End of Year Clean Up Places South African Companies at Risk
With year-end fast approaching, many businesses use this time to clean up the office environment in order to prepare for the new year. However, businesses could be placing the organisation and its clients at risk of identity theft if unwanted documents are not properly destroyed.
The number of identity theft cases reported to the Southern African Fraud Prevention Service (SAFPS) by end April 2014 had increased by 16 percent year-on-year to 1,370 and could exceed 4,000 by the end of the year if the trend continues.
According to Gianmarco Lorenzi, Managing Director of Cleardata - a group company of JSE listed Metrofile Holding Limited – those operating in the educational, construction, mining and financial services industries are most at risk.
Lorenzi points to the Protection of Personal Information (POPI) Act which stipulates the requirements for safe record keeping for any documents containing personal details. “This act does not only demand a safe record keeping system, but extends to include the secure destruction of records containing personal information.”
The latest trends in corporate identity theft involve consumers receiving letters with official company letterheads stating that account details for their monthly instalments have changed and they must make payments to new account details, says Lorenzi.
“The consumer, thinking this is an authentic business letter, changes their payment arrangements to go into the fraudulent account,” he explained. “The scam comes to light when the business contacts the consumer to establish why payments are not being made, instigating reputational, legal or financial damage for the business as the customer wonders how their details were obtained by the fraudster in the first place.”
He says businesses need to realise that one of the easiest ways for criminals to conduct corporate identity theft is by going through a company’s rubbish.
“Most computers also have desktop publishing technology, which has made it far easier for fraudsters to scan and duplicate a variety of corporate documents - such as purchase orders, invoices, bank statements, cash and credit card receipts or even stock certificates - containing company logos,” Lorenzi added.
Business records of any kind should never be put into a general waste or recycling bin, where it may be accessed by criminal’s intent on identity theft. Instead, all business records that are no longer needed should be shredded
Lorenzi emphasises that small businesses, especially those located in rural areas, may be at more risk, as they are often under the misperception that only larger organisations situated in urban areas are targets for corporate identity theft.
“This is actually not the case. Businesses of all sizes and in all locations can be exploited and must therefore employ effective document destruction practices.
“Those businesses not practicing sound document destruction are simply placing the organisation, including employees and clients, under unnecessary risk of identity theft and should seek the advice of a reputable document shredding company that has been certified by the National Association for Information Destruction (www.naidonline.org) to mitigate the potential threat to their business and reputation,” concluded Lorenzi.