|
Business Identity Theft
Answer by Kristine Regele, CAMS, Sr. Compliance Analyst - ChoicePoint
Question: Is business identity theft becoming a problem?
Answer: Yes. While solid metrics to determine the prevalence of business identity theft are lacking, the subject is on the radar for many professionals.
We read about identity theft nearly every day. It continues to grab media headlines for many reasons: it is prevalent, it is often dramatic in cost and it victimizes millions of Americans. The media is primarily centered around individual consumers who have been victimized. In fact, the Federal Trade Commission states "Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number or credit card number, without your permission, to commit fraud or other crimes.[emphasis added]"1 By this definition, identity theft is a personal crime.
What you may not realize is that business identity theft is also becoming a problem. An article in Entrepreneur magazine in 2002 cited more than 50,000 cases of business identity theft through June of that year, reporting a 74.8% increase since January 2001.2 Industries have not studied business identity theft to the same extent as personal identity theft, and as a result, the impact and cost to financial institutions are not yet well understood. While industry lacks solid metrics to determine the prevalence of business identity theft, it is now on the radar for many professionals.
What does business identity theft look like?
Business identity theft can take many forms, but there is a common thread. Business information is stolen and used to initiate unauthorized activities that appear to be in the name of your business. It is quite similar in concept to personal identity theft, except that the fraud occurs at a corporate level rather than at a personal level. To help illustrate, consider the following examples:
- Products are acquired using your company's good credit, perhaps on a purchase order form that was stolen and forged.
- Checks are stolen, or counterfeited, and are used to purchase goods/services.
- Payroll checks are forged from other business accounts.
- Financing is secured by individuals pretending to be principals of your business, using business cards and letterhead created on a home computer.
- Someone creates a 'knock off" of your company's Web site (spoofing). It appears to be your official Web site, and through it, the criminal obtains information to defraud you and your customers. These "spoofed" sites can look amazingly authentic.
- Someone launches an e-mail campaign that appears to be from you - the e-mail looks official and tricks people into providing information (phishing).
- Claiming to be an official bank employee, a person calls your customers under the guise of helping them, but actually obtains personal information to use against them (vishing).
The last three methods (spoofing, phishing and vishing) are better known, probably because the end result is often personal identity theft. However, it is important to remember that in order to start the fraud cycle, the criminal needed to impersonate a business.
In June of 2007, the FBI disclosed an unusual international business identity theft case - an actual corporate takeover. Their investigation eventually resulted in "conspiracy, wire fraud, and other charges… [and the criminals] received prison time and paid $51,000 to the South African representative..."3
This year, banks are required to enact identity theft prevention programs. The regulations ("Red Flag Rules") largely focus on personal accounts, yet they specifically mention the vulnerability that exists in business accounts. In fact, in explaining the regulatory definition of covered accounts, the regulators write:
"While identity theft primarily has been directed at consumers, the Agencies are aware that small businesses also have been targets of identity theft."4
For this reason, the regulators defined covered account to include "any other account … for which there is a reasonably foreseeable risk …from identity theft." So the term covered account includes business accounts, but the regulation is risk-based, so banks should conduct a risk analysis to determine which business accounts should be covered by their program. Small business accounts or sole proprietorships may be vulnerable and, if so, should be considered for coverage.
It is prudent to consider business accounts in your identity fraud efforts. Technologies can help you verify business identities, as well as validate and credential businesses. Regarding business identity theft, the FBI article concludes, "It's good for businesses to be alert to the possibility. You just never know..."5
Try Bridger Insight XG FREE for 30 days, which addresses regulatory compliance, business ID verification and more. Bridger Insight™ XG is a sophisticated, easy to use identity risk management solution tool kit (including USA PATRIOT Act and OFAC compliance components). Designed for cost-effective, efficient customer screening and reporting, this product is trusted by the majority of the top 25 U.S. banks and over 4,000 clients. Bridger Insight XG facilitates streamlined identity verification, identity fraud and theft mitigation, due diligence investigations and extensive watch list screening
About ChoicePoint
ChoicePoint (NYSE: CPS) provides businesses, government agencies and non-profit organizations with technology, software, information and marketing services to help manage economic and physical risks as well as identify business opportunities. Each year, we help more than 100 million people who are seeking to obtain jobs, fairly priced home and auto insurance, and who wish to rent apartments. Our authentication and anti-fraud tools improve efficiency and instill confidence in the decision-making process for our customers and consumers. Consumers have free access to the reports we create at www.ChoiceTrust.com. Learn what we do to protect consumer privacy by visiting www.PrivacyatChoicePoint.com and, for more information on our company, go to www.ChoicePoint.com.
This document is not intended to constitute legal advice and should not be relied upon as such. The opinions herein are the opinions of the author and do not necessarily represent the opinions of ChoicePoint or any other entity referenced herein.
1 Federal Trade Commission Web site: About Identity Theft, (Mar 6, 2008).
2 Torres, Nicole L., "Identity crisis: make no mistake-business identity theft can happen to you if you're not careful", Entrepreneur, April 2003.
3 Federal Bureau of Investigation Web site: Corporate Takeover, A New Twist on Identity Theft, Jun 2007, (Mar 6, 2008).
4 United States Department of the Treasury, et al.,Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions act of 2003, Oct 2007, (Mar 7, 2008.)
5 Federal Bureau of Investigation, supra iii.
First published on BankersOnline.com 3/31/08
|
|
|
Print Friendly!
Email This Article!
Discuss NOW!