Regulatory Intelligence: Criminals Mix & Match Children’s Personal Data for Synthetic Identity Fraud

Topics: Fraud, Government, Government Regulation, Regulation & Compliance, Risk Management

identity fraud

Cyber-criminals and fraudsters are increasingly mixing and matching children’s stolen personal data to create new, synthetic identities for use in fraud and other financial crimes.

Criminals can buy a child’s Social Security number on the Dark Web for around $2 and can then mix and match this with other information to create new identities. They like to use children’s personal information, because it comes with a clean credit history.

Personal data — even children’s — is cheap and available on the Dark Web. Criminals take real names, addresses, Social Security numbers and mix them up to synthesize fake identities, which they then use to open bank accounts and apply for credit cards. Using children’s personal data for synthetic identity fraud has become a trend in the United States. In 2017, more than 1 million U.S. children were victims of identity fraud, according to San Francisco-based Javelin Strategy & Research.

“New-account fraud is the most pervasive identity fraud against children and checking their credit history is a major way to detect this type of crime,” Javelin reported. Often, however, it is parents, guardians, and other family members who use a child’s personal data to commit fraud. Javelin found that 60% of children’s identity theft was committed by a family member.

Fraud for All Ages

Synthetic identity fraud is not limited to children’s personal information. Financial crime experts say it is the latest trend in identity fraud for all ages. “We’re seeing a rise in synthetic fraud,” said Denisse Rudich, a London-based financial crime and anti-money laundering expert working on the newly established Coalition to Fight Financial Crime.

“It’s traditional information: you can buy personal information online on the black market — a name, date of birth, and an address — for a few dollars,” Rudich said. “We’re seeing hybrid identity theft that’s allowing new identities to be created. If you start mixing passwords, fake pictures, it’s hard to detect.” A complete set of personal data can be purchased on the dark web for about $21, she added.

Identity Theft Fuels Cyber-Crime & Fraud

Broadly, identity theft remains one of the biggest cyber-crimes, and today stolen personal data fuels a lot of cyber-enabled crime and bank fraud. “Identity theft is a huge problem,” said Shone Anstey, president and co-founder of the Vancouver, Canada-based Blockchain Intelligence Group. “People are exploited and now criminals are using automated systems to try to break into bank accounts. They’re trolling, trying to find someone to take the bait. The ability to buy identity on the Dark Web is easy and they use it for other kinds of frauds.”

While other kinds of fraud have declined in the U.K., identity theft is on the rise. In 2017, Cifas, a UK-based fraud prevention non-profit, recorded the highest-ever levels of identity fraud in the country, with 174,523 cases reported by its members — and 80% of these frauds were committed online.

U.S. identity theft statistics are staggering as well. Javelin found in 2017 that, despite industry efforts to prevent identity fraud, it struck 1.3 million more victims that year — a total of 16.7 million individuals, with the amount stolen rising to $16.8 billion. Javelin said that an increase in the number of data breaches had contributed to the continuing rise of identity fraud.