In April this year, CIFAS – the UK’s Fraud Prevention Service reported that there had been a 20 per cent increase in the number of identity fraud victims in the first quarter of 2010 compared to the same period in 2009.

There is however another form of identity fraud that is often overlooked, but that can cause considerable damage to those targeted. That form is company identity fraud or company hijacking.

At CPP we decided to look into this issue in more detail and were surprised at just how easy it was to defraud companies through loopholes in the registration of company records and businesses own limited understanding of the issue. This is despite it having a crippling affect on those targeted.

So what did we find?

Through documentary research of Companies House we found that company ‘hijacking’ occurs with the submission of false documents to Companies House and normally involves changing the details of a company’s registered office address or the details of its directors or company secretary. The amendments to company records can be done via the simple submission of a paper form.

Whilst Companies House is a registry of corporate information it does not check the details on the paper forms for validity, nor have the resources to notify extant company directors or company secretary that paper forms have been filed for their company. As a result, such forms are taken at face value and the register of companies updated accordingly, even if the updated information is false.

The fraudulently updated data now becomes part of the public record and any checks which are made on the company against the register will show that the applying director is registered as an official director of the company and that the address supplied is the registered office of the company.  The fraudulent data would appear legitimate in relation to any director/address checks undertaken on the company and any ordinary credit search against the company would show the actual credit rating of the company.

Providing that the credit rating is healthy, an identity fraudster can now place orders in the name of the company to be dispatched to the false registered office address. The legitimate business is unlikely to know that the order had been placed or goods dispatched until the supplier chased for payment. This fraud would impact both the hijacked company (in terms of adverse impact to its credit rating) and the supplier through loss of income.

Companies House receives around half a million paper documents each month and estimates that between 50 -100 of these are fraudulent. Whilst this is only 0.02 per cent of all documents received, the Metropolitan Police estimates that the loss to industry resulting from company hijacking is in excess of £50 million.

Separately, when we questioned small and medium sized enterprises (SMEs) directly about company identity theft the results confirmed what we thought, namely there is a lack of understanding and preventative measures being taken. One in five SMEs (22%) admits they may be vulnerable to corporate identity fraud due to lax procedure and protocol including 47 per cent who said their current employees have access to sensitive company data, 61 per cent that don’t encrypt company data, and 22 percent that allow employees to take sensitive documents out of the office.

Reverting back to the issue of Companies House, 87 per cent of company directors are not aware of the loopholes and only 14 per cent claim to take advantage of the PROOF scheme offered by Companies House, which offers secure electronic filing of documents to protect them from potential fraud.

With two per cent of SMEs in the UK reporting corporate identity fraud, this equates to over 100,000 companies defrauded, costing them an average £13,500 each – enough to put some smaller businesses out of operation.

Clearly more needs to be done. SMEs need to be aware of their shortcomings and the associated risk. They should sign up to the PROOF scheme and monitoring services that warn them of any changes to their company details. On the flip side, companies should not rely on Companies House records alone in determining whether to lend goods, services or credit, as it is merely a public register and not a credit reference agency. Finally, Government should give Companies House the statutory power and resources to verify the accuracy of the information that corporate entities send to it.

To do nothing is not an option anymore.