Defending SMBs And B2B Against ID Fraud Chaos

Amid the great digital shift, smaller firms are increasingly vulnerable to complex and ever-evolving fraud schemes.

Sontiq Senior Vice President of Digital Financial Wellness Jim Van Dyke told PYMNTS in an interview that small- to medium-sized businesses (SMBs) have been facing a bit of a double-edged sword.

“Small businesses that survived the pandemic often did so by making several vital changes in safety or distribution practices,” he said. “As if that wasn’t enough, they have reopened to a different environment.”

In the new emerging-from-the pandemic environment, demand for these firms’ products and services is higher than ever before, he said. But supply chains are still constrained, and that means that many companies are grappling with revenue headwinds.

Fraud’s Fertile Ground

The landscape is marked by chaos, he said, adding, “Chaos is fertile ground for fraud.”.

Digging a bit deeper into the avenues targeted by the fraudsters themselves, he said that SMBs are being targeted for identity theft — a crime of data misuse that requires an antecedent. That antecedent is a data breach or compromise.

“As with consumer ID crimes, business ID crimes are perpetrated by hackers and others that compromise so-called private information, and then use it to impersonate a business entity,” he said.

Business identifiers, such as employee identification numbers (EINs) and account numbers, are gleaned by criminals to commit financial account takeovers (ATOs), file for income tax refunds, take out business loans, or order goods or services online — among a range of other activities.

The rising waves of fraud attacks and business email compromise (BEC) will only continue, he predicted, as virtual commerce enables virtual fraud.

The weaknesses and vulnerabilities are on full display, he said. Password management is difficult.

SMBs, he said, have “a problematic co-mingling of finances and identifiers” for the SMB and executives’/owners’ personal information. And, in short, these firms need better and more efficient ways to identify legitimate business interactions (with outside parties) and to ascertain that individuals (owners and executives) are who they say they are.

Business identity data remains readily available on the dark web, he said. Efforts from firms like Sontiq scour the dark web for files, forums and other places where that data is being made available and where it is being sold.

“We can give our members a heads up as to what is out there, the specific kinds of risks that vulnerable data presents, and importantly, what to do about it,” he said, aided by advanced technologies such as artificial intelligence (AI).

To that end, as PYMNTS reported last month, Sontiq said it has teamed with Zions Bancorp for a referral collaboration.

In terms of mechanics, the Zions’ Complete marketplace will feature Sontiq’s business suite in a bid to help SMBs beef up their defenses against identity theft and BEC scams.

Constant monitoring is important, along with knowing what to do when business fraud or scams “explode,” he said.

In one example, a business may be a victim of an international cybercrime syndicate.

“The attackers may go on to attempt extortion and wage personal threats against the SMB’s employees,” he said. “In some cases, even federal law enforcement may not be able to help an SMB.”

The Role of Federated Identity

Federated identity can provide certain advantages in combatting the fraudsters, he said. Through this approach, banks can authenticate their customers, and then electronically vouch for those customers in other situations.

“This is often referred to as Identity-as-a-Service, and for banks, it can do more than protect sensitive data and the risks associated with data breaches,” he said. “It can retain customers, curtail losses and, if configured to do so, generate additional fee income.”

In addition, financial institutions (FIs) can simplify their business customers’ lives.

“What’s most misunderstood about security for SMBs is that a business can be rock solid about protecting against exposure of its own data and still become a victim of data misuse by others,” he said.

Consider breached entities that expose an SMB’s data. Malware is a persistent threat as it can be downloaded, unwittingly, by anyone at any time.

“Financial relationships are ideal for helping customers with their needs to protect information at rest and on the move,” maintained Van Dyke, who told PYMNTS the battle will never end.

“It will be a constant cat-and-mouse game with shape-shifting vectors,” he predicted.