The recent data breach where a wide range of sensitive information was revealed to be available on millions of South African consumers should be a wake-up call to businesses.
This is according to Frank Knight, CEO of credit management company Debtsource, who says all South African businesses, regardless of size, must be more vigilant about any documentation, print or electronic, containing financial or personal information.
“It is more lucrative for criminals to target businesses, rather than individuals, when it comes to perpetrating identity theft scams as the pay-off in a commercial environment is significantly higher as normal lines of trade credit are usually much more than those granted in a consumer environment. These facts have not been lost on local fraudsters,” he says.
Globally this is a growing phenomenon and experts are calling identity theft “an absolute epidemic”. On the local front the problem is no less severe with an increase in the number of commercial identity theft cases reported. In some instances the value of goods lost an amount to hundreds of thousands of rands and commercial credit grantors need to become more vigilant in preventing this fraud.
But what is identity theft? Like personal identity theft, it occurs when a thief uses a business’ line of credit to fraudulently open offices or merchant accounts. If business identity theft goes on too long without detection, it can be difficult to recover, and a business could potentially go bankrupt.
In many ways commercial identity theft is easier than that of consumer credit. In commercial or trade credit there is no single specific document that has to be presented when applying for credit – such as an ID book. Registration papers in the case of a registered entity are also easily falsified, especially seeing that the majority of applications processed electronically.
Knight explains that with the proliferation of information available on companies, a potential fraudster can relatively easily source sufficient information on a business to complete an application for credit. Once the application has been approved, purchases can be made and the goods are then usually – but not always – collected from the supplier’s offices. Even if the credit provider diligently researches every new account application the likelihood of discovery is minimal as the research is primarily focused on credit risk rather than fraud detection.
“The scary part is that detecting this type of fraud is difficult and may mean that entities will have to change some of their procedures on normal account applications. The upside is that only entities who sell goods that are easily resold are normally targeted. Fast moving consumer goods; electronic equipment and building and hardware material suppliers are typical examples of industries that are more prone to being hit. Companies in these higher risk industries should be more vigilant, but measures should also be implemented across all sectors. A fraudster with a particular “order” for a specific product will just as easily target some other industry,” he says.
How to protect your business from identity theft
- Knight says the steps you need to take to protect your business are very similar to those you take to protect your personal identity:
- Destroy paperwork containing highly sensitive data. If you have paperwork with information that could compromise your business’ identity, shred it (and make sure you use a confetti shredder instead of a strip shredder so the paperwork can’t be pieced together).
- Regularly order a copy of your business’ commercial credit report.
- Sign up for electronic notifications through your banks and creditors.
- Have a set of procedures to follow if a business credit card is lost or stolen.
- Report any suspicious activity immediately to your bank or creditor.
What to do if you suspect your business’ identity has been compromised
Again, the steps to follow if you think your business’ identity has been compromised are very similar to the steps you would take if your personal identity was stolen:
- Contact the police and file a police report
- Contact all of your banks and credit card issuers as well as anyone else your business may have credit with
- Speak to the fraud department in credit reporting agencies and place a fraud alert on your accounts.
There are measures that can be employed to combat the crime:
- The preferred method of operation is to have goods collected. Unless absolutely required, never allow new account applicants to collect goods until payment has been received.
Ensure that the contact details on the credit application actually match the company’s contact details. In almost all cases of commercial identity theft this was found not to be the case, with the fraudster hoping that he or she will be contacted on some particular number to verify details. If an applicant states that they specifically want to be contacted on a mobile number, make a point of contacting the company on the referenced landline number and verify whether such a contact person is actually employed. In addition, a quick conversation with the company’s buyer, owner or financial controller at the referenced number, is probably the most effective procedure to combat commercial identity theft.
Obtain additional paperwork such as copies of the directors’ ID documents to accompany (as standard) new applications. While most of these documents are admittedly easily falsified it may serve as an additional deterrent.
Implement a policy whereby crimes such as these are always investigated and prosecuted, even if it means spending money on a private investigation. If a criminal knows that your company won’t investigate or prosecute you are more likely to be targeted and this serves as a significant deterrent if internal staff are involved.
Today’s consumers participate in a global marketplace where a world of goods and services are at their fingertips. But with the promise of new choices and technological convenience, many are unwitting victims of identity theft – an insidious practice that allows fraudsters to disrupt consumer’s lives and ruin their credit records. The first line of defence, for consumers and corporates is to learn about identity theft and take concrete steps to prevent it.