Identity fraud is generally a unique crime with one perpetrator doing the transacting and two victims bearing the brunt of the cost. The two victims are 1) the individual who has their identity misused and 2) the business that the identity is misused at. Both suffer tremendously, with our random-digit dialing phone survey of 5,000 individuals showing that the average individual spends 40 hours to resolve their personal affairs and losses and paying $752 out of pocket, and businesses bearing the brunt of the mitigation cost for crimes that have an average value of $7,261.

But what about those cases where businesses are being impersonated? This morning my email contained a warning from Marc Beniof, Chairman & CEO of Salesforce, warning me to look out for phishing emails pretending to be from his company. His email disturbed me for two reasons:
1) Salesforce is a huge resident database for companies across the globe, and if they are seeing phishing attempts we all need to be cautious.
2) Marc’s salutation for his email was “aloha” rather than “Best regards” or “Have a nice day”. Who does Beniof think he is anyway…Mr Hand? (from Fast Times at Ridgemont High)

Since criminals target individuals based on how lucrative their target is (as shown by higher income people suffering from ID fraud at twice the rte of everyone else), so why wouldn’t ID fraudsters target businesses? Yet from our Bank and Issuer Scorecards we know how important personal mitigation steps are, such as protecting PC’s turning off the paper checks, bills and statements, and monitoring accounts as frequently as possible, and businesses should be expected to have stronger built-in safeguards in such disciplines-and yet with many employees targeting a single entity the risk of a business being impersonated loom large.

Javelin was the target of identity criminals from Russia just over a year ago. Federal law enforcement was incredibly responsive, but your average commercial operation won’t generally how to get the attention of our nation’s finest. As with the typical (median) consumer victim we (and our customers) suffered no direct financial loss, but Javelin indirectly spent countless hours in mitigation efforts as we worked to battle the bad guys and keep everyone safe. To call it a distraction would be an understatement indeed.

Bottom line, businesses can be impersonated just as much as consumers can, if not more. Yes, businesses are often more sophisticated, but they can have deeper and more vulnerable pockets. The banks, payments firms and tech vendors that provide products for commercial finance management need to keep identity safety in the mix, with a focus on the Prevention, Detection and Resolution™ model for battling criminals and keeping customers. And in a survey we conducted a few years ago, we learned that levels of ID fraud are very similar for consumers and merchants, showing that their is a need (and market) for safety products and solutions. Mitigation may be hard work, but it’s not impossible; all it requires is disciplined process based on solid fact.

Aloha