One in five under-16s is defrauding their parents by using their credit cards to buy goods worth nearly £200m a year, says CPP group, a life assistance company.
More than one million kids regularly use their parents' cards and online accounts without their permission to buy goods, CPP found. The average purchase by under-16s is worth £23.90, and they buy on average 6.9 times a year.
CPP identity fraud expert Mike Lynch said he was shocked at the discovery. "We knew online and card-not-present fraud is on the rise, but we had no idea of the extent of teens' involvement," he said.
Market researcher Dubit, on behalf of CPP, a financial services and identity protection firm, quizzed 500 adults and 500 children aged 8 to 16 in the UK about their online buying habits.
CPP said, one in five of those surveyed shops online without parental permission, and almost three in four under-16s said their parents never supervised their internet activities. Almost half use their parents' credit cards, and four in 10 use their parents' PayPal account to shop online.
Only 2% of parents think their kids could have bought goods online without them finding out, but 20% of kids claim they have done it. Only 6% of parents knew their kids had access to their credit card details. More than four in 10 parents book mark their favourite online shops and one in three saves their card details online.
The survey also revealed regional differences. Cardiff teenagers were more than twice as likely as Manchester teens to shop online without permission (29% vs 13%), or to know their parents' user names and passwords (30% vs 17% in Birmingham). Brummie teens were tighter with personal information when shopping online compared to Londoners (6% vs 37%).
Lynch said leaving credit card details around could tempt kids into fraudulent purchases. Teens were also less cautious in the sites they visited, and this could expose parents' account details to criminal fraudsters, hackers and malware attacks, he said.
Lynch said parents needed to enforce good online disciplines on their children. "Parents should never click on 'save these details' when logging in," he said. "These are a gateway for other users of that computer to get into your accounts."
He recommended that they watch their bank and account statements for unauthorised transactions, and check their credit reports regularly for unusual activity.
Apacs, the UK payments agency, reported that card-not-present frauds (such as online purchases) were up more than a third, and has trebled since 2000.
CPP, which has nearly 10 million customers and sales of £225m a year, protects clients' payment cards, and watches accounts for possible fraudulent transactions. It also monitors credit status, and insures against identity theft.