National UK Business Register

It has been proposed on the Open Data User Group that some key data held by HMRC on the VAT Register should be made publicly available.

Any changes to open this data up are likely to involve some years of debate and discussion, and would require legislation. However the possibility has at least been acknowledged.

Unlike Companies House for Limited companies, there is no complete official register of businesses that are not Limited companies, and there is no requirement for these businesses to file or disclose any financial data for public record. First Report can provide a non-Limited business credit check but the data available is limited in scope. The exact identity of the business can also be ambiguous.

VAT records could provide the basis of a Non-Limited Business Register and would provide a clear business identity and address, and financial data.  

Having access to this data in a credit check would give other businesses and lenders more opportunity to assess the level of credit which is realistic for the size of the business and generally assist credit controllers in making credit decisions.

It may be some way off, but if it happens the additional data will certainly be welcomed by credit controllers.

Consumers Could Benefit From Credit Checking

Consumers could benefit if they had some of the knowledge that credit controllers and credit managers use every day.

If you are one of our clients and work in credit control, you will review an application for credit and run a credit check with First Report. A decision to extend or decline credit, or where to set the credit limit and credit terms will depend on the information gathered about the business.

But consumers are also at risk of financial loss when companies fail. High street company failures can leave consumers out of pocket. The same can also happen with any large domestic purchase or home improvements project.

If a company fails, then any guarantee that came with the goods or the building work probably disappears too. If money was handed over in advance of delivery or work being done the payment may not be recoverable.

Not many consumers would think to obtain a credit report on a company or firm before handing over their money. However credit controllers know the value of checking who they are dealing with.

Job Applicants Invite ID Theft

I was advising an online employment agency about credit related data issues, and was astonished at how cavalier people can be with their personal data.

In a previous post I covered the topic of secure passwords for banking and financial services. But giving away other information about your identity is also asking for trouble.

I was privy to the CVs people were posting online and what I saw was truly shocking.

A full CV has lots of very specific information such as names and addresses of previous employers. The education details include a list of schools and educational establishments attended. Now we’re getting something useful, and things like ‘first school attended’ are stock ID checking questions used to verify your identity. However in isolation this information should not be too damaging even in the wrong hands.

But I saw CVs coming in online where people decided to include their National Insurance Number and Passport Number. Don’t ask me why. But it didn’t end there. Others clearly thought it was helpful when putting their date of birth to include their place of birth for good measure. I saw one CV that even included all the aforementioned titbits, and for good measure attached a copy of their passport! 

ID theft does not always mean accessing your bank account or credit cards and clearing them out – that would probably require knowing your passwords too. But ID theft can also be about applying for credit, opening accounts, buying goods, or obtaining new credit cards in your name.

So put all this information together with a full name and address, telephone, mobile, and email address, and in the wrong hands it is inviting ID theft. Remember, these were not paper CVs delivered to a specific potential employer, but CVs being posted on a website so others could view the CV online.

As a result of my concerns the service in question put in place some filters and added clear instructions to candidates not to embellish their CV with unnecessary personal data.

For consumers ID theft can mean financial loss as well as impacting their credit report file. But with a little more care ID theft would not be so easy.

No Credit If You Can't Spell Your Name?

In a previous post I wondered what to make of companies that couldn’t spell their own names correctly, No Credit Your Name Worries Us. Since that post we’ve come across other companies with the same issue.

In a typical scenario a credit controller receives some basic details by telephone, and then does a company search on our system. No trace. They try again. No trace. Our client then contacts us and asks us why the company can't be found.

When we look into it, we find that the company is not being returned in the expected search results because it is incorporated and trading with the wrong spelling of the defining word in their own company name.

Would you feel confident extending credit to a company offering ‘Buisness’ services? Or what are the prospects for a business that has an ‘a’ instead of ‘e’ when trying to operate an education ‘Acadamy’? The dilemma for credit controllers in such cases is whether to be influenced by the incorrect spelling. Does it infer a sloppy approach which could extend to other areas of the business including the finances?

We recently checked a chauffeur car business with a missing ‘u’ in their ‘Chauffer’ driven cars business name. I bet they could drive you round the bend...

