Latest Identity Theft Scam Targets Business Executives
Small to mid-size companies that allow their employees to open lines of credit in the executive's name, could be most at risk.
A recent spike in identity theft among business executives reported this week highlights a troubling new tactic that criminals are using to commit fraud against not just consumers but businesses themselves.
Within a two-week period in January, there was a sharp increase in the number of business executives reporting that their identities had fraudulently been used to open up lines of credit with a number of different merchants, says Julie Fergerson, a founder of the Merchant Risk Council and vice president of emerging technologies for anti-fraud security vendor Debix, a provider identity protection services that prompts banks to call individuals before opening new credit cards and loans in the individual's name. The Merchant Risk Council, created in 2003 when the Merchant Fraud Squad and the Internet Fraud Round Table merged, is a group of more than 7,800 merchants, vendors, financial institutions, and law enforcement agencies that seek to improve cyber-fraud prevention.
The scam is most likely to hit executives at small to mid-size companies that allow their employees to open lines of credit in the executive's name in order to purchase business supplies, at a merchant such as OfficeMax or Staples. In one case, goods being ordered in the name of one U.S. business executive were shipped to the U.K. and then on to Africa, Fergerson says, adding, "There are at least 200 companies known at this time to have issued credit in this guy's name." There's now an alert out discouraging merchants from extending credit to this executive. Fergerson declined to identify the executive specifically because law enforcement is investigating the crime.
The scam works for three reasons. Business executives tend to have excellent credit, merchants are less likely to scrutinize an application for a business line of credit because risk has traditionally been low, and the merchant billing cycle to businesses is typically as much as 60 days, giving the fraudster plenty of time before the merchant and business owner identify the fraud. When the merchant tries to collect on the money they're owed, the transaction is denied because it's not tied to a legitimate account. Nor has the business under whose name the account was created received any of the merchandise. This means the merchant has to eat the cost of the merchandise. During the two-week period in January, Fergerson saw nine cases of business executive identity theft, whereas normally she would see only one or two.
Mounting concern over identity theft and fraud comes as Bank of America Tuesday said its online banking customers will be able to use their cell phones and smart phones to check account balances, pay bills, and transfer money. With more and more mobile phone users in the U.S. able to access mobile Internet through their cell phones, Bank of America realizes it's got to balance these security concerns with the need to grow its online and mobile banking channels. The new service will be available to Cingular, Sprint-Nextel, T-Mobile, and Verizon Wireless customers and is launching in March in Tennessee, with plans to expand nationwide in subsequent months. The bank is assuring customers that information will remain encrypted when sent between the mobile phone and the bank.
This latest twist on identity theft and fraud comes as law enforcement continues to sort out the recent cyber theft of sensitive customer information stolen from retailer TJX, which was storing customer information in violation of the Payment Card Industry Data Security Standard created by Visa and MasterCard. Fergerson says she expects to see law enforcement announce a breakthrough in the case within the next 90 days, although she declined to provide more specifics. On Feb. 7, Massachusetts Attorney General Martha Coakley announced that her office's Consumer Protection Division is leading a multi-state civil investigation into the TJX security breach. TJX has acknowledged that information regarding credit and debit cards sales transactions in TJX's stores in the U.S., Canada, and Puerto Rico during 2003, as well as such information for these stores for the period from mid-May through December 2006, may have been accessed.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.