Businesses face similar financial identity theft risks to those we face as individuals, but the potential losses can be much larger on a commercial scale.
The identity thief and the confidence trickster share much in common. It is easy for a confidence trickster to say: “I work for XYZ Corporation, just charge it to their account.” And in the rush it can be tempting for businesses to accept these instructions, if the person appears to be credible and to know the usual procedures. After all, most businesses are keen for more trade and are unlikely to turn away a customer that appears to be credible.
If the thief has a little inside information, like an order number or order form in the correct format, a business card, or some more official-looking identity document, and if there is nothing inherently unusual or suspicious about the transaction, the chances are high that the thief will often be believed. Customer service people keen for business are much less likely to turn down what seems to be a credible business deal than would a suspicious accountant from the back room.
Smaller transactions are more susceptible: a taxi fare, a routine stationery purchase. They are also much less likely to be detected by a larger company through their internal audits. But identity thieves can be much more ambitious. Orders for goods to be delivered and charged to someone else, or sales of services, such as advertising that will never be published, are fertile areas for identity thieves.
Perhaps we think the world has become too sophisticated for a confidence trickster to get away with a deal like the legendary “sale of the Brooklyn Bridge” confidence trick any more. The longevity and huge ongoing scale of the famous Nigerian letter or email requesting an advance money transfer scam tells us that people and businesses today are as gullible and greedy as ever. A recent BBC report estimated this scam costs the British economy 150 million pounds each year, and that is the cost to just one of the many countries affected by this quarter century old scam.
The best defence against commercial identity theft is to have routine verification and documentation procedures in place. The larger the transaction size, the more important these procedures become. Just having a supervisor approve transactions over a certain amount can give a cooling off period and a second opinion opportunity to detect identity theft. Credit authorization procedures in most companies require at least some investigation before the transaction is completed. Procedures to verify unusual delivery instructions make identity theft more difficult. Many companies refuse to pay an invoice that does not have a matching company order number. More sophisticated transaction approval procedures assess risks according to past experience, and flag potential problems for closer attention.
But the simplest defence is just good customer service: if staff know a customer well it will soon become clear if an impersonator is not part of the customer’s usual team or is not doing business in the customer’s usual way.
Finding the right balance between growing their sales and fraud prevention is an ongoing challenge for companies. The use of information systems for fast data access and communication has made the early detection and prevention of commercial identity theft a lot more effective.
Commercial Identity Theft: Access Codes
|
