It’s been said that fraudsters are always evolving, and always looking for the path of least resistance in their efforts to steal identities and credentials to remain anonymous and … keep stealing.
No surprise, then, that identity theft is on the rise. But increasingly, the bad guys have trained their collective sights on the most vulnerable of populations — utterly defenseless, as some of them cannot even walk or talk.
Those victims are kids — in some cases, even infants. In the United States, according to some sources such as Javelin, more than one million children were victimized by identity theft — and the fraud costs their families more than $540 million.
At its most basic level, the key ingredients that are pilfered and then used to construct synthetic identities – where individuals’ personal information is stitched together to fabricate new identities — are tied to data that is given to us at birth: Social Security numbers.
In an interview with Karen Webster, Zac Cohen, general manager of Trulioo, said kids’ Social Security numbers represent a relatively easy target.
After all, no one checks whether their kids’ numbers are being used — and this points to common themes among fraudulent efforts.
“When we talk about fraud, whatever kind it is,” he told Webster, “we often talk about susceptibility.” Certain groups, such as the elderly, may lack familiarity with a certain process or technology, which leaves the door open for fraudsters. “But at the end of the day, it really boils down to the likelihood that the fraudulent attempt will be successful.”
In the past, Cohen said, children were unlikely to become targets in the first place, due to the simple fact that they lacked access to capital. And capital, of course, is always in the sights of the bad guys.
But with the convergence of smartphones, payments and eCommerce, digital conduits allow real goods to be sold for real money to and from just about anyone. There are now several different avenues by which fraudsters can take advantage of Social Security numbers — and children represent a greenfield opportunity.
And it’s relatively easy to find SSNs, Cohen added, noting that where scammers can uncover individuals’ birthdates, Social Security numbers are usually displayed nearby.
The fraud? Well, it can take years to discover. The bad actor who grabs a child’s SSN can leverage it for years, applying for loans that will never be repaid or signing onto credit cards that never are paid down.
Then, when the child becomes an adult and seeks access to the financial products that are stepping stones into adulthood, they find their credit profile irredeemably wrecked.
And, perhaps saddest of all, the fraudsters are sometimes the very people that should be the most trusted in the young person’s life: Cohen has seen an increasing incidence of parents and other relatives opening accounts with children’s SSNs and going on shopping sprees.
In other cases, money laundering gangs target kids across social media, and even through schools or video game platforms, to get access to a bank account and personally identifiable information (PII) data. They use children’s accounts to launder money. The victims themselves bear the consequences, as in later years they may be barred from opening bank accounts.
In many cases, false IDs are used to create accounts that lie dormant for years, which means the fraud is hard to track.
Proactivity And Positive Ripple Effects
The news seems bleak — but as Cohen noted, some simple, basic efforts can have long-lasting and positive ripple effects. “There are two principal actions for businesses that want to take preventative measures,” he said.
The first tool lies in communication, he told Webster. It’s a fitting subject for a conversation that took place during the month of October, which happens to be Cybersecurity Awareness Month.
Fraud prevention awareness programs are an underutilized and critical weapon to deploy against fraud, Cohen maintained, because awareness decreases susceptibility.
“If we do a better job of tackling the more commonly occurring fraud techniques, I think the outliers may, in fact, solve themselves.”
The second tool ties into the technology that is being used to facilitate, validate and monitor online activities — and especially financial transactions.
“Children are a difficult group to isolate in these areas, because they don't have the same technology or financial footprint as adults,” Cohen pointed out.
In one example, he noted that Amazon has just released a line of Kindles for younger users. As major names in commerce are targeting younger users, there are new opportunities to protect them.
Companies can deploy testers and specialists (aka white hat hackers) through bounty programs, Cohen said, to stay one step ahead of hackers and other wrongdoers. Payment service providers also need to ensure that their technology infrastructure is flexible. It may be a difficult task, but it’s not impossible, he noted — and the effort becomes easier if technology teams and risk and compliance teams work together rather than operate in separate silos.
Clearing and Settling Digital IDs
In the effort to “clear and settle” digital identities — to make sure compromised data (such as that which belongs to kids) is not being used — machine learning and artificial intelligence (AI) can be layered into those joint efforts, said Cohen. As noted in this space, Trulioo recently raised funding to help speed its buildout of a global digital identity network.
Such advanced technologies can designate expected consumer behaviors tied to PII, devices or other identifiers and then flag inconsistencies.
“We should have that same level of intelligence regardless of where the user is, who they are or what their ages may be,” Cohen said.
That goal involves all stakeholders, including regulators and government agencies, where ID verification programs are stitched together so they are interoperable with all the different services individuals use every day.
“There'll be more areas of fragility and more areas and populations that are susceptible to fraud,” Cohen told Webster. “That's why this conversation will never end. But the strategy and the approach needs to evolve so that we're better prepared for each new instance. For every new tool you create, there will be someone trying to take advantage of it.”