How SMEs can protect themselves against the R1bn threat of ID fraud


Small and medium enterprises (SMEs) in South Africa need to put robust processes and systems in place if they are to protect themselves against rising incidences of identity theft and other forms of fraud.

That’s according to Donovan Marais, Channel Manager of Sage Pay, who says that SMEs are becoming a target for identity thieves. ”Large retailers, telecom operators and banks put in place tougher measures to safeguard themselves, so must SME’s. They are at growing risk because fraudsters see them as soft targets,” he adds.

Research organisation Cleardata found in a recent study that ID theft cost local companies some R1 billion during 2014 and that there were 3,600 reported cases during the year. It projected that the number of cases would spike to 4,000 this year.

From phishing to dumpster diving

Marais says that identity thieves use a wide range of techniques to collect personal information and documents that they can use to assume another person’s identity. In some cases, they’ll steal ID documents so that they can ‘doctor’ paperwork and pass themselves off as another person.

In other instances, they may rummage through rubbish bins to find bank statements, invoices and other personal information that can help them pass themselves off as someone else. They may even use phishing emails or phone calls to try and persuade their would-be victims to give them personal information. False application credit card fraud increased to in excess of 1000% in 2014, clearly indicating that this type of fraud is a real risk for SME’s and the industry alike.

“This means that SMEs need to be alert when they’re hiring employees or allowing people to buy goods on credit,” says Marais. “They should take all reasonable steps to verify the person’s identity as well as personal details such as their address and credit record.”

Three perspectives on ID theft

Marais says SMEs should be looking at ID theft from three perspectives.

Firstly, they must ensure that they protect themselves from criminals who might wish to defraud their businesses by passing themselves off as another entity. There are a range of affordable online tools that SMEs can use to help verify people’s identities and credit histories, such as identity number verification, bank account verification, company registration, director checks and credit bureau data. Most of these are available in real-time.

Secondly, they should take every reasonable precaution to safeguard any personal customer information that they store. Laws such as the Protection of Personal Information Act and Consumer Protection Act demand that they do so; what’s more it can harm a business’s reputation if its customers’ personal identifiable data is stolen or leaked. This entails storing and managing customer information in secure IT systems (or under lock-and-key if it’s in paper form) and ensuring that they dispose of customers’ personal information in a responsible manner.

Finally, SME owners and managers must also be aware that they could be victims of ID theft. That means they should be careful in how they handle business and personal information and documents such as company registration documents, cheque books, credits, log-in details, passwords, and so on. They should be wary of people trying to get this information from them over the telephone or via email.

They should also put robust antivirus, malware protection software and other security measures in place to protect themselves and their data from identity thieves. It’s also a good practice to shred credit card statements, bank deposit slips and other such information when it’s no longer required rather than simply throwing it in the bin.

“Your own identity and that of your customers and suppliers remains your responsibility and should be safeguarded to avoid possible liability suits. Identity fraud is a reality and probably the easiest and most common fraud to commit. Always make sure you know who has your detail, that it is safeguarded at all times -and apply the same vigilant measures to safeguard the information you keep” adds Marais.