What Is Business ID Theft and How to Fight Back

In a 2012 nationwide survey by the Ponemon Institute, 74% of small and medium sized business reported online banking fraud. Identity theft is no longer limited to consumers. Criminals are finding business identity theft to be an easier and more lucrative option. It is imperative to protect your company on many fronts, including your bank account, credit file, computer networks, and with employee training.

Business vs. Personal Identity Theft

The crime is an impersonation of the business, rather than a breach of information. Thieves can use business credentials such as an Employment Identification Number (EIN), registration information, and other publicly available details to manipulate business records, access credit/checking accounts, etc. These are often available for free or can be purchased without even breaking the law.

The threat is not limited to large corporations. Corporate identity theft is the term often used, but identity thieves can target any sized business. An incorporated small business, partnership, LLC, or even a sole proprietorship can be the victim.

Why Business Identity Theft Is So Hard to Fight

Identity theft at the business level is hard to fight for many reasons. According to an educational resource on BusinessIDTheft.org, a site run by the Identity Theft Protection Association, state ID theft statutes recognize such crimes only against individuals. There are often no provisions for investigating/prosecuting stolen business identities. California became the first state, in 2006, to include business entities in its identity theft laws.

The schemes also tend to be complex, sometimes crossing state lines or coming from outside the United States. Federal laws criminalize stealing a person’s identification. Major legislations, as with state and local laws, leave out business entities. This makes federal prosecution complicated.

Why Thieves Are Targeting Businesses

To an identity theft criminal, it’s much easier to target a business than an individual. The reasons include:

  • A small business may have up to $10,000 in its bank account. Larger ones may have much more.
  • Business credit lines are often much higher than consumer ones, without transaction limits, detailed reviews, or an expense approval process. Large purchases are less scrutinized as well.
  • It’s easier to open a business account and the credit limit is usually higher, while a consumer credit check is not a factor.
  • Flexible invoicing and payment terms give thieves ample time to receive products/services and avoid early detection.
  • There is an Internet black market for stolen business information, in which it’s sold, purchased, and traded amongst many cyber criminals and organizations.

How to Protect Your Business

Defending against business identity theft requires protection in several key areas. Nearly every company is online, so the first line of defense is up-to-date security and authentication controls. Also install and regularly update anti-virus, anti-spyware, and Internet security programs, operating system security patches, and firewalls. Make sure any wireless network is encrypted with a standard such as WPA2.

Other areas of protection include:

  • Business bank accounts: Security measures such as two-factor authentication can protect accounts and prevent fraudulent wire transfers. Online banking requires a log in, provides email and text alerts on suspicious account activity, and eliminates theft-prone paper statements.
  • Account supplies/records: Checking account items should be secured in a place where only authorized personnel can access them.
  • Business EIN: Thieves can do a lot of damage using an EIN, so this should be disclosed with care. Keep sensitive information secured and shred any unnecessary documents containing business identifiers.
  • Business registration information: Thieves often target suspended/inactive companies. This is another reason to file annual reports and renewals on time. Registration information can be viewed online, while enrolling in email alerts from state agencies may help find fraud attempts early.
  • Credit file: Various online monitoring services allow a review of business credit reports for signs of suspicious activity or inaccuracies.
  • Training: Another line of defense is to educate employees on how identity thieves operate. Consider the benefits to you company rather than simply addressing state and federal compliance. A trained worker can recognize and even stop an identity thief in their tracks.

You can also protect your business by ensuring each order is valid based on its size or the information provided. Signs for concern include inconsistent names, high shipping costs, or repeated failed transactions. Also, Internet monitoring services track a company’s online presence. Up-to-date activity tracking/monitoring technologies can spot fraudulent behaviors before criminals complete their transactions.

Fighting Back

If you suspect business identity theft has taken place, the following actions can help protect your accounts from further damage.

  • Contact the bank’s fraud department as soon as any fraudulent wire transactions or ACH transactions are discovered. Depending on the time passed and the bank’s policies, stolen funds may be recovered. At the very least, the financial institution might help close the account, open a new one, or change passwords/credentials.
  • Call the respective credit card company, which can cancel a compromised card, close the account, or review all recent transactions.
  • Report check fraud to a national or regional check verification company. These organizations keep databases of reported company names. If not alerted to ID theft, the company can deny your business the use of checks or checking accounts.
  • An incident should be reported to a local law enforcement agency. With proper legal instructions and a case number, your business has a better chance of fighting the crime.
  • Contact your state’s business registration agency if business records have been changed. Also report new fraudulent accounts to any creditor, lender, or respective organization and keep written notes on all communications.
  • Consult an attorney. Business identity theft varies in scope, and may involve multiple jurisdictions and entities. The legal expertise can help your business mitigate losses, fight or avoid lawsuits, face creditors, or avoid criminal prosecution.

Identity theft is a common and growing crime. Keep accurate records, track credit and finances, protect information, train your employees, and contact the proper authorities in the wake of suspicious activity. The hard facts prove it’s just a matter of time before your company is threatened by swift, elusive identity thieves. Don’t waste any time in acting.

Resources:

  • http://www.businessidtheft.org/
  • http://www.sos.state.co.us/pubs/business/ProtectYourBusiness/BITresourceguide.html
  • https://www.sba.gov/blogs/how-prevent-and-detect-business-identity-theft
We will be happy to hear your thoughts

Leave a reply