Sunday, February 6, 2011
CIPRO: Hijack cases hit twenty seven
CIPRO: Hijack cases hit twenty seven
Galderma Laboratories and Fujitsu among the latest confirmed victims
JOHANNESBURG - Six more companies have been added to the list of confirmed victims of company hijacking in 2010, bringing the total number of recorded cases to twenty seven. They are: Galderma Laboratories South Africa, Astrapak Gauteng, ITQ Business Solutions, Fujitsu Services, Birchwood Management Company and Mtema Mashao Consulting and Civil Engineers.
In all these cases the legitimate directors of the companies targeted were ‘resigned' on the database of the Companies and Intellectual Property Registration Office (CIPRO) and replaced with fraudulent directors.
In at least one case a bank account was opened by the fraudsters in the name of the company and a substantial tax refund from the South African Revenue Service (SARS) was diverted into the new account.
The (possibly stolen) identity of one ‘Bekizitha Dlomo', 52, was used in several of the twenty seven cases.
According to CIPRO records ‘Dlomo' was fraudulently inserted as the director of ContinuitySA (June 1), Mtema Mashao Consulting and Civil Engineers (June 25), OEP Office Equipment Products (June 30), Vanern Investments (July 1), Natmed (August 19), and South African Valve and Tube Industry (August 31).
‘Dlomo' is also listed as a director of two CCs with names similar to the South African Revenue Service or the abbreviation thereof: ‘SARSA Projects and Maintenance Services' and ‘South Africa Mevenue Projects Services' (our emphasis).
Table: CIPRO hijacking victims list 2010 (updated Dec 8 2010)*
Nestle Purina Petcare
A Million Up Investments 48
CHM Vuwani Computer Solutions (KZN)
Aobakwe Louw Properties
Taquanta Asset Managers
Bombardier Transportation UK Limited
South African Valve and Tube Industry
OEP Office Equipment Products
D and T Trust
Galderma South Africa Laboratories
Birchwood Management Company
Mtema Mashao Consulting and Civil Engineers
ITQ Business Solutions
* Note: This list excludes the unrelated cases of Kalahari Resources and Syanda Chrome.
Company hijacking: What the banks advise
26 January 2011
Absa, FNB, Nedbank and Standard Bank's response to our request for comment
JOHANNESBURG - Over the past week or so Politicsweb contacted the big four banks requesting their help on a ‘best practice' guide on how a company should respond if they find they have been hijacked (or cloned) through CIPRO.
We noted: "The aim of these frauds is almost always to set up a bank account in the company's name so that fraud can be committed of one kind or another. So, one thing they have to do is contact all the banks to alert them to what has happened. Does [your bank] have a particular number that companies should contact if they think they have fallen victim to this kind of scam? Is there any other advice you would give?"
Absa, Standard Bank, Nedbank and FNB replied as follows:
From John Dludlu, Absa spokesperson:
The company should contact its banker, relationship manager or the bank's fraud line. In Absa's case, for instance, our customers can call our complaints' helpline on 0800 414 141 to report suspected "hijacking" incidents. Furthermore, CIPRO could also be contacted in order to find out if the details of the enterprise have been tampered with.
If it turns out that a "hijacking" incident is occurring or has taken place, you should lay a charge at the SAPS and contact the Banking Association of South Africa in order to warn all South African banks, while CIPRO and other role-players work towards reversing the "hijacking". Absa is committed to preventing fraud of any kind and we make every effort to ensure that any suspected irregular activity on clients' accounts are investigated."
From Marius Le Rouw, Head of Small Enterprise at Standard Bank:
Standard Bank's fraud hotline number is 0800 113 443. Customers suspecting fraudulent activity of any nature may call this number to report suspicions of fraud.
Standard Bank recommends that organisations/companies who suspect they have been victims of CIPRO-related fraud should report this immediately to their bank, and CIPRO (email@example.com).
Companies must ensure that any changes to their records must be communicated to CIPRO as soon as possible. Such changes include changes to telephone numbers, physical and postal addresses and directorship. Submit annual financial returns to CIPRO on time as required to by law. Always safeguard confidential documents.
