Rash of corporate identity theft hits trade creditors.(SELECTED * TOPIC)

Though organizational identity theft is certainly not a new phenomenon, there has been an extraordinary increase in activity within the last few months. Furthermore, Verifraud is seeing evidence that much of the recent activity is being orchestrated by sophisticated international perpetrators that have traditionally limited their focus to the credit card environment. Clearly, this is a dangerous shift for U.S. underwriters, though the risk is manageable with the right knowledge, tools and processes.

This form of organizational identity theft is characterized by perpetrators representing themselves as legitimate businesses through the submission of credit applications and purchase orders which bear much of the legitimate organization's data. The channel through which the communication is received varies between phone and Internet (though international perpetrators primarily use the Internet), or U.S. voice facilitation services. International perpetrators will often have a cooperating U.S. party involved, so the communication may also originate from these third parties. Though the perpetrators will typically supply correct billing information for the legitimate company, the phone, e-mail address and delivery location will generally not be affiliated with the actual organization.

Contributing Factors

The current rash of activity appears to be driven mainly by international parties that are migrating from the credit card fraud arena. Verifraud predicted this migration over a year ago, though the incredible spike in recent activity is beyond expectations. The attractiveness of the trade credit environment for these perpetrators is driven by three primary factors. First, the information needed to carry out the scheme is easier to obtain since no credit card numbers or security codes are needed. The second factor is that credit card fraud prevention measures have improved dramatically and, therefore, the trade credit industry is now viewed as an easier target. Finally, with corporate identity theft, larger orders can be placed without raising flags or hitting available fund limits, since five- and six-figure orders are not uncommon for large businesses. Such orders, however, would seem abnormal for most personal credit cards.

Current Scheme Characteristics

The characteristics of the current activity are quite similar and that, in combination with tracing IP addresses to a specific region, lead us to believe that the activity is originating from a sophisticated international groups. Typically, the attempts will involve a credit application or trade sheet along with a purchase order (ranging between $25K and $100K). Product type has been quite consistent thus far, with the computer industry mainly being targeted for traditional high-risk items such as toner cartridges, processors and memory. The delivery address will generally be in the U.S., though not necessarily in the same geo-area as the legitimate organization.

As with credit card re-shipping schemes--which have been popular for years--the international perpetrators are typically recruiting unsuspecting U.S. individuals to receive and forward packages as part of a work-at-home arrangement. Many of these re-shipping jobs can be found on online job sites. It is also not uncommon for perpetrators to entice individuals whom they have met through online social sites to receive and forward packages for them. These perpetrators have even gone so far as sending flowers or gifts as part of this courting process, masking their true intent. If enough individuals are recruited across the country, the perpetrators can choose a shipping address in the same region as the legitimate company, thus adding to the complexity of the fraud.