Daily Maverick
Dailymaverick logo

Sponsored Content

This article is more than a year old

Sponsored Content

Defending against rising credit application fraud

Credit application fraud is a form of identity theft where fraudsters use stolen personal or company information to apply for credit without the knowledge or consent of the individual or business involved. This type of fraud has seen a significant rise, especially in South Africa, leading to substantial financial losses for victims with limited chances of recovering funds or goods. In many cases, the victims do not have the necessary insurance cover to protect against such incidents.
Defending against rising credit application fraud AdobeStock
ENS
By ENS
6 Sep 2024
Facebook
0

 

Challenges in Law Enforcement

While the South African Police Service (SAPS) has a dedicated Computer Crime Unit (CCU) and the Cybercrimes Act of 2020 provides them with extensive powers to investigate these crimes, the reality is that law enforcement responses are often slow, fragmented, and seldom lead to successful prosecutions. The rapidly evolving nature of cyber threats, coupled with a shortage of appropriate skills and resources, further exacerbates the issue.

Fraudster Modus Operandi 

Credit application fraud typically involves multiple victims, resulting in either identity theft or financial loss, or both. The first kind involves identity theft where fraudsters first steal the identity of an individual or company. They then use this stolen identity to apply for various forms of credit, such as retail store credit cards, bank accounts with overdraft facilities, personal loans, or even purchasing vehicles on credit. The second kind relates to financial loss for credit providers, where a credit provider or lender unknowingly grants credit to the fraudsters. The loss here is not the stolen identity but the financial loss resulting from the unpaid credit.

How fraudsters steal personal and company information

There are several personal identity theft techniques including: 

  • Data breaches: Large-scale data breaches expose personal information, which can be used or sold by fraudsters.
  • Phishing, Smishing, and Vishing: Deceptive emails, text messages, or phone calls tricking individuals into revealing personal information.
  • Malware: Malicious software sent via email can steal information directly from devices.
  • Card skimming: Devices attached to card readers capture card information during transactions.
  • Unsecured browsing: Using unsecured Wi-Fi networks or entering information into unsecured websites can expose personal data.
  • Physical theft: The theft of wallets, devices, or mail can provide access to personal documents.
  • Social Engineering: Manipulating individuals into revealing personal information through deception.

Company information theft techniques include:

  • Phishing attacks: Deceptive emails trick employees into revealing sensitive information.
  • Social Engineering: Fraudsters impersonate trusted individuals to obtain confidential information.
  • Malware and Ransomware: Malicious software infiltrates company systems to steal data or lock systems.
  • Insider threats: Employees may steal or leak sensitive information, often due to personal financial pressure or coercion.
  • Physical theft: Theft of physical documents or devices can provide valuable company information.
  • Unsecured networks: Using unsecured networks exposes company data to attackers.
  • Fake websites and Spoofing: Fraudsters create fake websites to capture login credentials and other sensitive information.

The process of credit application fraud

Once fraudsters have stolen an individual's or company's identity, they then apply for credit using the stolen information. They often avoid personal interaction, instead using fake email addresses and unregistered SIM cards to maintain anonymity. These email domains often resemble the victim's name or company domain, tricking credit providers into granting credit. To illustrate, the below case studies refer: 

Case Study 1: An engineering company falls victim to fraudsters posing as a state-owned enterprise (SOE) that invites them to register on a supplier database. The fraudsters use a fake SOE email domain and request the company's sensitive documents. With these documents, the fraudsters assume the identity of the engineering firm, apply for credit and purchase goods. The engineering firm only becomes aware of the fraud when contacted by lenders for payment.

Case Study 2: A plastics manufacturing company receives an email from fraudsters posing as a well-known retailer. The company fails to verify the authenticity of the email and grants a credit line. The fraudsters place large orders, and the company delivers the goods without proper verification even though upon delivery, the address seems suspect and there is no visible signage identifying the company. The fraud is only discovered when the retailer denies any association with the orders.

Key takeaways

Companies must prioritise fraud and cyber awareness training for employees to help them identify red flags, while also implementing robust verification processes for credit applications and email domains. A simple phone call or site visit can prevent significant losses. Thorough due diligence, including site inspections and verifying contact details, is essential. It's equally important to adhere strictly to internal credit policies and avoid overriding credit limits without proper justification. By understanding the methods used by fraudsters and enforcing stringent verification processes, both individuals and companies can better protect themselves against credit application fraud. DM/BM

Roy Gillespie

Executive | ENS Forensics

rgillespie@ENSafrica.com

Comments (0)

Scroll down to load comments...