From Nick Jacobs, General Manager: Nedbank Group Risk Services:
1. Appoint one or two people in the company to deal with the problem.
2. Notify all employees in the company of the fraud, so they know of the problem and who to refer queries to.
3. Notify all financial institutions of the fraud: at Nedbank, notify the Nedbank call centre on 0860 555 111, stating that you believe your identity may have been taken over. Please be sure to forward any possible documentation that may assist the bank in identifying fraudulent accounts.
4. Notify all your debtors and creditors that you have not changed your banking details and that any notification of same must be routed to aforementioned contact at the company.
5. Contact the credit bureaus and request a consumer report to determine which institutions may have been making enquiries on your profile so you can determine if any accounts have been opened / credit obtained in your name.
First National Bank:
From Mphilo K. Dlamini, Senior Corporate Communications Manager, FNB Commercial Banking:
The general consensus within FNB is that you direct this question to SABRIC, because there is something SABRIC, the banks and CIPRO are doing about it and the lead agent in those discussions is SABRIC. Also, FNB feels that companies who think they have been hijacked must report that directly to CIPRO.
Update from FNB: People can go to FNB website (https://www.fnb.co.za/) which operates 24/7 - and call the number that appears at the top of the site under the tab Fraud Prevention. The staff in this number will redirrect the call appropriately or deal with the matter. We also advise that the first course of action, during busniess hours, would be for the client to immediately contact his/her account holding branch if such fraud is suspected.
Has your company just been hijacked?
26 January 2011
James Myburgh provides a guide on what you need to do
JOHANNESBURG - Over the past few years there has been an increasing problem of criminal syndicates using the Companies and Intellectual Property Registration Office (CIPRO) for the purpose of committing fraud. In 2008 a Pakistani syndicate used company cloning to defraud the South African Revenue Service (SARS) of R51m. By August 2009 another syndicate had cloned at least 114 companies for the purposes of committing various types of fraud. And in 2010 at least forty companies were hijacked - mainly for the purpose of trying to divert VAT refunds.
But while there is a growing awareness of the problem many companies who fall victim to this kind of fraud do not really know how to respond.
This guide is an attempt to remedy this deficiency. It sets out nine steps that need to be taken by a company to minimize potential harm. Standard Bank, SABRIC, Nedbank, Absa and CIPRO all provided input into these (see the banks' full contributions here). FNB, SARS and the SAPS declined or did not respond to an invitation to do so. This list is not exhaustive, and we'll update it with any further suggestions that may come in.
Before setting out the actions that a company needs to take - once it becomes aware it has been targeted - it is necessary to have some understanding of how these frauds work.
How CIPRO based frauds work
This guide is concerned with two common kinds of CIPRO-based fraud. The one is to set up a closed corporation (or company) with a confusingly similar name to a legitimate concern (‘company cloning'.) The other is to fraudulently deregister the legitimate directors of a company, and insert a syndicate member (‘company hijacking.')
These CIPRO based frauds follow a certain progression as illustrated by the following two examples:
A company cloning fraud (from 2009):
A client posts a cheque to "Company Y".
The cheque is intercepted at the Post Office by the syndicate.
A CC called "Company Y 01" is then established through CIPRO.
The director of the new CC opens a bank account with FNB.
The stolen cheque is deposited into the new account and the money removed.
A company hijacking fraud (from 2010):
A large tax refund due to Company X from the South African Revenue Service falls due.
The syndicate is alerted to this opportunity by a SARS insider.
The legitimate directors of Company X are removed on CIPRO and a syndicate member using a stolen identity is inserted as the sole director.
The new director opens an account with Absa in the name of Company X.
SARS is then requested to change the banking details of Company X to the new account.
The refund is paid into the phoney account and the money removed.
As can be seen from these two examples the actual goal of the syndicate in effecting changes at CIPRO is to set up a bank account in the targeted company's name. It is critical to remember that if a stranger has been inserted as the sole director of your company then, as night follows day, they will have approached a bank branch to set up an account in your company's name. Unless the bank concerned phones you to check their bona fides before activating the account it can be taken as a given that they will have succeeded.
Once such an account has been established there are numerous other types of frauds that can be committed. Your clients may be approached to switch bank details; the syndicate may try and get credit in your company's name; or the syndicate will pay a cheque into another company's account and then request a refund before it has cleared.
There is thus no room for complacency. If you delay in acting it is not just your own money you potentially put at risk - but also your debtors', those who trust in your company's good name and South African taxpayers'.
