Identity theft is a growing problem affecting not only individuals, but businesses as well. The availability of company information enables fraudsters to pretend to be a business and take loans, open credit lines, or commit other crimes. The consequences of identity theft can be severe, with businesses suffering from debt and financial losses, bad credit and bad reputation.
This week Expert Insights talks to Andrew La Marca, Director of Fraud and Practice at Dun & amp; Bradstreet is a leading expert in corporate identity theft. La Marca sheds light on this global issue, and explains what makes businesses a good target and how identity thieves work, including the different methods they use use to get information.
La Marca also provides guidance on how business owners can find out if they have been compromised, how they can reduce the risk of theft, and what to do if a business is a victim of identity theft.
Subscribe to Apple | Spotify | Google Podcasts | or your favorite podcasting platform.
Greg Corombos: Hi, I’m Greg Corombos. Our guest on this edition of Expert Insights is Andrew La Marca. I am the Director of Fraud and Compliance at Dun & Bradstreet is also a leading expert on corporate identity theft, a rapidly growing threat. Today we’re going to explain what business identity theft is, how it usually works, how you can protect your business, and what you can do if your business becomes a victim. And Andrew, thank you so much for being with us.
Andrew La Marca: Thank you, Greg, it’s a pleasure to have you here today.
GC: We hear about identity theft all the time. A bad actor gets your social security number or other sensitive information and opens accounts in your name. And before you know it, you have no money and all kinds of financial nightmares. But what exactly is identity theft?
ALM: Good question, Greg. And it’s not really different from what you said. Change the actual victim everywhere. So, I look at it as the same thing, right? A business has its own identity. A bad actor can use that business information for illegal profit. And Dun and Bradstreet often sees corporate identity theft…Often, we find someone in business, whether it’s a small to medium-sized business, or an executive in a fortune 500 company, is also a victim of identity theft. The bad actor will learn and learn information about the person or business officers. Sometimes they will make changes and / or compromise the business registration at the level of the registrar or Secretary of State. These changes can be adding/deleting titles, changing the address. Maybe you can reopen the company if it has been around for a long time. Then they, the bad actors, will continue to try to match it with the DUNS number. And then they go shopping. Let’s say you go shopping – whether it’s credit, goods, or services – then the debt is left under the good name of the company.
GC: Let’s explore that a little bit. What information is most compromising to me and helpful to the bad player?
ALM: What helps a bad actor is a lot of information… So, there’s a lot of information already in the business, right? A few Secretaries of State that come to mind have more information than others. So as a bad player, I can study and learn about business history. Who are the officers? What was their original address? It was probably a residential business. Maybe it was the officers home address? So knowing enough information about that business, gives them a leg up to know “what else do I need to know about that business”. It’s great? Maybe who are their suppliers and their customers? Who are their providers, so they can go ahead and focus, whether it’s a compromised business email, whether it’s a bill-to, ship-to scam, or whether there’s a direct compromise to in business registration. I’m going to cheat on it. It could all be the end game. But what they do is they learn enough information about the business and its owners to be able to operate like that business.
GC: How much of this is a national or global problem?
ALM: It’s a global problem, Greg. You know, the theft is not concentrated in the U.S. just, you know. And it’s just business and consumers, that’s right. But when it comes to corporate identity theft, it’s a global problem. In 2018, Dun and Bradstreet observed a 26% increase in corporate identity theft. This is where our team of Certified Fraud Examiners found businesses that are really victims of identity theft, and we confirmed. In 2019, we saw a 106% increase from 2018. And in 2020, due to the COVID-19 pandemic, we saw a 254% increase in business identity theft. And those numbers are reduced, obviously, because the availability of funds is reduced here. But we’re still seeing numbers that exceed the numbers of 2018, 2019. And here we are in a good position as far as the new conditions look.
GC: So while some people used the time of the pandemic to learn how to cook or take up a new hobby, these people spent time trying to figure out how to outwit everyone. how. Based on your research, it appears that the U.S. it is far from the most common place where this happens. Is it because we expect a rich environment with all the successful businesses and institutions we have? Or is there something we don’t do that makes us vulnerable?
ALM: The information we show here about U.S. businesses. that’s where our certified fraud examiners come in. But directly, going back to what we were talking about before, is it a global problem. But in your question specifically, you have the availability of data. There is a lot of open data at the government level, even data aggregators, that display business information that makes it easy to start a business, make changes to business registration, and then move on. below that business. And, it makes it easier for fraudsters to do it. It is also more interesting. Business fraud is difficult to catch. And it’s also 10 times more expensive for organizations. You are thinking about business. They will probably be authorized to buy for $50,000, $100,000. It is normal to interact with those volumes. Going from a customer to getting a $50,000, $100,000 credit card when you leave, it’s more difficult, right? So you have a lot of data available. And identity theft is easy to commit, and easy to avoid.
GC: One last question about the frequency of this. It also appears, from your data. And this again, may be the customers you have. But it seems that Florida is far from the country where this happens most often. Some reason for that?
ALM: Our belief here, Greg, is that the data available on Florida businesses is one of the drivers that we’re seeing more victims of identity theft. You can go to the Secretary of State’s website and be able to find out and see every file that has happened in the business. You know, who gave it, when they gave it, how they gave it. Sometimes it goes back years and years and years. They even had phone numbers. So a bad actor can learn that, they can download that. They can then even change those documents to the Secretary of State and issue them as proof of rights. So you have access to data that can be used and used to commit business identity theft. And you see that for all the organizations that have done business in that area.
GC: We’re talking to Andrew La Marca. I am the Director of Fraud and Compliance at Dun & Bradstreet is also a leading expert on corporate identity theft. And Andrew, how does the business owner find out that they are damaged?
