Latest Identity Theft Scam Targets Business Executives
Small to mid-size companies that allow their employees to open lines of credit in the executive's name, could be most at risk.
A recent spike in identity theft among business executives reported this week highlights a troubling new tactic that criminals are using to commit fraud against not just consumers but businesses themselves.
Within a two-week period in January, there was a sharp increase in the number of business executives reporting that their identities had fraudulently been used to open up lines of credit with a number of different merchants, says Julie Fergerson, a founder of the Merchant Risk Council and vice president of emerging technologies for anti-fraud security vendor Debix, a provider identity protection services that prompts banks to call individuals before opening new credit cards and loans in the individual's name. The Merchant Risk Council, created in 2003 when the Merchant Fraud Squad and the Internet Fraud Round Table merged, is a group of more than 7,800 merchants, vendors, financial institutions, and law enforcement agencies that seek to improve cyber-fraud prevention.
The scam is most likely to hit executives at small to mid-size companies that allow their employees to open lines of credit in the executive's name in order to purchase business supplies, at a merchant such as OfficeMax or Staples. In one case, goods being ordered in the name of one U.S. business executive were shipped to the U.K. and then on to Africa, Fergerson says, adding, "There are at least 200 companies known at this time to have issued credit in this guy's name." There's now an alert out discouraging merchants from extending credit to this executive. Fergerson declined to identify the executive specifically because law enforcement is investigating the crime.
The scam works for three reasons. Business executives tend to have excellent credit, merchants are less likely to scrutinize an application for a business line of credit because risk has traditionally been low, and the merchant billing cycle to businesses is typically as much as 60 days, giving the fraudster plenty of time before the merchant and business owner identify the fraud. When the merchant tries to collect on the money they're owed, the transaction is denied because it's not tied to a legitimate account. Nor has the business under whose name the account was created received any of the merchandise. This means the merchant has to eat the cost of the merchandise. During the two-week period in January, Fergerson saw nine cases of business executive identity theft, whereas normally she would see only one or two.
Mounting concern over identity theft and fraud comes as Bank of America Tuesday said its online banking customers will be able to use their cell phones and smart phones to check account balances, pay bills, and transfer money. With more and more mobile phone users in the U.S. able to access mobile Internet through their cell phones, Bank of America realizes it's got to balance these security concerns with the need to grow its online and mobile banking channels. The new service will be available to Cingular, Sprint-Nextel, T-Mobile, and Verizon Wireless customers and is launching in March in Tennessee, with plans to expand nationwide in subsequent months. The bank is assuring customers that information will remain encrypted when sent between the mobile phone and the bank.
This latest twist on identity theft and fraud comes as law enforcement continues to sort out the recent cyber theft of sensitive customer information stolen from retailer TJX, which was storing customer information in violation of the Payment Card Industry Data Security Standard created by Visa and MasterCard. Fergerson says she expects to see law enforcement announce a breakthrough in the case within the next 90 days, although she declined to provide more specifics. On Feb. 7, Massachusetts Attorney General Martha Coakley announced that her office's Consumer Protection Division is leading a multi-state civil investigation into the TJX security breach. TJX has acknowledged that information regarding credit and debit cards sales transactions in TJX's stores in the U.S., Canada, and Puerto Rico during 2003, as well as such information for these stores for the period from mid-May through December 2006, may have been accessed.
IT's Reputation: What the Data SaysInformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.
InformationWeek Must Reads Oct. 21, 2014InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.