Consumers aren’t the only ones being targeted by fraudsters in identity theft schemes - businesses are equally vulnerable. Because businesses often don’t discover that a crime has occurred until major losses start to accumulate, there’s a potential for massive monetary loss and their reputation, finances, and credit have already been dealt a severe blow that may be hard to recover from.
Reported cases of corporate identity theft increased 46% in 2020, according to the National Cybersecurity Society. The pandemic is one of the main drivers, with fraudsters focusing on corporations instead of consumers because of the bigger bank account balances and higher credit limits.
Corporate identity theft involves a fraudster impersonating a business to perpetrate fraud. The tactics may resemble a classic phishing scheme, where a fraudster pretends to be a company executive who urgently needs a wire transfer to a new or unknown account. Or it might involve a merchant account being created in a company’s name, or the fraudster leveraging malware to infiltrate business networks to acquire billing and invoice information or financial account details via email threads.
What’s important to know is that any business is at risk for corporate identity theft.
That being said, smaller and new businesses are some of the most targeted because they often have weak fraud systems and controls in place and less sophisticated infrastructures, enabling fraudsters to easily work around potential obstacles.
But any business is at risk for corporate identity theft.
We see different approaches are taken, such as long and short firm fraud. Long firm fraud is where the company controlled by fraudsters has a good reputation and credit history (eg, they have a positive track record for orders and payments on time and are a trusted supplier). The company then changes its activity and places much bigger orders, perhaps several in quick succession, but then suddenly disappears without paying and sells the goods.
Short firm fraud involves the company controlled by fraudsters filing several sets of false accounts and director appointments within a short space of time. The company is a new supplier to the victim’s business, and it gets goods on credit, which are delivered to third-party addresses. The company then soon disappears without paying and sells the goods.
What we’re seeing is that many fraud schemes manifest as:
Tax fraud: a fraudster uses tax subsidies to file fraudulent returns or get tax refunds;
Financial fraud: a bad actor opens up new credit cards, lines of credit, or loans in the company’s name;
Ransoming trademarks: A business logo or name is registered as a trademark, and then a fraudster ransoms the company to relinquish it.
Some other tactics may involve creating merchant accounts in a company’s name, phishing schemes to get hold of a company’s credit information, and filing fake documents to alter the names of company directors to enable the fraudsters to more easily open up credit lines at financial institutions later on.
There are also challenges around umbrella company fraud, whereby fraudsters exploit temporary workers reducing the amount of money they need to pay in tax. There isn’t a standard mini umbrella company fraud model, but this type of fraud evolves as organised criminals try to hide their fraudulent activities from the taxman.
But that’s not all, other consequences can include:
IRS audits
Credit score drops
Lawsuits
Bankruptcy
Operational disruption due to inability to pay employees, vendors, or suppliers.
Another concerning and emerging threat, as a by-product of the pandemic and vast government stimulus programs, are the use of synthetic identities used in corporate identity fraud. This type of fraud takes patience on the fraudster’s part because they have to mature a fake ID or multiple IDs - often a synthetic identity consisting of both real and fake information - and create a shell company with fake employees and offerings before they make their move to take out a commercial loan, for example. This type of scam is time-consuming and complex, but the larger payouts make the extra effort worth it because fraudsters can take out commercial loans for hundreds of thousands of dollars.
Bottom line - corporate identity theft can evolve into even bigger losses, especially given the complexity and breadth of the infrastructure and network fraudsters build to steal government funds.
This is a huge challenge for financial institutions (FIs) to combat, but advanced technologies like artificial intelligence (AI), machine learning, and automation, along with massive amounts of data, have proven effective in addressing the issue.
Data can authenticate identities and fill in any information gaps, and advanced analytics ensures that risks can be efficiently recognised and managed so that FIs can:
Facilitate identity-related intelligence, identity risk scores, and behavioural analytics for early and ongoing account monitoring;
Detect stolen or synthetic identities at the point of new account origination and throughout new account phases;
Identity verification flows can be orchestrated to augment customer account opening journeys across business lines and products;
Make faster, reliable risk decisions based on a single identity risk score.
Another piece of the puzzle is converging identity verification with entity resolution to gain a more comprehensive view of applicants and their relationships to accurately detect complex information, like synthetic identities or manipulated features. The benefits of this approach also extend to customer due diligence (CDD), alert investigation, transaction monitoring, and enhanced due diligence (EDD).
Fighting sophisticated fraud like corporate identity theft isn’t easy, but these approaches can go far in deterring fraudsters.
This editorial was first published in our Financial Crime and Fraud Report 2022, which showcases the innovation and development of the best practices and instruments used by financial institutions in their fraud prevention activities, to improve the digital onboarding process of their customers while fighting against financial crime.
About Glenn Fratangelo
Glenn Fratangelo, NICE Actimize Head of Marketing and Strategy, Enterprise Fraud Management, is a marketing leader with a deep understanding of technology markets, building and launching technology products, services, and alliances.
About NICE Actimize
NICE Actimize is the largest and broadest provider of financial crime, risk, and compliance solutions for regional and global financial institutions, and government regulators. NICE Actimize provides cross-channel fraud prevention, anti-money laundering, and trading surveillance solutions that address payment fraud, sanctions monitoring, market abuse, customer due diligence, and insider trading.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now