Identity Theft Commercial - Business Identity Theft
Businesses face similar financial identity theft risks to those we face as individuals, but the potential losses
can be much larger on a commercial scale.
The identity thief and the confidence trickster share much in common. It is easy for a confidence trickster to
say: "I work for XYZ Corporation, just charge it to their account." And in the rush it can be tempting for
businesses to accept these instructions, if the person appears to be credible and to know the usual procedures.
After all, most businesses are keen for more trade and are unlikely to turn away a customer that appears to be
If the thief has a little inside information, like an order number or order form in the correct format, a
business card, or some more official-looking identity document, and if there is nothing inherently unusual or
suspicious about the transaction, the chances are high that the thief will often be believed. Customer service
people keen for business are much less likely to turn down what seems to be a credible business deal than would a
suspicious accountant from the back room.
Smaller transactions such as a taxi fare or routine stationary purchase are more susceptible. They are also much
less likely to be detected by a larger company through their internal audits. But identity thieves can be much more
ambitious. Orders for goods to be delivered and charged to someone else, or sales of services, such as advertising
that will never be published, are fertile areas for identity thieves.
Perhaps we think the world has become too sophisticated for a confidence trickster to get away with a deal like
the legendary "sale of the Brooklyn Bridge" confidence trick any more. The longevity and huge ongoing scale of the
famous Nigerian letter or email requesting an advance money transfer scam tells us that people and businesses today
are as gullible and greedy as ever. A recent BBC report estimated this scam costs the British economy 150 million
pounds each year, and that is the cost to just one of the many countries affected by this quarter century old
The best defence against commercial identity theft is to have routine verification and documentation procedures
in place. The larger the transaction size, the more important these procedures become. Just having a supervisor
approve transactions over a certain amount can give a cooling off period and a second opinion opportunity to detect
Credit authorization procedures in most companies require at least some investigation before the transaction is
completed. Procedures to verify unusual delivery instructions make identity theft more difficult. Many companies
refuse to pay an invoice that does not have a matching company order number. More sophisticated transaction
approval procedures assess risks according to past experience, and flag potential problems for closer
But the simplest defence is just good customer service: if staff know a customer well it will soon become clear
if an impersonator is not part of the customer's usual team or is not doing business in the customer's usual
Finding the right balance between growing their sales and fraud prevention is an ongoing challenge for
companies. The use of information systems for fast data access and communication has made the early detection and
prevention of commercial identity theft a lot more effective.