Corporate Account Takeover - How To Prevent It

By Author: Chris Work
Total Articles: 19
Comment this article

There are people out there who will take advantage of a company's assets in a way that negatively impacts that company's bottom line. As companies conduct an increasing amount of business online every day, many find themselves susceptible to various types of fraud. One prevalent type of fraud is corporate account takeover - when an unauthorized user obtains a company's vital information, re-routes all official mailing to his or her own address, then uses that company's information to make charges or even apply for credit.

The most important step in avoiding corporate account takeover is to recognize the different methods unauthorized users employ to obtain information. Social engineering, finding online filings, dumpster diving, and gaining internal access are all common account takeover strategies. Each is explained below, along with steps that can be taken to prevent each from happening.

Social Engineering:

What is it?

Social engineering is when an unauthorized user calls a company, asking for vital information such as electronic passwords, under the pretense that he/she is conducting legitimate ...
... business.

How to avoid it:

Prevent social engineering by knowing who your trusted business partners are. Most of these partners have the information they need about your company and will never call to ask for more information.

Finding Online Filings:

What is it?

Since the Secretary of State began allowing businesses to file annual reports online, unauthorized users have found ways to access those filings and add themselves as company officers. Once listed as a company officer, the unauthorized user just has to do a little more research for credit information and can use this information to apply for credit as a company officer.

How to avoid it:

Monitor your online filings, and ensure that only the appropriate contacts are listed on the filing. Also, continue to ensure that your correct corporate address is listed on the filings.

Dumpster Diving:

What is it?

Have you ever heard the saying "One man's trash is another man's treasure?" Dumpster diving is a low-tech, common method of obtaining a company's vital information, and is a great example of how the things we throw away can be valuable to others. Combined with mail-watching, unauthorized users can access both personal and business information which can be used to access accounts by simply digging through the trash.

How to avoid it:

Shred any sensitive materials prior to disposal. An in-office machine is inexpensive at office supply stores. If possible, have all of your business' mail delivered inside your office location to reduce exposure to unauthorized users. Avoid using common passwords that can be easily compromised.

Gaining Internal Access:

What is it?

Both current and former employees have the ability to commit account takeover, as company information is readily available for their use. Unfortunately, sometimes it is used for personal gain, particularly if an employee has sole access to a particular account.

How to avoid it:

Avoid this form of account takeover by establishing a strong monitoring system over company accounts, so that all spend that occurs on these accounts has oversight. Also, it is widely considered a best practice to set more than one person as an administrator of corporate accounts, which gives each account an additional layer of monitoring. Finally, when an employee leaves the company, immediately block his/her access to secured data and sensitive information.

Working with a corporate purchasing partner who can help you monitor suspicious activity on your accounts is the first step towards making sure your profits are protected. When looking for a provider, make sure it has programs in place to detect potential fraudulent transactions before they become a problem.
Comdata offers a comprehensive suite of Enhanced Authorization Controls for detecting fraud so your credit card merchant service or corporate accounts will be safe. Prevent scammers from taking over your corporate account by letting Comdata customize an enhanced authorization controls program to meet your unique business needs.