Identity theft is a significant problem for businesses too. Here’s what you need to know.

We’re all concerned about identity theft when it comes to our personal lives. We hope our accounts and information are safe and that the government and businesses we deal with are taking care of us.

When it comes to identity theft against businesses, owners have to do more than hope for the best—they need to make safeguarding a high priority.

What most business professionals don’t know is this: Business identity theft increases year after year. In the same way hacking affects businesses more than individuals, identity theft has a greater impact on businesses than we all realize.

Alarming statistics.

The FBI reports that year after year, business identity theft accounts for billions of dollars in losses annually. In 2018, the IRS reported that 10,000 fraudulent tax returns had been filed by criminals impersonating businesses, and once they have enough information and details, they may start to take advantage of it by impersonating your company.

Incredible accounts of business identity theft.

Once criminals steal or obtain bits and pieces of information about your business, they can go to work. They’ll apply for and establish loans and lines of credit, taking advantage of the good credit you’ve worked hard to attain. Then they can do real damage, buying goods or going on spending sprees—completely unnoticed by you and your credit agencies, until it’s too late.

The true-life stories about business identity theft are enough to motivate you to rethink how you protect (or don’t protect) your business information:

• In Tennessee, skilled thieves created websites that looked like those of legitimate auto dealerships. They advertised great deals on new cars, and even accepted deposits on vehicles. Of course, the cars and deals didn’t exist, and the website was a scam.
• In Nevada, a criminal changed the name of a business through the Secretary of State and took ownership of it. They then sold the business to a third party!
• In California, incredibly bold crooks rented offices in the same building as a company, and then obtained company credit and bought merchandise in the company’s name.
• In another instance, an identity thief completely falsified documents and successfully named himself the new CEO and sold the building “his company” owned!

By the time the fraud and theft are noticed, the criminals are usually long gone. In some instances, it can cost a business owner thousands of dollars in lawyer fees and countless business hours trying to recover stolen property or correcting the damage to their company and its reputation.

How do they steal your information in the first place?

It isn’t so difficult, unfortunately, for criminals to get detailed information about your business. Whereas our private lives are somewhat personal (except for our social media profiles), your business’s information is easily available online—and not just the profile of your business that customers may be interested in, but the details of your organization, including credit rating, executive team and more.
 
Identity thieves can begin to steal a business’s identity by gaining information on business bank accounts and credit cards, or by obtaining sensitive company information, such as the tax identification number (TIN) or employer identification number (EIN) and the owners’ personal information. Unfortunately, that step can be easier for criminals than you imagine:

• They can obtain bank account numbers and login credentials to websites from employees they fool through phishing attacks
• Using “old school” tactics, some criminals go through a company’s trash and recycling bins hunting for any physical documents that have valuable information about a business

Identity theft at the state level.

If they have enough information about a business, and if that business has been careless about protecting its identity, thieves can change the company details through the office of the Secretary of State where the business is headquartered:

• Using falsified documents, they can change the registered address of the business
• They can change the names and titles of key business personnel, including those of executive officers, directors and managers

It’s up to businesses to fend off business identity theft.

Take preventive steps now.

Here is what all businesses should do immediately (if they haven’t already) to help reduce the threat and impact of business identity theft:

1. Check your business’s bank and merchant accounts, especially credit cards and lines of credit for unauthorized charges.
2. Create a unique username and password for your businesses with the office of the Secretary of State, and request account alerts whenever business details are changed.
3. Keep sensitive business documents in locked files with limited access.
4. Review your business network’s status and ensure all software and hardware updates have been implemented.
5. Set up a Virtual Private Network to prevent remote workers or traveling employees from transmitting company information over unsecure networks.
6. Ensure all sensitive documents are shredded before going into a recycling bin.

How protected is your business?

Now would be a good time to reassess your business’s daily practices for handling your business information, from credit and bank information, to the names of employees and former employees.

As this article mentioned, there is a lot to lose to identity thieves. If you’re not doing all you can to stop them, they may exploit the weaknesses in your security habits and policies.

For more information on protecting your business from identity theft and other dangers, visit the Business Insights page on the Banc of California website. It provides valuable information from business experts on a variety of topics related to cybersecurity.