The following scenario is,
Page 17
Page 18
If you've noticed an error in this article please click here to report it so we can fix it.
unfortunately, all too common an occurrence. An operator that runs a tight ship with good controls over its finances suddenly receives demands for payment for debts it doesn’t recognise. After much investigation it appears a third party has used the business to fund criminal activities. It later transpires that the owner’s identity has also been cloned and someone else has a driver’s licence, credit cards and a new bank account in the owner’s name and has used them dishonestly.
Companies House says it sees between 50 and 100 cases of identity theft every month. Worryingly, these cases only cover incorporated businesses.
The cost of fraud is estimated at about £75bn a year, according to the National Fraud Authority (NFA) in its 2012 annual fraud indicator, and while these figures include all forms of fraud, the NFA report indicates that all sectors of the UK economy and business are at risk.
It’s surprisingly easy to hijack a company by changing a director’s name, address and the registered business address. Companies House takes all documentation at face value – there is no checking of submissions. For example, a supplier of truck components will often check a customer against official records, such as the electoral register and Companies House, and accept the credit rating established by a legitimate haulier.
If the data given by the fraudster stacks up, then the deal is done, leaving the haulier to pick up the pieces. The truck component supplier will not necessarily know until it’s too late that fraud is involved.
Types of fraud
There are numerous forms of fraud. Some can be the result of a long-term sting where a firm is set up, or hijacked, with the intention of placing several small orders with a supplier. The orders are paid for quickly to build up confidence before large orders are placed and subsequently not paid for.
Another variant involves a phoenix company where the directors create a business, wind it up with substantial debt, then set up an almost identical company to begin the process again. This is a phenomenon the road transport sector is familiar with.
Criminals can also hijack a business with investment and personnel to take control from within. A business might appoint a new director or manager only to find out too late that they have been working against its interests all along.
Fictitious accounts
The owners of a newly registered company can also submit fictitious returns to Companies House featuring ‘too good to be true’ accounts. This creates a perfect credit rating from which they can source credit, which of course, is never repaid.
Few place the destruction of sensitive information high on the agenda; a name and address found in rubbish bins, combined with other personal information, can make for easy pickings. The internet also makes it simple to steal an identity by building on information found. As well as shredding documents, it’s important to protect social media sites by offering minimal identifying information.
Operators should review security on their computers and networks to prevent unauthorised attacks, by using encryption, firewalls, anti-virus and bank security software.
Navigation to a bank’s home page should be direct rather than through a search engine.
Levels of protection
Computers are vulnerable. In May 2012, Kent-based Lewys Martin was jailed for 18 months for creating and distributing software that harvested bank logins, credit card details and internet passwords from infected computers. Martin was only discovered by chance.
Companies House offers three levels of protection to registered businesses – WebFiling, PROOF, and Monitor. The services offer electronic submissions, security codes, and account monitoring and are free, although there is a £1 per download charge for reports.
Check, check, check
During times of economic stress, the risk of employee-based fraud increases. The 2011 CPP survey found instances of staff accessing HR databases and removing the data on USB sticks, as well as cases of staff stealing thousands of pounds from their employer.
It is important to run checks on business partners and directors as well as staff. The checks should include their credit history, any criminal past as well as seeking and reading references. The police offer tips on how to do this. ■