New Zealand has launched a trust framework for digital identity, a crucial step towards the country's digital transformation.
Preventing identity fraud in children
When we hear about identity fraud we automatically think of adults, but the reality is different. Considering the number of hours children spend on their mobile phones every day, it does not seem so far-fetched to think that they are an easy target for fraudsters. When children are surfing the Internet, they are not aware of financial, security and privacy issues, and are a great source of information for fraudsters. Children unwittingly provide all kinds of data that can be hacked and used for financial gain through fraud or other financial crimes. It is easy for fraudsters to obtain data from children in gaming chat rooms, on social media, even from data leaks.
One of the main types of fraud is Synthetic Identity Fraud (SIF). With synthetic identity fraud, fraudsters encode real, stolen or black market-bought personal identity data with false information to create an entirely new identity. This process can take years to bear fruit, making it even more difficult to detect.
Another common problem is family fraud, where the person committing the fraud is a close relative. This can sometimes involve a level of synthetic identity fraud, for example, where the child’s name and other details are used with a false date of birth. A 2012 study found that the perpetrator was a close relative or friend in 27 per cent of child identity fraud cases.
Identity theft in children
A synthetic identity may consist of a real name and date of birth, but use a false address and national insurance number from somewhere else. Fraudsters will then try to acquire new driving licences, passports and other identity documents.
Some of the worst damage can come when fraudsters manage to establish a synthetic identity that closely resembles the child’s real identity, changing only the date of birth. This can give criminals a blank slate on their credit history that will come back to haunt the child when they are old enough to apply for their first financial products.
The consequences can begin even before the child reaches the age of majority. It is not unusual for a minor to end up having to defend against fraudulent charges as a minor. In fact, with less legitimate paperwork tracing their true credit history, it may be more difficult for a child to prove their innocence.
Guidelines for parents
What can we, as parents and caregivers, do to protect our children from these risks?
–Educate: The most obvious step is to educate children and parents about data security and how to protect personal data online, including the reasons why this is necessary. Age-appropriate learning should accompany all these other steps, so that all but the youngest children are able to understand at least some of the risks and issues involved. When a child is old enough to be online unsupervised, they will need to know how to keep themselves and their data safe.
–Monitor: Parents need to know how to monitor their children’s online behaviour, including how to use parental controls and monitoring software where appropriate for their age. Parents or guardians also need to know the importance of monitoring mail and other offline data trails. Age-inappropriate mail can be a warning that someone is using part or all of a child’s identity to commit fraud.
From an organisational point of view, any company dealing with children’s personal data needs to be aware that it is also attractive to data thieves, and why.
The role of companies
Organisations also have a role to play – it is not only necessary for organisations to fight fraud for their own purposes, as fraud against children is particularly egregious.
1) Identity verification: Do not rely on a single database to verify new accounts. By checking multiple databases that include alternative data sources, you increase the likelihood that you will be able to detect identity anomalies. For example, mobile network operators have a wealth of data that is difficult for fraudsters to falsify.
The trick here is the depth of data history. Real people have real histories, including those from third-party sources. Children and newly created synthetic identities will have shallow or non-existent data sets behind them. The more places you check, the clearer it will be that there is little or nothing there.
2) Identity verification: The use of attestation techniques helps ensure that the individual has some connection to the identity in the real world. For example, identity document verification techniques require that the individual has government-issued documentation that matches the person. Mobile Two Factor Authentication (2FA) requires the individual to have access to the mobile number of the account.
3) Fraud tools: Sophisticated fraud prevention tools are increasingly available to help detect questionable patterns and stop losses. Keep in mind that while the techniques may make use of children’s identities, their ultimate goal is to make a profit. Monitoring unusual transactions, implementing additional security measures and deploying a security mind set will not only protect your business, but will also help protect vulnerable potential victims.
Fraud prevention when dealing with children is very important
Identity fraud affects children much more than adults. Even for adults, it is difficult to escape the tangle of charges, fines and accusations that can occur in conjunction with identity fraud. Knowing that, in many cases, child identity fraud goes undetected until the child applies for a student loan, making students four times more likely to be victims of identity fraud than the general adult population, one begins to realise just how bad things can get.
Imagine how many different cases of fraud and pronounced debts could appear in a child’s name if their data were used fraudulently for a decade or more. Now, imagine how much time and effort it would take to correct and return that child to the blank credit status he or she deserves. In the meantime, it could affect the loans he or she takes out to get into college, buy a car, rent a flat or many other important milestones in his or her life.
Acting early is important for your organisation and your children
Once you have a good understanding of what you are up against, you need to implement these preventive measures today. If you don’t want your children to fall victim to identity fraud, it’s not enough to just wish for it, you have to take action, because cyber criminals can take advantage of your children’s personal data at any time. This synthetic fraud can be carried out by organised criminals on a large scale, but it can also involve family and close friends changing the child’s age to take advantage of another set of names already linked to that address.
Do not think it is rash, as this type of fraud can go undetected for some time, and the consequences can be dire for both the companies and the children involved. The use of strong identity verification and authentication measures, such as the identification of unique data points and alternative authentication channels, are always a good idea when opening any account.