Business Identity Theft a New Risk to SMEs

As individuals, we’re used to attempts to steal our identities, but increasingly the fraudsters are turning their attention to bigger fry – by assuming the personae of businesses. Indeed, as fraudsters cotton onto the opportunity, business identity theft is rapidly becoming one of the fastest growing forms of fraud in the world.

It is estimated that annually there are 12 million victims of business identity theft and rising. In the US, it has already been identified as the number one for profit crime in the country. It’s a major problem especially for small businesses and startups.

As with personal identity theft, fraudsters will attempt to assume the identity of a company. They will either use it to target the business itself or its customers.

As a small business you’d make a tempting target for a number of reasons. First, like all businesses, you’re likely to spend more than individual customers, which means banks are likely to extend larger lines of credit. If you’ve been operating legitimately, you may also have a good credit history which they will use to secure more favorable terms of payment from your suppliers.

Best of all, you’d make an easy target, because the crooks make this simple calculation. While larger companies might have robust procedures, smaller firms often don’t have the resources required to guarantee protection from business identity theft. It’s something that you need to address especially as much of the information that crooks need to steal your identity already exists in the public domain. 

The fraudster simply needs to know what to do with that information, as was the case with a young woman in the US who used payroll checks to steal the company’s bank details.

Worse still, the enemy can often lie within. Take the example of Sandra Gonzales who stole nearly $300million by forging the signature on company checks made payable to herself.

Be Wary of Emails from Banks

However, it’s not only your own identity as a business that you need to watch out for. You should be equally careful about the organizations you deal with. Consumers are used to so-called “phishing” emails which pretend to be from their banks, but increasingly, these same criminals are going after the potentially larger gains that attacking businesses offer.

The emails will claim to come from a well-known, reputable bank and will attempt to get you to hand over your login details. The message may play to your innate fears by warning you about an attempt to break into your account, and asking you to verify your bank details. The same advice applies for both businesses and consumers. Never trust an email even if it does appear to be from your bank and never click on the link shown in the site. 

Carefully Vet Suppliers

Dealing with suppliers can also be a minefield. A trick known as “long or short firm fraud” enables fraudsters to adopt the identity of an existing business. Often the business in question may be dormant which gives them some trading history to play with or they might create their own. In the long version they will work with you for a long period of time building up credit before they hit you with a major order. Then they wind up the company and vanish, never to be seen or heard from again. This approach can see companies taken for millions while a shorter approach sees them go for a quick raid.

As a company you should always be very careful about verifying the identity of any organization you deal with. Equally, you should take all possible steps to safeguard your own data and if you do hear of reports of your identity being stolen, take commensurate steps to recover monies, apprehend the fraudsters and mitigate any damage  to the reputation that your business suffers as a result of business identity theft.

Photo Credit: Davide Restivo