International credit insurer Coface says the festive season may once again see an increase in business identity theft. Coface is cautioning companies about the dangers of fraud and specifically white collar crime during the holiday period.

Over this period, when companies may be short staffed, credit vetting procedures may not always be strictly adhered to.

“The four major scams that Coface is experiencing across industries are related to company identity fraud. The first type relates to false buyers requesting the delivery of goods to a different delivery address while posing as an existing customer,” says Coface claims manager, Robert Grobbelaar.  

The supplier delivers the goods to the new address, but when payment is requested from the established customer they have no record of receiving the goods.

“To avoid this type of fraud, it is important that suppliers set up additional checks and balances as in the case of a buyer giving changes to their account, including delivery, bank account and contact details,” says Grobbelaar.  

Opening an Account Under a False but Well-Known Company

The second type of company identity fraud targets organisations by creating a fraudulent duplicate company.  Fraudsters misrepresent themselves as representing a well-known company. 

The credit application looks authentic and the supplier is under the impression that they are opening up an account for a well-known company. Goods are delivered and only when the supplier attempts to collect payment is it established that the transaction was fraudulent. On receipt of delivery, the fraudsters ‘disappear’ with the goods.

Changing of Banking Details

The third type of fraud occurs when fraudsters notify a debtor of changes in the bank account details of one of the company’s legitimate suppliers. The debtor is then requested to make payment into this new fraudulent bank account rather than into the legitimate bank account. 

“The documents that Coface South Africa has seen are detailed and look almost identical to the supplier’s official stationary.  In addition to the identical design, the fraudsters have the correct signature and supplier stamps,” says Grobelaar.

If not properly checked, the buyer dutifully makes payment into this new account and the fraud is often only picked up when the buyer’s account is overdue. The buyer will state that they have already ‘paid’ the money, but in fact it was paid into a fraudulent account.

Grobbelaar says it is important to have procedures in place regarding changes to supplier details.  This could include phoning the supplier’s finance department or calling the bank where the new account is held.

“What is interesting is that fraudsters seem to target well-known companies.  This could be because their documentation is easier to get hold of and therefore easier to alter.” 

“It could also be that the brand reputation of the target company has created a sense of trust with their suppliers and therefore fewer questions are asked when changes are made,” says Grobbelaar.

Information gathering

“In the fourth scam, we have identified a new tactic used by criminals. This takes a few months to conclude, but often begins with an increase in suspicious emails requesting information about the company. The emails usually request insignificant information such as the MD’s name,” says Grobbelaar.

“This is to facilitate a fraudulent bank transfer. Significant amounts of money have already been embezzled from companies in this manner,” he says.

The information is gathered by well-organised criminal networks, requesting details of the functioning, organisational structure and internal controls of the business.  

“This phase may take several months and could be in the form of harmless questions that, once answered, constitute the basis for criminals to carry out fraud,” says Grobbelaar.

In the next phase, the fraudsters pose as one of the company’s management, such as the chief executive officer or general manager. The fraudsters then put an urgent request into the accounts department, targeting a specific employee, to transfer money into a fraudulent bank account. 

The request is often presented as confidential in an attempt to bypass the business’ internal controls and to put pressure on the targeted staff member to perform the transfer as quickly as possible. Without proper internal controls, the money is then transferred.

“Regardless of the reason, we encourage companies to be alert if any changes are made to creditor details,” says Grobbelaar.