In November 2009, Companies House was contacted by a Miss Halima Amir*, who complained her home had been used as the registered address of a business the Blue Electrical Company* without her consent. It also transpired that she had been registered as a company director, without her authorisation. When contacted, the real director, Mr. Omar Chaudary* stated that he was unaware of the change and did not know, nor had ever met Miss Amir.
The Blue Electrical Company is just one of approximately 100,000 small and medium sized enterprises (SMEs) across the UK who have fallen victim to corporate identity theft or company hijacking according to our research.
Here we will discuss the findings of the research, the threat that corporate identity theft poses and how CEOs can protect their businesses from this growing crime.
Corporate identity theft – the fraudulent impersonation of an organisation for personal gain – is a recurring problem for businesses of all sizes throughout the country. Many of these instances are facilitated by fraudsters changing key company information, such as business addresses and named directors on the register administered by Companies House. Once in possession of these key pieces of information, fraudsters can begin to trade illegally in that company’s name, applying for corporate cards, ordering goods without authorisation and withdrawing funds from business accounts. This can have a significant impact on a company’s reputation with its clients, suppliers and customers, potentially putting them out of business.
Awareness of the crime is alarmingly low among CEOs and to date there have been very few industry reports on the issue. In order to fully understand the scale of the fraud and determine whether businesses are taking the necessary steps to protect themselves, CPP, who specialise in protecting consumers and businesses against identity theft and card fraud, decided to delve deeper into the issue by commissioning research among more than 500 SME directors across different sectors. The research looked into victim profiles, the degrees of data protection currently used by SMEs and also the loopholes in Companies House systems which are putting businesses at risk.
The findings revealed some worrying insights into the threat posed by corporate identity theft. It also highlighted an alarmingly low level of awareness among SME directors about how they can safeguard their corporate identity.
While just over half of the SMEs CPP spoke to were aware of corporate identity fraud, only a fifth believed that their own company was at risk, illustrating how fraudsters can easily rely on their victim’s complacency to commit their crimes.
But the risk is real of the 100,000 SMEs across the UK who have been affected by corporate identity fraud, approximately £1.3bn of losses have arisen, with an average loss of £13,500 for every business. In some cases this was as high as £30,000. No small or medium sized business could afford to lose such a large sum, without causing serious damage, or even bankruptcy.
Victims of corporate fraud have experienced fraudsters applying for corporate credit/debit cards, spending money on credit, ordering goods without authorisation and even being able to withdraw funds direct from corporate accounts. And the impact is severe, with victims reporting their company credit rating being affected, damage to their company reputation and loss of customers as a result.
But these figures could be just the tip of the iceberg, as fraudsters are increasingly exploiting a loophole in Companies House data processing to hijack company identities. Under current systems, Companies House does not verify paper document validity, but merely accepts changes to company documents at face value. There are no checks if impostors try to register as new company directors or change a business address. Moreover, legitimate business directors are not notified if new company documents are filed, so they may never be made aware of fraudulent claims. Companies House receives on average half a million paper documents a month and does not have the resources or the statutory power to tackle the problem. But more worrying is the fact that the majority of SME company directors (87 percent) are not aware of this loophole.
But can we look to solely blame Companies House? While the lack of verification within Companies House presents a great opportunity for corporate identity fraudsters, it is also clear that businesses are not doing enough to protect themselves. Companies House has recently introduced an electronic based system; the PROOF system, which is an online security system, designed to help companies protect themselves from fraudulent filings as it prevents individuals from filing certain paper forms. While the number of companies signing up for this system is now increasing, CPP’s research shows only 14 percent currently take advantage of the scheme, leaving millions of businesses exposed.
CPP’s report also reveals an almost complacent attitude among businesses to their own data handling policies, which can equally put them at risk. Nearly half of SMEs throughout the country say their current employees have access to sensitive company data, while almost two-thirds (61 percent) admit they don’t encrypt company data that leaves the office. A further fifth (22 percent) allow employees to take sensitive documents out of the office, which risk being lost or stolen, as recent high-profile government cases of data loss can attest.
Corporate identity fraud is a growing problem and much more needs to be done to raise awareness among CEOs and protect businesses throughout the UK. In this current financial climate, the last thing business leaders need is to be investing priceless time and money in reclaiming losses through fraud, when they can easily be avoided.
Businesses should ensure they take a few simple steps and use systems in place to protect themselves, so they can concentrate on generating business and returning profits, without worrying about the impending threat of corporate ID theft.
CPP’s top tips to reduce the risk of falling victim to corporate identity theft:
– Check with Companies House that the details stored for your company are accurate;
– Enrol for the PROOF WebFiling scheme and sign up to the alert system which will warn you of any changes to company details;
– If you receive a call claiming to be from Companies House try to obtain a phone number and contact Companies House immediately. NB. Companies House personnel never contact companies by telephone asking them for their security codes so should businesses;
– Do not rely on Companies House records alone in determining whether to lend goods or services on credit – Companies House is merely a public register and not a credit reference agency.
– Ensure you check personal credit reports, business and personal bank accounts and invoices thoroughly. If you are unsure of any transaction, contact your bank immediately.
For more information, or if you are concerned that your company may be at risk, please visit http://www.cpp.co.uk
The names of the company and the people involved have been changed to protect their anonymity.