I have had trouble in the past with people using my company's bank details -- which are fairly public as a lot of our customers pay us by BACS -- to set up dodgy direct debits. Rather bizarrely they appear not to have actually given the organisations concerned any useful details (at least, they had given a nonexistent name/address to the only organisation who provided that to the bank when the bank requested it) so I can only imagine they were trying to cause money rather than actually scam us in any useful way. In any case I watch that account carefully and flagged the direct debits as dodgy straight away to the bank; I now have a note on the account that no direct debits are to be set up on that account without my explicit written instructions, which appears to have solved the problem.