Written by Tracy L. Coenen, CPA, CFF
Wisconsin Law Journal
You thought only people experience identity theft. Only individuals become victims of dumpster diving or poor computer security. Someone gets a credit card in your name, and you’ve become a victim. You didn’t even consider that a company could have an “identity” that could be stolen.
Corporate identity theft is becoming all too common, and one of the most troubling aspects of it is how little owners, executives, attorneys and business advisors know about it. Without a basic knowledge of even the existence of corporate identity theft, people are powerless to prevent it.
It can be perpetrated in a number of different ways, but each type of corporate identity theft has one thing in common. It can destroy the reputation of a business quickly.
The type of corporate identity theft people think about most often is the use of a company’s credit profile, either to fraudulently obtain credit for themselves or to make purchases in the name of the company.
Much like individuals, corporations have credit histories that are used to establish credit with vendors. It’s important for the company’s credit history to reflect current payments on all accounts, as well as a general history of creditworthiness.
Without a good credit history, a company may not be able to get credit with a vendor from which they need to make regular purchases, may not be able to lease new space or equipment, and may not be able to get bank financing to expand.
Identity thieves might impersonate a company in order to use the company’s good credit history to establish their own accounts. Sometimes vendors don’t carefully verify whether a person is really an authorized representative of a company, and an identity thief may set up a company using a victim company’s credit profile.
How bad could that be? So long as that company pays its bills, who cares if it “borrowed” another company’s credit history to establish new accounts, right? First of all, it is just plain dishonest to use a company’s credit record fraudulently. Next, what if the impostor doesn’t pay its bills? That default may end up on the original company’s credit report, and that’s when the real trouble begins.
Another way to violate a company’s credit record is by creating accounts in the victim company’s name. This goes beyond just using a good credit history to get new accounts in a new company’s name. This fraud actually puts the credit accounts in the name of the established company, and leaves that company vulnerable when the bills go unpaid.
The victim company could be at risk of being held liable for those fraudulently incurred debts. It might all get sorted out and the victim company could ultimately be in the clear, but it will certainly take time, effort, and legal fees to straighten things out.
Fraudulent Charges to Customers
Maybe the biggest risk of corporate identity theft is the damage that can be done to a company’s reputation. It doesn’t take much to ruin the goodwill that a company has spent years developing.
Consider a fraudster who exploits a corporation for financial gain. Some identity thieves use a company’s identity to establish merchant accounts and then process stolen credit cards. Imagine a consumer receiving a credit card bill with a charge in your company’s name, yet the consumer knows he’s never done business with you. Even if the fraudulent charges area resolved in the consumer’s favor, how likely is he to do business with your company in the future?
What about the corporate identity thief who steals a company’s customer records, and fraudulently charges the customers’ credit cards. How would a longtime customer feel if he received a credit card bill and assumed that someone at your company has illegally charged his credit card?
When an identity thief commits this type of fraud, how do you repair the damage to a customer relationship? Even if the customer ultimately has the situation resolved in his favor, what impression is left? That customer might, at the very least, believe that company was careless with her or his credit card information. That trust may never be regained.
Damage to the Brand
Stealing a company’s identity can go far beyond a credit record, unfortunately. The Internet has created a whole new playing field for identity thieves. A company may have spent years becoming a household name. And that can be destroyed by a widely-publicized fraud scandal. Even if the fraud is perpetrated by identity thieves outside the company, it can still negatively affect the public’s impression of the company and the brand.
One of the simplest ways that identity thieves might exploit a company’s identity is through the establishment of domain names and websites that divert traffic from the victim company’s website to the fake one.
A common tactic is to register a domain name that is quite similar to an established domain name, maybe using a common misspelling or a plural variation of the original name. The identity thief then sets up a site that either mimics that of the victim company, or that is designed in some way to lure customers away from the victim company.
A consumer may not realize that she has misspelled the web address or that she is on an impostor site. She may do business with the identity thief and be none the wiser.
Another variation of online corporate identity theft involves the use of search engine technology. Search engines like Google and Yahoo have done a lot to help companies promote themselves and their brands on the internet. But they have also given unscrupulous people the opportunity to dishonestly get mileage out of the company’s name or to damage the company’s reputation with false information.
One way to exploit the victim company’s name and reputation on the Internet is by using the company’s name or trademarks in keyword advertising or site promotion. In simple terms, the original company owns the goodwill associated with its name and brands.
Competitors may try to get online traffic by using tactics designed to fool web surfers into visiting their sites instead.
They may try to influence search engine traffic by including another company’s name and brand names in their websites, keywords, and online advertising campaigns. Some of this is legitimate, much of it is not, and is done to the detriment of the victim company.
More Schemes Down the Road
There are already many different ways for a corporate identity thief to harm a company, as we have seen. In addition to the schemes already discussed, corporations can become victims of those who impersonate them in order to steal from their bank accounts. A corporate identity thief might use the company’s identity to sell property rightfully owned by the company. There are many more schemes currently in play.
And it should come as no surprise that many more corporate identity scams will likely be created in the future. Until corporations large and small become more aware of the risks and take a more active role in guarding their identities, brands, and images, fraudsters will be on the lookout for opportunities to exploit those things for financial gain.
Tracy L. Coenen CPA, MBA, CFE is president of Sequence Inc, a forensic accounting firm with offices in Milwaukee and Chicago. Ms. Coenen can be reached at 414.727.2361 or [email protected].