Corporate identity theft is on the rise as fraudsters look to cash in, writes Gabrielle Monaghan
The BBC show The Real Hustleportrays simple scams performed on unsuspecting victims before the secrets behind the cons are revealed. However, fraudsters are not just preying on members of the public - they are increasingly targeting companies in search of bigger loots, with corporate identity theft being singled out by experts as one of the fastest-growing risks facing organisations today.
The challenge of data security came to the fore in 2005 amid a string of high-profile identity thefts. LexisNexis and Bank of America all said that information they had kept on individuals could have fallen into the wrong hands, while hackers managed to defraud at least 750 Americans after they stole data on 145,000 people from the database manager ChoicePoint.
While much of the spotlight to date has focused on the larger problem of personal identities being used to open bank accounts, obtain credit, and secure social security benefits, fraud specialists are warning corporate identity theft is rising at an alarming rate.
Ten per cent of companies in Ireland have been subjected to corporate identity fraud, according to RSM Robson Rhodes, which recently undertook the country's most in-depth survey into economic crime.
Last year, some Bank of Ireland customers received an e-mail claiming to be from a female member of staff requesting their bank details in return for the chance to receive $3 million.
The sender said she was the accounting officer for a man who died in the London bombings in 2005, leaving the sum of $7.5 million in his private account. The e-mail asked those who received it to act as next of kin in exchange for 40 per cent of his inheritance. His name was not found on the list of the bombing victims.
Phishing, a type of fraud where e-mails purporting to be from banks and credit-card companies are used to glean unauthorised access to consumers' accounts, is becoming increasingly frequent, according to Patrick D'Arcy, head of forensic services at RSM Robson Rhodes. Increased internet penetration has boosted the availability of information in the public domain, making identify theft easier and more widespread.
However, organised crime gangs and other fraudsters often take on a company's whole identity by setting up a business under a legitimate organisation's credit and name. Documentation filed to the Companies Registration Office can be manipulated if organisations don't regularly check their details, giving rise to fraudulent trading without the knowledge of the legitimate company.
As a result, they can obtain corporate credit cards and run up liabilities as well as sell products under the company's brand name. This can damage a company's reputation and increase insurance premiums and borrowing rates.
The consequences of corporate identity theft can prove especially catastrophic for small businesses, D'Arcy says.
Some of the most common abuses of a company's brand name include mass production of CDs and DVDs, designer-clothing, cigarettes and other high value goods for distribution through the black market.
One of the most extreme examples of corporate identity theft is that experienced by electronics group NEC. The company had to restate its earnings for the previous five years after discovering that an employee at a wholly-owned subsidiary had been fabricating business deals and selling counterfeit products for years, inflating sales by a total of 36.3 billion yen (€231 million).
The group believed the transactions were falsified by a 50-year-old manager acting alone. The company had not been able to detect the fraud in large part because the manager involved had been in a position to prepare all the necessary documents to make the fictitious trades look real.
Serious corporate identity frauds often involve insiders, experts believe.
"If I am called in to a company and the board of directors says €200,000 is missing and they think it's someone in the post room, I would shut the door and say 'I think it's one of you'," said D'Arcy, who took part in high-profile fraud investigations with the Garda fraud squad and Criminal Assets Bureau before joining RSM Robson Rhodes.
Organised crime gangs, usually foreign, will even infiltrate a company by planting a member within the workforce in order to obtain confidential information.
"A group of people working for a firm that provides services to banks was out to lunch in a central location when a young foreign lady approached them and said she'd like to work for them to learn some English and gain some experience," D'Arcy recalls.
"Three months later, she left and the office had been broken into by someone who had a code for the alarm. They'd left the window open but there was very little gone apart from some petty cash.
"It was discovered that the system had been used for two hours when it shouldn't have been. The woman left the country two days later.
"Even in a tight labour market like Ireland where companies need to increase employee numbers, the rules of engagement needed to get them in should still be thorough. You need to be especially careful when recruiting key personnel who will have access to confidential information."
D'Arcy also recommends that organisations protect themselves from the threat of identity theft by disposing of documentation carefully instead of just throwing paperwork in the bin. Fraudsters tend to use bank or credit information, utility bills, birth certificates, driving licences and passports for individuals, as well as incorporation certificates for registered offices and directors' appointments for companies.
"Disposal of paper information has to be done in a secure way," he said. "As well as shredding, a simple technique is to scrunch confidential documents in a ball and run the tap over it so the information is illegible."
The forensics expert warns that along with searching for information in a company's rubbish bins, fraudsters may also steal post from vacant offices or premises.
"Because we have more high-rise buildings, there is more communal post," D'Arcy said. "Companies can arrange to have the post collected at the post office or can rent out a post office box. And when companies are moving offices, they should ensure someone is going back to the old premises at least weekly to collect the post."
Organisations can also help avoid identity theft by ensuring computer users' digital identities are protected, monitoring their credit status on a regular basis, making sure controls over bank reconciliation and statement reconciliation with suppliers are robust, reviewing information at the Companies Registration Office, and visiting the premises of new debtors.
"The key issue to protecting your company's identity is to ensure personal information on clients and the organisation's own credit cards and statements are kept confidential and secure," D'Arcy said. "We all owe it to ourselves to be more vigilant."
