Picture a 5-year-old’s Social Security card. For identity thieves who get their hands on it, that number could be used to apply for credit cards, rent a home or get government benefits, among other uses, according to the Federal Trade Commission. And it could be years before parents discover their children’s information has been misused.
“That child is not going to enter the credit world for 13 years,” said John Krebs, the Identity Theft Program manager at the FTC. “That is a very clean Social Security number. [A thief] can keep that Social Security number going for a number of years before somebody is going to look at it.”
In the wake of the Equifax breach, in which an estimated 145.5 million people’s private data could have been exposed, securing personal information is a growing priority. The consumer credit reporting company didn’t say how many of those records involved children and it didn’t respond to requests for comment.
Taking precautions and being proactive, especially when it comes to children’s information, is key to protecting against identity theft, Krebs said.
It’s difficult for experts to gauge how widespread identity theft is among children because of a lack of data, and surveys tend to undercount the number of cases, but officials know it’s a problem, Krebs said.
A 2011 report on child identity theft from Carnegie Mellon University’s CyLab found that of the participants surveyed, the rate of identity theft for children was 51 times higher than that of adults. Social Security numbers are of special interest because they can be associated with any name and birthdate, the report showed. They also offer thieves a clean financial canvas.
In order to protect that information, parents should be skeptical about handing over private documents, like a child’s Social Security number, without knowing how they will be used, Krebs said. He suggests getting into the habit of asking why organizations — like doctor’s offices — need the information and how they will protect it.
“There are a lot of instances where parents have control of the information. That is something parents can and should be doing — they should be focused on that and trying to minimize their risk portfolio,” Krebs said.
Parents should also be on alert for warning signs of child identity theft. If credit collectors are calling when children haven’t applied for credit or bills arrive in children’s names, that should raise red flags. Parents should then check to see if a credit report has been opened using their child’s name, Krebs says. (As a general rule, the FTC recommends parents check if their children have credit reports in their name when they turn 16. You can check for credit reports here.)
“If there is a credit report in your child’s name, you should freeze it,” Krebs said. “You want to clean it up, and make sure that profile can’t be used.”
In that case, all three major credit bureaus — Equifax, TransUnion and Experian — allow security freezes on minors’ credit reports, but parents should still be cautious.
“Parents and guardians should always remain vigilant for signs of their child’s information being used fraudulently, regardless of whether or not their child’s credit is frozen,” TransUnion spokesman David Blumberg said.
Parents can also ask a credit bureau to place a fraud alert on the credit report and file an identity theft report online with the FTC. Initial fraud alerts last for 90 days; once an identity theft report is created, an extended fraud alert lasts for seven years.
Krebs said most people talk about freezing their children’s credit as a precautionary measure, but security freezes aren’t available in all states, their durations vary and some charge fees to freeze. In 29 states, legislation allows credit reporting agencies to freeze minors’ credit reports at the request of a parent or legal guardian; but even then, parents should watch for warning signs of child identity theft.
“There is a tendency of people to think that ‘OK, I’ll just do this,’ ” Krebs said. “It is a great tool, but use it with the understanding that you still have to remain diligent. A lot of this comes back to you can’t control breaches.”