Businesses are NOT excluded from identity theft threats.
As a business owner, it is your responsibility to protect your company from countless types of fraud. This is not easy to do when you are unsure of how these fraudsters work. Even worse, there is a lack of consistent information that you can find on this subject on the Web.
But, we are going to clearly outline the following:
- The types of identity crimes that occur against businesses,
- How fraudsters manage to pull off these crimes,
- Reliable internal security protocols to follow,
- What to do if your business gets attacked, and,
- Whether a business ID theft protection plan really helps.
That’s a lot to cover, so let’s get started!
What Types of Business Identity Theft Exist?
Identity thieves know no boundaries and as the saying goes, “Where there is a will, there is a way.”
The only way to spell out the types of business identity theft is to look at the common methods these fraudsters use.
1. Impersonation with the intent of forging and cashing out new credit lines.
Individuals are not the only ones who have unique identifying numbers; a business’s EIN number (Employer Identification Number) is just as sensitive. If a fraudster obtains it, then it’s just a matter of time before the fraud starts.
In fact, all an identity thief needs to impersonate a business and defraud funds is the business’s EIN number, physical address, and legal name. This is why your EIN number is such a sensitive piece of information, as the other two pieces of information are available through public records.
Your business’s EIN number is used for many reasons, such as to open a new company bank account, to process W-9 forms, and to report taxes and wages. There are many other examples; in the end, there is quite a paper trail leftover.
2. Breaking in through the owner’s personal information.
An identity thief could use the business owner’s personal information to defraud the business. This would be a more extensive crime in most cases and often requires ID cloning and personal impersonation. It could also be targeted at other high-level staff members.
With the fraudster pretending to be the business’s owner, it becomes easy to gain access to the business’s finances. The fraudster can then obtain many new cards and loans in both the company’s and owner’s name.
Personal information is partially shown through the public records of your business. As such, it’s important to know how to protect yourself from such a security breach.
3. Theft of sensitive documents or company credit cards.
All it takes is for one piece of paper to end up in the wrong hands, whether it was misplaced or taken. From there, that person has the power to defraud your company into oblivion. In fact, it does not have to be physical documents they steal — virtually stored or transmitted information about your business can be just as dangerous!
Remember, there are many new faces you learn to trust when you start a business. There is no guarantee that you will not hire a ‘bad apple’ at some point. This could be your upper management staff members, or even the janitor that comes in to clean at night.
You must always:
- Keep sensitive paperwork locked and secure,
- Be cautious of who has access to such information,
- Make note of anything you entrust an employee with, and,
- Avoid e-filing sensitive data on minimally secure workplace servers.
Even more, it’s important to shred before disposing any sensitive cards or paperwork. Businesses are often targeted by dumpster divers, and you do not want such a simple lapse of judgment causing serious problems for your company.
GFI published a whitepaper detailing how small business owners can build secure workplace platforms. It also gives a lot of insight into technical tactics used by cyber fraudsters, so it’s a worthy (but long) read.
And if you are not scared of cyber threats, you really should be — we covered social engineering identity theft recently and found a few interesting cases.
The most notable takeaway was that it’s not just about what the business owner does to protect their company. If just one employee’s e-mail gets hacked, it could spiral into a horrible mess — even if they do not have security clearance, the fraudster could impersonate them to steal information or more accounts. If you think your employees would not be so gullible, think again.
How Can You Prevent Business Identity Theft?
The unfortunate fact is that it’s even harder to guarantee protection against business identity theft than it is against yourself. There are too many variables that are out of your control — and even the best ID protection plan cannot stop your employees from falling prey to fraud.
However, there are certain things you can do to step up your security and by taking these steps there will be less ‘easy ways’ for fraudsters to target your company.
Here are some good tips:
- Get company bank account statements digitally instead of through the mail,
- Have an IT guy on board that you can actually trust to maintain network security,
- Keep up-to-date with the latest online security risks,
- Manage internal communications through internal servers,
- Avoid sharing sensitive files and information over the Web, and,
- Notify the bureaus if you ever end your business venture.
Of course, there are just some of the many things you can say about how to prevent business identity theft. What really matters is that staff knows how to stay safe and that involves understanding how to handle sensitive information. Use the appropriate training materials to ensure your employees know how to handle themselves; there are various security standards at both state and federal levels.
