South African businesses have noted an increase in corporate identity theft incidents over the past year, according to the 2015 Metrofile Information and Records Management Index.
The annual survey of 200 executive managers of local companies of varying sizes revealed that 7% of respondents surveyed stated their company had been a victim of corporate identity theft over the past 12 months, up four percentage points from the previous year.
Gianmarco Lorenzi, MD of Cleardata – a group company of JSE-listed Metrofile Holdings – says he is not surprised by the results of the survey. “It is more lucrative for criminals to target businesses, rather than individuals, when it comes to perpetrating identity theft scams.”
As a result, he says South African businesses of all sizes must take note of these results and be more vigilant when it comes to storing and destroying documents containing personal information of customers and employees, he says.
Furthermore, when respondents were asked whether they or someone they know has ever been a victim of identity theft, 31% of the respondents say yes. This result increased by 12 percentage points year on year.
These statistics from the survey are in line with global statistics, which show a rise in identity theft scams and point to the fact that South African businesses are just as susceptible to identify theft as the rest of the world, says Lorenzi.
He explained that the most common form of corporate identity theft scams involve customers receiving letters with official company letterheads stating that their account details have changed and instructing the customer to make payments using these new details.
“The customer, thinking this is an authentic business letter, then makes payments into the fraudulent account. The scam comes to light when the business contacts the customer to establish why payments are not being made, only to discover the funds have been paid into the fraudulent account.”
Corporate identity theft scams can result in reputational, legal or financial damage for the business as the customer wonders how their details were obtained by the fraudster in the first place, says Lorenzi.
“Under the Protection of Personal Information Bill (POPI) businesses have a legal requirement to ensure the personal information of all stakeholders remains secure and once the regulator is appointed, the business could face fines of up to R10m or jail time.”
He says one of the easiest ways for criminals to conduct corporate identity theft is by going through a company’s rubbish.
“Most computers also have desktop publishing technology, which has made it far easier for fraudsters to scan and duplicate a variety of corporate documents – such as purchase orders, invoices, bank statements, cash and credit card receipts or even stock certificates – containing company logos.”
The survey did, however, find that 85% of respondents shred unwanted business documents containing personal or confidential information. “While it would be better to see this percentage higher, it is promising and shows that the majority of businesses do understand the importance of confidential document destruction.”
Lorenzi said business records of any kind should never be put into a general waste or recycling bin, where it may be accessed by criminals intent on identity theft; instead, all business records that are no longer needed should be shredded.
“The safest way to destroy documents remains confidential document shredding. Businesses looking to implement the services of a document destruction company should ensure that the company complies with the international standards as set out by the National Association for Information Destruction (NAID),” warns Lorenzi.
Follow Fin24 on Twitter, Facebook, Google+ and Pin