How easy is it to steal the identity of a business? Just ask Roger Lee Shoss and Nicolette Loisel, two Houston-based attorneys who turned hijacking the identities of publicly traded companies into a cottage industry.
According to the Department of Justice, the two took advantage of loose public- and private filing systems for more than a year, fooling regulators in Ireland, the UK and the U.S. and stealthily taking control of dozens of dormant firms. The scam calls attention to a little-known, but growing problem in the U.S. and elsewhere: business identity theft, and the way that lax business filing systems aid would-be thieves.
By all accounts, Shoss and Loisel were masters of the art of corporate identity theft. According to a federal indictment, the two were part of a three person legal team operating within an octopus-like international conspiracy spanning the U.S., U.K. and Spain. After using online business registries to identify dormant, publicly-traded companies in the U.S., Shoss and Loisel would resurrect the firms: filing certificates of amendment for the firms' articles of incorporation that folded the existing, publicly traded firm into sham shell companies they had set up.
By manipulating business registration systems in Florida and Delaware as well as filing systems at organizations like NASDAQ and the SEC, the scammers took control of the companies and then obtained legitimate CUSIP numbers and stock trading symbols that were then used to push the worthless stock on unsuspecting investors. In all, the scheme raked in close to $100 million through bogus stock sales of 54 separate firms to gullible investors, mostly in the UK, before regulators and law enforcement got wise to it.
The scheme was larger in scope than similar business identity theft operations, but not unusual in its details. The success of the perpetrators underscores the gulf in awareness that exists between the well-known problem of consumer identity theft, and the lesser known problem of business (or corporate) identity theft, according to experts interviewed by ITworld. "This is something that goes on quite regularly," said Ricky Harper, the Director of Florida's Division of Corporations.
Harper said that business identity theft is often a lurking problem that slips under the radar of both state officials and law enforcement. Harper said that officials – himself included – often don't know what to look for. "I was asked by our previous Secretary of State, Curt Browning, to look into the problem. I read some articles on it but didn't see much evidence of it here in Florida," Harper told ITworld.
Then Harper said a case came across his desk that woke him up to the corporate identity theft problem. "We had a business – and aviation company - that had been dissolved by the owners. It was then reinstated by some identity thieves. Soon after, they applied for a $140,000 federal fuel tax credit, which was delivered as a check. The scammers and the money disappeared and the previous owners only learned about it when the IRS came knocking on their door."
Harper said that, when learned about the scam, he realized that the Division of Corporations wasn't looking for the right clues. Rather than trying to identify fraudulent filings, the Division instructed its employees to start looking for innocuous-seeming changes that correlated with business identity theft scams. Those included sudden changes in the registered agent or mailing address of a company. "Once people started looking for that, we discovered a fairly high amount of (identity theft)," Harper said.
In the last decade, secretaries of state across the U.S. have moved business registries and filing systems online as a convenience to taxpayers and also to save money. Unfortunately, that move online hasn't gone hand-in-hand with tighter security. Lax business registration systems are the norm in the U.S., and they're also a common denominator in business identity theft scams, say officials in other states that have confronted the problem.