ALM: Yes, it can vary. It could be very bad. You can ask law enforcement to contact you, and say, hey, you know, what’s going on here? Several people found out, as it was announced in the news, that [they are] victims of identity theft through government relief programs. They had contacts set against their identities, and they had no idea what was going on. So you can find out from the liens. You can find out from law enforcement. You may find out that the bills are probably starting to be received at your working address. You can also check your Secretary of State certificate, and when you do your annual report, if your state requires it, you can notice that there has been a change. The country can tell you. Your customers, your suppliers, your suppliers may tell you. So it could come from different sources. And it could even be from Dun & Bradstreet as we have a team of Certified Fraud Examiners who go ahead and warn all our customers about companies we confirm are victims of identity theft.
GC: Let’s talk a little about ways to protect yourself from becoming a victim. What tips do you have in that department? And is there a good way for business owners to keep an eye on whether someone is opening things in their name without their permission, obviously?
ALM: Have communication and communication with your vendors and suppliers. Make employee training a priority. Spreading awareness of corporate identity theft is also a top priority for companies. But they also need to be proactive. When we go out and get credit with our credit…social security numbers, we always check our consumer credit report for accuracy or correctness to see if our information [is] that let’s celebrate that month. Do you know how much our score went up this month? But businesses need to start doing their own business credit reports. And also to look at their annual reports of where they are included. Checking it early, checking it regularly, uploading on time. If you happen to have put your papers in the back, a bad actor may be watching and trying to jump ahead of you. Use the appropriate level of conflict, well, either conflict or conflict. And finally, you know, and I just said it, but it’s also working. You have to be active. You shouldn’t have been sitting there waiting. Get out of there. Talk to those you do business with. Make sure they have all the right information. Monitor your assets, train your employees, and rely on the experts to help you and your business mitigate this risk.
GC: Based on what you’ve seen Andrew, is this the type of fraud that’s done by outsiders, or is there a large part of it done by people inside the company?
ALM: Dun & Bradstreet tends to see more from external motivators than internal motivators. Not saying it’s not happening, what we’re seeing is that we’re seeing more and more outsiders taking advantage of the data availability. Whether it’s on the open web, or the dark web, or the deep web to help facilitate their strategies that steal business information.
GC: This may be more than you want. But it is clear that business information is public. But is there anything you can recommend for government officials or other level of authority to allow this, you know this, to open a new account or to allow whatever the criminal wants to do do? It has to go through several layers of security that hopefully the fraudster won’t be able to get past without posing as the real business owner.
ALM: And I understand. There is a happy balance to play. You have to find that happy place. What makes the state more meaningful in terms of making money and attracting businesses to incorporate in their state. But I think it’s also [at the same time]… They also want to feel that their data and their businesses are protected, right? So find that happy balance, use the right level of tension. Do you know who is coming through your front doors through your website? Are you looking at the fingerprint of the device? Are they from another country and filing multiple businesses in your area? Are you having problems? Are you looking at machine learning, artificial intelligence, about what’s going on? And you can do that in real time by using technology as well. So it’s about finding that style that you’re happy with, and also the professionals who are there to help. And I’ll make a plug here for Dun & amp; Bradstreet With a team of Certified Theft Examiners, we can help countries reduce corporate identity theft.
GC: Explain how you do that a little bit.
ALM: That’s right. So we have more than 60,000 sources of data that Dun & Bradstreet participates as part of our data program. And we can identify signal data for when a business may be active, inactive, or possibly a victim of identity theft. And that team of Certified Fraud Examiners is actively looking for changes and monitoring what’s going on to try to determine if a business is actually a victim of identity theft. So we can warn customers and say that a business may be a victim of identity theft.
GC: Andrew, we have a few minutes left in our conversation here. We talked about the scope of the problem. We talked about how to prevent it as much as you can. But it still happens to some people. So if you find that your business has been compromised, what do you do? Who do you meet to start putting the pieces together?
ALM: If you are a business that has been a victim of identity theft, and maybe someone else… you got a letter in the mail saying you owe X dollars. Contact that company, you report that you have been a victim of identity theft. You may want to consult with outside counsel, if you haven’t already, and possibly file a police report. Obviously file a report at ic3.gov, the FBI’s Internet Crime Complaint Center. It’s a good way for the FBI to keep track of everything that’s going on. Notify commercial credit bureaus. So their customers can be alerted and know that if someone is working under your business, they are doing their part to help reduce future incidents. And again, from that point forward, be as proactive as you can, and close any gaps, especially with training and safety, those risks. a company that may have them.
GC: Finally, and this probably varies from situation to situation, are these things easy to find and fix once you realize you’ve been attacked, or is it a nightmare?
ALM: It could be. It depends on the complexity of what actually happened. So it varies a lot in different situations.
GC: Andrew, where can people learn more about what you do, and maybe even seek you out if they need that help?
ALM: Yes, absolutely. So Greg, it was a pleasure talking to you today. I hope the audience learned something. Feel free to connect with me on LinkedIn. My name is Andrew La Marca. You can also email me at [email protected] or you can contact dnb.com or maybe your sales representative to contact us and see how we can help you.,
GC: It’s great. Lots of good advice that will hopefully lead to fewer businesses and business owners being victimized. But also good advice on what to do if that unfortunately happens. Andrew, great conversation. Thank you very much for your time today. We really appreciate it.
GC: Andrew La Marca is the Director of Fraud and Compliance at Dun & Bradstreet is also a leading expert on corporate identity theft. I’m Greg Corombos reporting for Expert Insights. For more information on this matter, please call CT Corporation at 844-787-7782
Why liquidation and delisting are important protections for business identity theft
Nine strategies to protect your business information
Business identity theft is a major threat to small businesses