100,000 SMEs Victim Of ID Fraud

Life assistance experts CPP have recently carried out a study that has found that identity theft has affected around 100,000 small businesses, costing them on average £13,500 each. This £1.3 billion across the country has meant some people have ended up losing their businesses.

The loophole within Companies House allows somebody to register as a new director or to change company address details without first notifying the company directors or company secretary. This 'modus operandi' is catching on as criminals simply have to submit a paper form to change these details. 22% of Small Medium Enterprises admit that they operate lax procedures and protocol leaving them open to identity theft. However, the vulnerability of companies may be set to rise as criminals catch on to the ease of corporate identity fraud.

The problem is that due to Companies House being a public information register, is does not check and validate the records in any way, including if the records are changed. Neither does it notify directors or officers if new documents are submitted. Companies House does however offer a system called PROOF which aims to protect companies against potential identity theft by giving them secure electronic filing of their documents.

Only 14% of companies are currently using the PROOF scheme offered by Companies House. This may be due to the procedure involved to become registered. First a company must register for WebFiling. This involves then registering for a security code, which identifies them as a user and registering for a company authentication code which is sent by post to the registered address. There is a possibility that this registration process could be open to fraud if the registered office had previously been changed by submission of a paper form prior to the fraudster requesting an electronic security code. However assuming that a company has successfully and securely joined WebFiling, they are then able to opt-in for the PROOF scheme via their WebFiling account. The details being correct, Companies House will then reject attempts to file forms on paper such as: annual return, change of registered office address, appointment, termination or change of particulars of a company officer. Instead they will send the paper forms back to the registered company address.

The PROOF scheme therefore covers all the paper forms that have commonly been used
by fraudsters to hijack companies.

The majority of SME company directors (87 per cent) are not aware of these loopholes, which could put them at risk of corporate identity fraud.

Only one in 10 (14 per cent) is taking advantage of the PROOF scheme offered by Companies House, which offers secure electronic filing of documents to protect them against potential fraud.

And SMEs are also exposed to risk through their own data handling. Nearly half (47 per cent) say that their current employees have access to sensitive company data, almost two-thirds (61 per cent) admit they don’t encrypt company data, and a further fifth (22 per cent) allow employees to take sensitive documents out of the office.

While over a third (34 per cent) of SMEs confess that they don’t understand what corporate ID theft is – they need to as the reality is real. Victims of corporate fraud have experienced fraudsters applying for corporate credit/debit cards, spending money on credit, ordering goods without authorisation and even being able to withdraw funds direct from corporate accounts.

And the impact is severe – with victims reporting their company credit rating being affected as a result, damage to their company reputation and losing customers.

Michael Lynch, fraud expert at CPP said: “Our report demonstrates that corporate identity fraud is a real concern for businesses. It’s key that organisations ensure that they have secure methods of storing sensitive information to avoid falling victim to this growing problem.

“The current loopholes in the Companies House system make it worryingly easy for impostors to steal company information, and forge its identity, which can have huge financial impacts. We urge SMEs to take advantage of the safe online systems in place, to protect their business and for many SMEs, their livelihood.”

• Almost 100,000 UK small businesses have fallen victim to corporate identity theft
• Corporate identity theft costs businesses an average of £13,500 each
• 22 per cent of SMEs admit they may be vulnerable to corporate identity theft
• 87 per cent of SME directors are not aware of loopholes in the Companies House system which could put them at risk of corporate identity fraud
• Only 14 per cent of SMEs are taking advantage of the PROOF scheme offered by Companies House
• 47 per cent of SME directors say that their current employees have access to sensitive company data
• 61 per cent of SMEs admit they don’t encrypt company data
• 22 per cent of SMEs allow employees to take sensitive documents out of the office
• 34 per cent of SMEs confess that they don’t understand what corporate ID theft is

• Check with Companies House that the details stored for your company are accurate
• Enrol for the PROOF WebFiling scheme and sign up to the alert system which will warn you of any changes to company details
• If you receive a call claiming to be from Companies House try to obtain a phone number and contact Companies House immediately. NB. Companies House personnel never contact companies by telephone asking them for their security codes so should businesses
• Do not rely on Companies House records alone in determining whether to lend goods or services on credit – Companies House is merely a public register and not a credit reference agency
• Limit the access to company sensitive information to key employees
• Make sure all company sensitive information is securely destroyed before disposal
• Ensure that all company sensitive documents are password protected or encrypted
• Ensure that no company staff can take sensitive documents out of the office in printed format or on unencrypted USB sticks
• Ensure all hard copies of sensitive company information are stored in locked cabinets in locked premises

If you would like more information or advise on business identity fraud please call REALidentity on 0845 241 8550 or Google REALidentity