Security Loophole Access to Credit Files

Access to personal credit reports is strictly controlled with legal requirements limiting who can search files. To be authorised to search someone else’s credit file requires the searcher to be registered under the Data Protection Act.

Having access to an online credit checking service is a standard part of the vetting procedure for many companies that deal with consumers. Companies with a licence to search consumers include high street mobile phone companies and letting agents, and stores and supermarkets that offer account and credit facilities.

Credit agencies that provide access to credit checks will screen each organisation that applies to open an account, and will ask the organisation to provide their Data Protection Number. Without a DPN, the application to run credit checks will be denied.

However First Report has seen an increase in fraudulent attempts to get around this. All organisations which are registered under the Data Protection Act can be searched online on the Data Protection Public Register, a public website which is designed to enable anyone to quickly verify the licence details of any registered organisation.

Entering just a single name or word is sufficient to return all organisations that have a similar name on the register. Each entry includes the Data Protection Registration Number, the type of licence held, and name and address details for the holder.

The availability of this data means that criminals can search the public register and record all the details shown. In the cases recorded by First Report, the applicant has registered a domain name that looks appropriate for a division or branch of the company, and then set up an email address at that domain. The scammers then apply to access credit files using all the legitimate information and the Data Protection Registration Number, and their own email address and phone number.

Criminals who attempt to access consumer credit files are commonly hoping to harvest personal information which can then be used for identity theft and fraud.

At First Report we have a detailed due diligence process and we have successfully stopped a number of attempts to gain access to personal credit data using this scam. We have reported this to the Office of the Information Commissioner.

I May Know Your Credit Card PIN

A while back I explained how your password can be cracked. Well, it seems that a large number of people are almost inviting someone to empty their bank accounts if their credit cards or debit cards get stolen.

Amazingly, your PIN is probably either 1234, or 1111. Am I right? If not, well done; you are among the 75% of people that don’t use one of these two numbers. But everyone else, which therefore includes 1 in 4 people reading this, has one of these two numbers as their PIN.

Most bank machines allow a couple of attempts to enter your PIN in case you mistype the first time. So two goes would be enough to try both 1234 and 1111 with a 25% chance of hitting the jackpot.

Other common combinations include simple number patterns such as 4444 or 1212. Dates of birth figure regularly, so if you do use your date of birth, your PIN is more likely to be compromised if you keep other identification containing your date of birth in the same place as your credit cards.

However there is some good news. There are 10,000 potential combinations for a 4 digit PIN. So any PIN has a 1 in 10,000 chance of being guessed randomly. But because so many people choose one of the obvious number patterns, that means that the thousands of patternless number combinations are shared out thinly among the rest of the card holders. So for example, someone using 8398 or 6793 is sharing their PIN with around only 0.001% of other card holders, or 1 in 100,000.

So although your odds of any number being cracked randomly would still be 1 in 10,000, the important word here is ‘randomly’. The fact is that criminals and hackers know the most popular numbers and don’t always try randomly; they can save time and increase the chances of success by trying the common PINs first.

So when choosing your PIN, it’s probably better to choose a number that is likely to be shared with closer to 1 in 100,000 than 1 in 4 people!

Small Firms Wait 250 Years for Prompt Payment

The impact of the Prompt Payment Code has been questioned with the revelation that some major companies are still making their small suppliers wait around 250 days for payment. 

The Prompt Payment Code may be a step in the right direction, but recognition of the problem is more overdue than many would perhaps imagine. Small suppliers have been waiting hundreds of years for fair treatment.

I was recently looking at a display of some Thomas Chippendale chairs, and was informed that although he was the leading furniture craftsman of his time, his credit control was a total mess. 

Back in eighteenth Century Britain, exchange the big blue chip companies of today and in their place put the aristocracy, and you get the general picture. They had the money, the influence, and the buying power; and they used it to their full advantage.

The biggest order Chippendale’s firm fulfilled was to supply a vast amount of furniture for Edwin Lascelles at Harewood House. He then had to wait for over 10 years for payment. Such treatment of small traders and suppliers was not uncommon.

As a footnote, if you have a login client account with First Report don’t forget that as well as credit reports we also we offer free debt recovery letters which have very good results.

Anything useful to share or any comments, drop me a line via our Contact page.