For safety purposes, we also recommend that you get your employees to sign Non-Disclosure Agreement (NDA) forms. This will ensure that they are rightfully convicted if they spread any sensitive information to fraudsters that lead to a fraud attack.
What might be more worrisome is the fact that your business’s credit report is behind a door with no locks, and within it is a master key. You will understand why in a moment …
Identity Theft and Business Credit Reports
Your business’s credit report is available for anyone to access, supposing they are willing to pay the cost to pull the file. They can do this through any of the four credit bureaus — which include Dun & Bradstreet, Equifax, Experian and TransUnion.
If you are not yet in business or have not heard of Dun & Bradstreet, they are basically the credit report bureau and verification service for businesses; they do what the other three do for individuals, but for companies instead.
Also, if you do not know what a business credit report really contains — here it is:
- Company Profile. Basic information about your business, including it’s contact details and the physical mailing address.
- Credit Overview. The summary of all the company’s accounts, including bank, credit, supplier, and service provider accounts.
- Public Records. The business’s registration details, as filed with the Secretary of State, any judgments, tax liens, or bankruptcies.
- Other Company Details. Some examples include: other names the company uses, the names of the owner(s) and the guarantor(s), and and comments from businesses and/or creditors.
- Business Credit Score. This credit rating indicates how likely it is that your business will run three-months late on a payment, or have a debt charge-off, within the next year.
- Business Failure Score. This credit rating indicates how likely it is that your business will fail within the next year, whether as a result of a formal or informal liquidation.
These are the main pieces of data that you are likely to find, but remember: it can vary a lot depending on which credit bureau you request your credit report from.
Here are five fast tips:
- As the business owner, you might want to place a credit freeze on your own credit report.
- Avoid using personal credit cards for business expenses and vice versa.
- Inquire to your company’s card issuer over unsuspected charges of all sizes.
- Check your business and personal credit report at least once every four months.
- Jot down any and all open accounts and cards, in the case you have to notify of suspected fraud.
And speaking of taking action, you also need to know how to do that if you suspect your company got targeted.
What Must Business Identity Theft Victims Do?
The specific process will vary depending on the business’s situation, but here’s a general outline on the steps a business owner would have to take.
#1 – Notify your bank and creditors about the suspected fraud to put a freeze on your current accounts.
#2 – Notify all four credit report bureaus — Dun & Bradstreet, Equifax, Experian and TransUnion.
#3 – File a police report in the jurisdiction of your business, and with the FTC.
#4 – Notify the rest of your creditors, service providers, etc., of the financial pause.
#5 – Draft up and send in the ‘Statement of Correction’ — processed at the state level.
#6 – Maintain records of any and all communications, whether suggestive or not.
#7 – Once all is processed, check in with the credit report bureaus for an update.
#8 – Keep all records about the incident stored away somewhere safe.
#9 – Start monitoring your business credit report on a regular basis.
Would Business Identity Theft Protection Save You?
It’s funny, because identity theft victims often look at ID theft protection as nothing more than a scam — until they become victims themselves and truly learn how these services work.
There are many parts about personal identity theft protection that we do not like. Particularly, it’s senseless to pay for so many protective features that are free to manage on your own.
However, the circumstances are a little different when it comes to investing in business identity theft protection.
Doing so will grant you the following key benefits:
- Immediate alerts whenever an identity theft attempt is suspected,
- More frequent access to your business’s credit report,
- Easier to catch stolen information that’s sold in black markets,
- A speedier recovery with customer victim protection after a data breach, and,
- Protection for not just the company, but also the business owner.
This is just a scratch at the surface of what a business identity theft protection plan can do for your company. If you are interested in learning more, see what iDefend Business does to protect businesses from identity theft.
Note: We by no means are giving our recommendation for this service provider (review to come), but they have many of the features you should want. Above all else, you must make sure to avoid the ‘business protection plans’ that really just work for data breach situations and very few other circumstances.
Conclusion: Your Business is At Risk!
With so much time spent chasing profits, it’s important to slow down for a minute and focus on preventing the things that could wipe out all your hard work. One of those is an identity theft situation that leads to major frauds against your business’s valuable accounts.