What is Business Identity Theft?
Business Identity Theft (also known as corporate or commercial identity theft) is a new development in the criminal enterprise of identity theft. In the case of a business, a criminal will hijack a business’s identity and use that identity to establish lines of credit with banks or retailers. With these lines of credit, the thieves will purchase commercial electronics, home improvement materials, gift cards, and other items that can be bought and exchanged for cash or sold with relative ease.
The damage can be devastating to the victim’s business. Additionally, business identity theft can damage the victim’s credit history and can lead to denial of credit, and operational problems. The cost to clean up and correct the damage can be hundreds of dollars and hours of lost time.
Business Identity Theft can impact many areas of your business including:
1. Not having a plan in place regarding Business Identity Theft.
a. Not having a person in the company that is responsible for information and data security.
b. Not have an information security policy written and circulated among staff.
2. Inadequate protection of both corporate and personnel records.
a. Written documents and files are open and easily accessible.
b. Electronic files in hard drives and servers don’t require passwords.
3. Inadequate online protection.
a. Not defining who has access to what data on the website both front and backend.
b. Not having proper security on – online websites ie. login hierarchy for data access.
Tips on Preventing and Detecting Business Identity Theft
The goal of preventing identity theft is to put in place the best possible “lock” to defend against thieves. However, preventing identity theft is like deterring any other crime: there are no 100% foolproof methods to prevent it from occurring. If those locks fail, the goal is to detect the theft as quickly as possible so that corrective action can be taken.
The following tips will help you prevent business identity theft and detect theft in the event that your business’s identity is stolen.
Have a Plan to deal with Business Identity Theft
A business plan is a critical component of operating and running a successful business. An important, and often overlooked, aspect of a business plan is a security strategy that deals with a potential business identity theft. Create a business protection plan that includes steps to prevent,protect and deal with identity theft.
Protect Your Business Records and Information
Although identity theft can be a high-tech crime affecting those people who shop, communicate, or do business online, the majority of identity theft takes place offline. Stealing wallets and purses, intercepting or rerouting mail, and rummaging through garbage are some of the common tactics that thieves use to obtain sensitive information.
Therefore, it is important to maintain only those records that are necessary to run or operate your business and to shred those records that are not necessary. If you have not done so, take an inventory of the documents that you maintain. The inventory will help you determine your exposure to risk and to then manage that risk.
Any documents or records that you must retain should be kept in a secure location. You should also limit the amount of mail and paper with financial information printed to reduce the chance of criminals stealing it. If possible, you should consider signing up for electronic statements on bank accounts, credit cards, and bills whenever possible.
Never provide an employer identification number (EIN), social security number, financial information, or personal information to anyone unless you have initiated the contact and have confirmed the requesting business or the person's identity.If a credit or debit card is lost or stolen, cancel the card immediately. Also, if a check is not processed in a reasonable amount of time, contact the payee and consider canceling the check.
Finally, if you reach the point of moving on or retiring from your business and dissolve your business, contact the credit reporting bureaus to notify them that you are closing your business and will no longer be applying for credit.
Protect Your Business Online
Do not share financial documents, sensitive personal information, or account numbers via e-mail or other Web-based services. If you must provide this sensitive information over a website, ensure that the site is secure. A secure website is indicated with “https” in the website’s URL.
Business Records Filed with the Secretary of State
If you have registered your business with the Secretary of State, you should do the following:
• Maintain the “Good Standing” or “Effectiveness” of the business;
• Note your reporting or renewal month on a calendar;
• Timely file your reports or renewals;
• Sign up for e-mail notification for your entity or trade name.
• Periodically check your entity’s or trade name’s history.
The best method to detect possible business identity theft and business fraud is to monitor activity around your business.
•Monitor your business’s credit report and, if possible, sign up for a credit monitoring service.
•Subscribe to the Secretary of State’s business entity e-mail notifications service.
•Sign up for e-mail alerts for your accounts.
•Monitor your accounts and bills. If an unexpected bill, charge, credit card, or account shows up or a regular bill doesn’t arrive, contact the billing company.
Information for Victims of Business Identity Theft
Resolving the problems caused by identity theft is a time-consuming process that will require patience and focus. When resolving identity theft problems, government agencies, financial institutions, and the credit bureaus commonly suggest the following steps:
1. Immediately contact your bank(s) and credit card provider(s).
2. Immediately report any issue to the credit reporting agencies: Dun & Bradstreet, Equifax, Experian, and TransUnion.
a. You should speak to the business fraud department at each credit bureau. The credit bureaus can put a "fraud alert" on your file that will tell creditors to contact you before they open any accounts in your name.
i. Dun & Bradstreet: 1-800-234-3867
ii. Equifax: 1-800-525-6285
iii. Experian: 1-888-397-3742
iv. TransUnion: 1-800-680-7289
b. Compare the EIN of the hijacked business to the EIN of your business. Report any discrepancy to the credit reporting agencies.
c. You may also want to contact a list of other business credit reporting bureaus. A list of some of the other top business credit reporting bureaus is available at http://bit.ly/bizcreditbureaus.
3. File a report with local law enforcement and the State Attorney General's office.
4. Contact other creditors and billing companies to notify them of the business identity theft.
5. Correct any incorrect information filed with the Secretary of State by filing a Statement of Correction.
a. You may wish to include information in an attachment to the Statement of Correction that your business was the victim of identity theft.
6. Document all contacts and take notes about the conversations. Ask for names, department names, and phone extensions, and record the date you speak with each person.
7. Follow up. Make sure creditors and credit reporting agencies receive everything they have requested. It is always a good idea to place a follow-up call or send a letter for confirmation.
8. Don’t throw away files. Keep all notes and correspondence in an accessible file in case they are needed in the future.
9. Continue to monitor your accounts and credit report.
Protecting Your Customers
When thinking about identity theft, a business must also think about protecting the personal and sensitive information of its customers. The following resources will help you protect your customers’ personal and sensitive information:
“Facts for Business” from the Federal Trade Commission http://www.ftc.gov/bcp/edu/pubs/business/idtheft/bus59.shtm
FTC’s Business Identity Theft http://www.ftc.gov/bcp/edu/microsites/idtheft/business/index.html
“Protecting Personal Information: A Guide for Business”http://www.ftc.gov/infosecurity/
Return to the top - Business Identity Theft
Back to Types of Identity Theft
Back to the Home Page