Congress should write legislation that makes it easier for parents to monitor children's credit, protect their identities and repair the effects of fraud against minors.
Millions of Social Security numbers and other personal information were compromised in the 2014-2015 Anthem data breach. This includes personal information belonging to children. For a parent, it's a helpless feeling to not know how to protect your own child from a threat that will not go away. Fraud committed against minors can go undetected or remain dormant for years because, unlike credit card numbers, Social Security numbers are very difficult to replace.
Getting a credit report for a child isn't as simple as you might think. TransUnion is the only credit bureau that offers an online request form. Experian requires a written request mailed along with photocopies of your child's Social Security card, birth certificate and other personal documents. Equifax may have the worst process of all. It requires the same treasure trove of sensitive paperwork to be mailed in an envelope conspicuously marked with the words "Minor Child."
This confusing process should be standardized across all three credit bureaus, and should not require a child's personal information to be put at further risk. There's already a precedent for this: When you place a credit alert with one credit bureau, it's required by federal regulations to notify the other two.
There is also the threat of stolen information being used to commit tax-refund fraud, health-insurance fraud and many other types of fraud that take advantage of federal and state benefit programs. There are no guarantees that a credit report will uncover fraud like this.
The government should take the lead here and notify taxpayers when a dependent child's Social Security number has been used to obtain a government benefit or tax refund. Cross-referencing government databases and reporting irregularities might actually save the government money; billions of dollars are lost to fraud each year.
Failing that, a breached company such as Anthem should be liable for monitoring fraud, recovering financial losses and restoring a child's credit standing until he or she turns 26 years old (the age at which children are required to get their own health insurance). Anthem has partnered with AllClear ID to provide victims with identity protection and repair services for two years, but that leaves a huge coverage gap for young children. A 3-year-old will be covered until he or she is 5 years old, but then it becomes the parents' financial burden to maintain protection for 13 years or more.
Breached companies are also victims in these situations, but it is also the responsibility of companies to keep customers' data safe. By making companies liable, they may increase their security measures and rethink how necessary it is to request and retain certain kinds of personal data.
The views expressed are those of the author and do not necessarily reflect the views of the publisher.
