth to it.

Fact three: While it is not a requirement for children to receive SSNs, many hospitals include applying for an SSN as one step for parents to complete before leaving the hospital with their newborn.

Why a credit report?

By federal law, information pertaining to children and young adults (under 18) cannot be included in credit reports. So, why get a credit report for family members under 18? It’s a pretty safe bet that whatever crooks are using stolen SSNs for requires them to be at least 18, which means the SSN will accrue a credit record, and therefore reportable.

To be fair, I did not figure out the connection between stolen SSNs and how they could be traced. Chase Cunningham and this article get credit for that. “Check whether your child has a credit record by asking each reporting company — Equifax, Experian, and TransUnion — to perform a manual search of your child’s file,” Cunningham mentions. “The companies will check for mentions of your child’s name and SSN, and any files using only your child’s social.”

Cunningham adds the following are red-alert warning signs:

● Receiving bills or collection notices in your child’s name

● IRS sent a letter requesting your child pay back taxes

● Lost or stolen items containing PII of family members

If there are indications of someone using a child’s identity, Cunningham suggests, “Request the credit-reporting companies to remove all accounts and collection notices from the child’s name and SSN. Then place a fraud alert on their account and file a fraud report with the Federal Trade Commission.”

The Cynja???

After reading the article, I became curious about Cunningham and visited the website

Cunningham and his partners Heather Dahl and Shirow Di Rosso are using a different approach. They want to get kids aged 5 to 12 interested in digital safety by weaving cyber-security messages into action-packed digital artwork on the website and in their books.

All three have experience in cyber security, but each has a certain niche that makes their plan work. Cunningham is the IT guru with a Ph.D. in information systems security. Dahl multitasks between journalism and business having a master’s degree in both. Di Rosso, a former IT engineer, is the team’s digital artist.

Dahl said her nephew prompted the idea for The Cynja. “One day, I’m watching my 5-year old nephew battle imaginary dragons,” she mentions. “I asked why don’t you fight real bad guys, the ones who live in our computers?”

The nephew’s look told Dahl the young boy had no idea what she was talking about. Dahl explained the world of digital crime in terms a 5-year-old would understand. Dahl remembers her nephew being immediately hooked, “Instead of dragons, he wants to slay malware and battle bad guys in his computer.”

She says the best part was when the nephew’s parents asked her why their son needs to protect his “digital self” from the bad guys. Dahl told me the term digital self is much easier for children to understand than digital identity. Besides digital self, another important concept the three Cynja masters teach is that children need to be leery of digital strangers just like real-life strangers.

Parents are getting it

When Dahl and Cunningham talk at schools, they try to sneak-in information for parents as well — such as getting credit reports for every family member regularly. Both mention it is rewarding when parents come up afterwards and mention how much they have learned.

Cunningham said, “This is important. Children could lose out on future jobs, internships, and loans that require a clean background check or credit report — all because they were victims of identity theft as kids. That’s a future I’m trying to help my daughters avoid. Growing up in the real world is difficult enough, and I do not want their digital lives to hold them back.”