Protecting your business against identity fraud

Identity fraud is an ever-increasing problem in the UK. According to the Home Office, the annual cost is now £1.7bn, with businesses shouldering around £50m of the burden.

The problem of individual identity fraud is relatively well-publicised. Known methods used by criminals to obtain sensitive information include searching through rubbish bins to find discarded bank statements; intercepting mail; copying credit cards during a transaction; and so-called 'phishing' scams, which involve sending emails which look as though they have come from a bank or similar organisation, and asking customers to 'confirm' their details by return email.

But businesses are also at risk, and as well as the potential financial damage, corporate identity fraud could ruin a company's reputation.

Corporate hijacking

There is a growing trend of corporate 'hijacking', with fraudsters registering as company directors at Companies House and then purchasing goods and services from suppliers, which they have no intention of paying for.

A common method used by the criminals involves accessing registered company records, changing the details of the company directors and registered address, and using the stolen identity to order goods, which are then intercepted at the fake address. Criminals can also make use of publicly available company bank account details and signatures for fraudulent purposes.

Reducing the risk

Clearly, it makes sense to minimise your exposure to an identity fraud risk.

Businesses can help to protect themselves by putting in place the following procedures:

  • Storing sensitive documents in a secure place
  • Shredding documents before disposing of them
  • Checking their registered company details at Companies House regularly, to ensure that they have not been changed
  • Registering for the 'Monitor' email alert system with Companies House (part of the Companies House Direct service, available at, to receive notification whenever their company details are changed
  • Ensuring staff are aware of the issues surrounding identity fraud, and limiting access to sensitive information to key staff
  • Checking customers' credentials before extending credit to them
  • Reducing the risk of electronic hijacking by ensuring that firewall and anti-virus software is up-to-date, and only opening legitimate email attachments
  • Keeping key company bank account details out of the public domain.
  • Reducing risks by regularly reviewing the security on the company's web site especially if credit card transactions are processed through it.