How to check your details on the CIPRO website
Company details should be checked routinely. However, additional warning signs could be a delay in the payment of a tax refunds, a cheque that is long overdue, odd queries from clients or credit bureaus and so on.
It is currently possible to do certain basic checks on the CIPRO website. You can get your auditor or accounting officer to run a full check with CIPRO - and if you think your company may have been targeted it is advisable to do so.
If you go to the CIPRO homepage - www.cipro.gov.za - there is a panel on the left. Towards the bottom there is an empty field titled "name search" (see image). You can insert a key word from your company's name to check what other companies or CCs have similar names to your own (these won't necessarily be fraudulent.) Try "AVUSA" for instance and see what comes up. This method is not foolproof. If you insert "RENAULT" into the field it won't pick up the CC clone "RENAULTSA INSTRUMENTS CONTROLS."
For the next month it is possible to check your directorships on the CIPRO website for free by clicking here and inserting the identity numbers of your directors. For instance, if one inserts the ID number of the hijacker of Coca-Cola Africa ‘Samuel Sadike' the following comes up:
Again this check is not perfect as a syndicate member may occasionally be inserted as a director while leaving the other legitimate directors in place.
Once sure that your company has been hijacked - or obviously cloned - there are certain steps that must be taken as quickly as possible. It is critical to keep proper records of everything you do, as a lot of money can be stolen, and you may later find yourself in dispute with SARS or the banks over liability and negligence. These steps are (not necessarily in this order of priority):
1. Notify your own bank of the fraud, at one the following numbers:
Nedbank: 0860 555 111 (helpline)
Standard Bank: 0800 113 443 (fraud hotline)
Absa: 0800 414 141(complaints helpline)
FNB: 011 632 2226 (fraud team)
Remember to forward to your own bank - and the others - all documentation that may help them track down and identify fraudulent accounts.
2. Notify all the other banks - and record such notifications in writing.
Nicky Lala-Mohan of the Banking Association has also undertaken to pass on warnings of company hijackings to the banks (email: firstname.lastname@example.org telephone: 011 645 6700)
3. Notify CIPRO of changes to your records:
CIPRO can be emailed at email@example.com or firstname.lastname@example.org. Be sure to notify CIPRO of all fraudulent changes to your company's records. Apart from altering directorships the syndicate may have changed details of your physical and postal addresses, telephone numbers, company secretary details, and auditor details.
4. Lay fraud charges with the South African Police Service (SAPS) and keep a copy of the affidavit:
5. Notify the South African Revenue Service:
SARS' Fraud and Anti-Corruption Hotline is 0800 00 2870
6. Contact your debtors and creditors and notify them that your bank details have not been changed.
7. If any cheques from a debtor are overdue - and may have been intercepted - get them to cancel them.
8. Contact a credit bureau - such as Experian or Transunion ITC - to check whether any accounts have been opened or credit obtained in your company's name.
9. Notify all employees in the company of the fraud, as well as the person they should direct any inquiries to.
If you so wish you can also notify us at email@example.com. We'll do our best to check whether other companies have been targeted and to keep the feet of CIPRO - and other relevant institutions- to the fire until the problem has been solved.
Department probes Cipro software deal
Feb 5, 2011 9:58 PM | By Jana Marais
The Department of Trade and Industry will investigate claims that it paid $2.7-million for software to controversial IT provider VALORit, while the retail price for the software was only $900000, said Trade and Industry Minister Rob Davies.
Current Font Size:
Share According to a judgment in the North Gauteng High Court between VALORit and Blue Turtle - the sole agent for the software - VALORit was supposed to charge the government agency Cipro (the Companies and Intellectual Property Registration Office) $1.4-million for the software, with the profit being split between VALORit and Blue Turtle.
However, according to the tender documents, which were not submitted to court, VALORit charged Cipro $2.7-million, Politicsweb reported this week.
Davies said the department was "gravely concerned" about the price paid and the value received.
The software was supposed to be part of Cipro's new electronic content management system after the old one suffered a series of high-profile security breaches.
Last year the department terminated the contract, awarded to VALORit for R153-million - against Faritec's bid of R63-million - after the auditor-general uncovered irregularities.
The parties have not reached an out-of-court settlement, despite claims to the contrary by VALORit, and the high court would now have the final say, Davies said.