If You Think You Could Do It Better...

Every so often I find a fraud report that I just outright disagree with. Not just pick at here and there (I do that with every report), but one that I feel like is fundamentally flawed. This Javelin Child Identity Fraud report is the newest member of that club. The one thing I agree with is their statement, "child ID fraud is extremely underreported and misunderstood".

It's probably poor form to tear something apart like this, but in the interest in all of us performing stronger analysis and communicating ideas more clearly I started a list of grievances. And I did it as an article, because apparently I write too much for normal LinkedIn Posts.

My problems with CHILD IDENTITY FRAUD: THE PERILS OF TOO MANY SCREENS AND SOCIAL MEDIA?:

• The subtitle. "Screens and social media" aren't responsible for the current state of information security, at least not in the way this title implies. I know this is a contentious subject because I've seen reports go both directions, but I'm firmly in the camp of kids today being significantly smarter and more privacy-minded than someone like my mom who constantly blasts social media with geotagged photos, personal details, and no account masking.
• The premise. A ~25% year-over-year decrease means that the situation is getting worse? I read the whole report, and never really saw an explanation of how they reached this conclusion, just a lot of statements like "but things are worse than ever, so PANIC".
• The definitions. What exactly constitutes "child ID fraud"? The report never really explains that, but implies that it's a harrowing experience that significantly impacts the poor underage victims. 30% of victims have an account opened in their name, which means there's actually zero impact to them because by the time 15 years from now a child opens their first Amazon account, it's going to key off of a lot of things and "name" is at the bottom of the list if it's there at all.
• The pet peeve. Also, I'm going to keep fighting for a new term for what this report is calling "synthetic identity" - I use that term only for truly fabricated entities. Changing some information on a legitimate identity doesn't make it "synthetic", it just means that the victimized institution has insufficient matching and validation controls.
• The quantification. "The average overall cost of fraud for a single household with a child victim increased from $1,109 to $1,128." Who is actually incurring cost here? Every case of child identity fraud I'm aware of doesn't result in any living human being held responsible for paying something.
• The risk. To children? None, apparently. 92% were made whole by credit unions, ~80% for pretty much everything else. Those exceedingly high rates combined with the fact about perpetrators knowing the kids tells me that the remainder that weren't made whole were the parents/family that committed the fraud in the first place. Given the disparity between familiarity rates and reimbursement rates, I think that families of victimized children actually come out ahead in cases of identity theft. Maybe it's not quite that ridiculous, but like other aspects of this report something isn't adding up.
• The facts, part 1. 2% of minors have had their information exposed in a breach, according to this report. You know what percentage of adults have had their information exposed? 100%. Not that anyone can accurately get to that, because it would require all the unknown breaches to also be reported. The best guess five years ago was that 50% of adults had already been breached so even then the 2% guess about kids from Javelin would be absurdly low. I think it's safest to assume that 100% of everyone's information has already been breached and will continue to be, whether you send Instagram DMs or not.
• The facts, part 2. 67% of child identity fraud victims personally knew the perpetrators and 74% effectively knew them (virtually). The actual numbers are likely higher than that, so let's say 80% of the fraud was committed by someone who knew the child. How exactly are breaches and "kids staring at screens" responsible for this (non)rampant wave of child identity theft? It sounds to me like the solution is to never let your child meet anyone, ever.
• The analysis. These two sentences don't mean the same thing. At all. "Children’s social media accounts are criminals’ favorites to take over. The takeover of a child’s social media account—meaning the child’s identity is used to take the account over or open another social media account using the child’s personal information—is the No. 1 way criminals use stolen personal information from a child."
• The conclusion. This whole report feels like a parent upset at their children for doing things online out of the parent's control. Monitoring what your kids do online will not protect them from identity fraud. Not one bit. All you're doing is feeding your control issues and taking away their ability to learn how to make intelligent choices.
• The admission. I was so irritated and the report was repeating itself so much that I stopped reading by page 15. I am an unreliable narrator.

Like Mary Ledbetter in Short Poppies...I just have one small criticism.