03 Sep 2015
(Editor’s Note: In this week’s Thursday Feature, we take a look at a crime that may be rising in popularity: Business identity theft.)
Individuals have been victimized by identity theft for many years. But now sophisticated thieves are turning their attention to bigger fish: Major corporations.
Case in point: Less than a week after it announced that it was merging with one of the world’s biggest materials handling equipment manufacturers, the Finnish crane maker Konecranes revealed that one of its subsidiaries apparently lost up to $19.2 million as part of an identity theft fraud.
So far, Konecranes is keeping most of the details about the reported theft under wraps, declining to reveal even what country in which it occurred. But it did acknowledge in a statement that one of its foreign subsidiaries had been duped out of a huge amount of money.
“The perpetrators have through identity theft and other fraudulent actions managed to induce a subsidiary to make unwarranted payments in a total amount of up to EUR 17.2 million,” the company stated in a news release. “Konecranes has reported the crime to the police authorities in the relevant countries and is working closely with the authorities to recover its losses and to bring the perpetrators of the fraud to justice.”
The announcement came on Friday, August 14. On the previous Monday, Konecranes announced that it was merging with US-based Terex, one of the world’s biggest makers of cranes, forklift, and other heavy-duty materials handling equipment. The all-stock deal will leave Terex shareholders with 60% of the stock in the new company, which will be called Konecranes Terex PLC.
Some of the Losses Insured
About $11 million of Konecranes losses may be covered by its crime insurance policy, but if the money’s not recovered shareholders could be on the hook for the remaining $8.2 million. Given that the company has annual sales of $2.7 billion, that loss is a drop in the bucket in the grand scheme of things.
Still, it could leave shareholders questioning the management ability of the effective subsidiary’s executives, if not Konecranes as a whole.
In its news release, Konecranes was careful to point out that the stolen funds “do not affect Konecranes ability to generate an operating profit (and) they will not affect the 2015 financial guidance previously published by Konecranes.”
Company officials said they went public with the crime to “help other companies avoid becoming victims of similar crimes.” But in reality the company likely was required to report such a huge loss to regulators.
In either case, the incident could have been a huge embarrassment to the company and its leadership. But the company did not experience a substantial drop in its stock value in the wake of the announcement. In fact, the stock’s value was still trading higher in the wake of the merger announcement.
Businesses Make Easier Targets?
While criminals have targeted individuals for identity theft for more than a decade, business identity theft may be on the rise.
Business identity theft is different than the type of highly publicized information security breaches that have hit Target, TJ Maxx, and other big companies in recent years. Instead, rather than stealing the personal information of a business’s customers, thieves impersonate the business itself.
It can occur through the theft or misuse or business credentials, manipulating or falsifying business filings or records, applying for credit, and defrauding suppliers, banks, the business’s owners and officers, unsuspecting consumers, and even government.
It should be noted that the specific details of the Konecranes incident are not yet known, so this description of business identity theft is only a general discussion and do not necessarily reflect what happened in that case, which is still under investigation.
Why Target Business’s Identities?
There are a number of reasons why thieves are becoming bolder and targeting businesses for identity theft rather than individuals. For one thing, companies have more money. Corporations may have millions in cash on hand in their corporate bank accounts. And even small businesses typically will have a minimum of $5,000 to $10,000 in cash in the bank.
Banks and other loan companies are often more eager to lend to businesses than they are to individuals. That’s because businesses typically spend more than individuals, so the profit potential for banks and financial institutions is higher. Some corporations have very high credit limits with the institutions they work with.
Another factor is spending. Credit card companies will often send out a fraud alert when unusual or unexpected spikes are seen in the purchases of individual consumers. But many businesses can make larger purchases with less scrutiny from their lenders or creditors.
Small businesses tend to be more vulnerable to business identity theft because they usually have less security and oversight. Most corporations — especially those that are publicly traded — will have sophisticated security technology designed to sniff out fraud.
Stealing the personal information of individuals — such as their Social Security, credit card, bank account and PIN numbers — is relatively difficult because most people try to keep this information private.
But the information many thieves need to commit business identity theft — such as sales tax numbers and business license numbers — are often made public as required by law. State business registration information is a public record in the US.