Corporate ID Fraud - Top Tips for Verifying Identities

• Identify business partners and directors. Know who you're dealing with.
• Confirm fax and telephone numbers. Even small changes to these can have devastating effects.
• Never accept hand written order forms or faxes. If you deal with professionals, you expect professional documents back, right?
• Ask for original headed company paper. The ultra-sophisticated fraudsters can recreate entire companies (see our post on The Top Three Corporate ID Thefts), but real stationery might be beyond most criminal's resources or thinking.
• Don't assume information provided is correct, always double-check and follow up the references. Just ask your HR department about this one. They'll know about making sure references are valid.
• Check that the telephone area code is relevant to where the business claims to be trading from. This is something you can do simply and quickly. If they say they're from Manchester when really they're from Manila, you may have a problem.
• Finally, check for any connections to previous companies with similar or identical names. The keywords here are 'similar' or 'identical'. Small changes to company names are a warning sign, as it's a classic corporate ID fraud trick.

Think this is a bit overkill? Believe it or not, this is just the first step. There's a lot more things to check that aren't listed here. You can download a guide for businesses here. Be proactive, you need to be vigilant, for your sake, that of your company, and that of your company's partners, suppliers and vendors.

Sterling service from the Met and Companies House

The Metropolitan Police have started a 'Sterling' service in association with Companies House to help companies protect themselves. From the many, many potential steps companies could take, they've managed to distil this down to four.

These include:

• Check your registered details at Companies House. Even a small change can result in fraudsters obtaining goods and credit from your legitimate registration.
• Sign up for the Companies House 'PROOF' system. 'PROOF' - Protected Online Filing, introduced in June 2009, is a password-protected online system that prevents individuals from filing paper entries. Basically, if you say you're going to file electronically through PROOF, then anything and everything else is rejected.
• Sign up for the Companies House 'Monitor' system. This helps you monitor when any changes are made to your company details. If you didn't make them, someone else did, and you can take action immediately.
• Finally, the Metropolitan Police do stress that you shouldn't rely solely on Companies House. It really is up to you to check the identity of your partners, vendors and suppliers, and whereas you don't necessarily need to beware, you should certainly be aware of the issues involved. As the police themselves say, corporate ID fraud is not a victimless crime.

Of course, the paperless office is a dream we have yet to achieve. While online checks are a big part of this, you need to make sure your corporate ID protection policy considers all your paper-based material. Basically, the message is - Use Your Head - Shred!

Fellowes say do and don't

Fellowes has issued its own simple checklist for businesses but there's also a comprehensive guide created by the National Identity Fraud Prevention Week campaign. It removes any doubt by splitting them into DO and DON'T.

DO:

• Develop an anti-fraud policy statement and clearly communicate it to all employees
• Ensure that checks are carried out on all new employees (and all those with access to the building, such as cleaning staff) including references, qualifications, experience and past employment and verification of identity
• Securely destroy all documents containing confidential or sensitive business information before disposing of them using a cross-cut or microshred shredder. Make sure you do this before you leave your department or office
• Store confidential or sensitive information in a secure place and limit access to key employees
• Check your business's registered details at Companies House on a regular basis
• Register for Companies House PROOF scheme and monitor service
• Review your credit report on a regular basis
• Include fraud prevention and detection within your induction programme for all newmployees and provide ongoing fraud awareness training to all employees
• Undertake checks on all new customers and review existing customers on a regular basis
• Implement a clear desk policy
• Encourage a 'no blame' culture where security issues can be discussed without recrimination
• Introduce a whistle-blowing policy and clearly communicate it to all employees before transgressions occur
• Ensure your IT security policy covers mobile devices, laptop computers, the internet, email and access. Review it on a regular basis

DON'T:

• Assume that the information provided by prospective employees is accurate: independently verify it
• Give employees unlimited access to sensitive or confidential information unless it is necessary
• Rely solely on information obtained from Companies House when checking a new customer's credit history. Use other credible sources.
• Put business bank account details and directors' signatures into the public domain (e.g. on your website, or send to anyone via unencrypted email)
• Give out any information about your company, your customers or yourself unless it is for a valid reason and to a legitimate organisation - make sure all your staff are aware of this and all the steps included in this checklist
• Use default or obvious passwords and make sure your staff don't either
• Throw unwanted papers in the bin - shred them first, including abandoned or cancelled receipts, DVDs and CDs. When disposing of old uniforms or corporate clothing make sure these are destroyed properly so that no one else can use, and therefore impersonate one of your staff
• Throw away an old computer or laptop without wiping the hard-drive clean first
• Leave documents in meeting rooms or on top of printers

Just do all the DOs, don't do any of the DONT's, and you'll be fine!