Corporate ID fraud comes in many forms. The consequences can be serious, both for companies generally and their staff and customers specifically.
Yet some cases are so bizarre or big, or - let's face it - ingenious that they raise eyebrows and show the importance of security and vigilance.
Case #1: If you can't beat them - recreate them
Possibly the most astonishing case of corporate ID fraud comes from China.
It started with a few reports filtering back to the Tokyo headquarters of the Japanese electronics giant NEC in mid-2004. Pirated keyboards and CD/DVD discs were appearing branded with NEC's logo, and were being sold in retail outlets in Beijing and Hong Kong.
While this was counterfeiting fraud, it was uncovered as major corporate ID fraud after two years and thousands of hours of investigating. A clandestine group had effectively set up a 'duplicate' NEC. Their operation had spread across 18 factories. The entire network linked to a further 50 factories in China, Hong Kong and Taiwan.
They commissioned research under the NEC banner. Their 'executives' carried NEC business cards. They even developed their own line of consumer goods, from home entertainment centres to MP3 players - which NEC said were of generally good quality.
Such a - let's face it - sophisticated fraud begs the question: why didn't they just set themselves up as legitimate NEC dealerships? The answer, of course, is that they benefitted from the equity of the NEC brand, with assumptions of trust therein and, not least, the intellectual property of the electronics giant.
Another question: how badly was NEC damaged? The true monetary value is unknown, but the company believes the organisers had "profited substantially" from the operation.
A much broader issue however is one of trust. The case raised serious questions about trading between east and west, and even today the Chinese government comes under increasing pressure to prevent theft of intellectual property.
Case #2: The biggest corporate ID fraud in history
The NEC case was big in the extent to which the corporate brand was assumed, but without a value placed on the damage it's difficult to say whether it was the most financially damaging.
However, the case of The Largest Corporate Identity Theft Case in History - or at least, in the US - does have a value, and that comes to around 200 million US dollars.
In August 2009, Albert Gonzalez of Miami, 28 was charged with stealing vital account information in a crime that the Department of Justice calls "the single largest hacking and identity theft case ever prosecuted."
He had amassed the details of more than 130 million credit and debit card numbers. While this was a straightforward hacking operation, where it became identity theft was when Gonzalez - or '"Soupnazi" as he called himself online -sold the data to others who would then use it to make fraudulent purchases.
If convicted, Gonzalez could face up to 20 years on a charge of wire-fraud conspiracy and an additional five on the conspiracy charge. He also faces fines of up to $250,000 for each charge.
These are fairly hefty numbers. But consider this. The 200 million dollar value quoted earlier came from the estimated losses of only one of his victims, TJ Maxx, from whom he stole just - just - 40 million credit card details. At the time of his arrest another of his victims, Heartland Systems, was responsible for processing 100 million payments for at least 250,000 businesses each month.
This brings into sharp relief the importance of computer security and vigilance. Attack one Fortune 500 company and you gain access to countless more.
Case #3: From Asia to America to Europe
Even the most experienced businesspeople can fall victim to identity fraud.
In December 2005, Sir Philip Green, self-made billionaire and boss of Bhs and Arcadia, found that his property company Green had moved. Not to swanky new offices in the City, but to a flat on a council estate in Harrow.
From there, it was being used to order goods on credit - cars, computers and mobile phones - and run up bills under his company's name.
This particular scam only came to light when the fraudsters actually tried to change the address back to what it had been originally, so they could avoid detection. Oh, the irony.
This is another case that is hard to value. The UK Metropolitan Police Service has said that the average cost of this form of fraud is 2 million pounds. Given that Green himself is worth over 5 billion pounds you could argue that it hadn't damaged him materially.
But it's certainly a warning to any company out there that fails to check its registered address on a regular basis. As Companies House itself says on its website, you'll only lose your company once.
Leave a comment