Business Identity Theft – A Must Read for Small Business Owners!

Last Update: August 31, 2021 Fraud Identity Theft

Businesses are NOT excluded from identity theft threats.

As a business owner, it is your responsibility to protect your company from countless types of fraud. This is not easy to do when you are unsure of how these fraudsters work. Even worse, there is a lack of consistent information that you can find on this subject on the Web.

But we are going to outline the following clearly:

  • The types of identity crimes that occur against businesses,
  • How fraudsters manage to pull off these crimes,
  • Reliable internal security protocols to follow,
  • What to do if your business gets attacked, and,
  • Whether a business ID theft protection plan really helps.

That’s a lot to cover, so let’s get started!

What Types of Business Identity Theft Exist?

Identity thieves know no boundaries, and as the saying goes, “Where there is a will, there is a way.”

The only way to spell out the types of business identity theft is to look at these fraudsters’ common methods.

1. Impersonation with the intent of forging and cashing out new credit lines.

Individuals are not the only ones with unique identifying numbers; a business’s EIN (Employer Identification Number) is just as sensitive. If a fraudster obtains it, then it’s just a matter of time before the fraud starts.

In fact, all an identity thief needs to impersonate a business and defraud funds is the business’s EIN, physical address, and legal name. This is why your EIN is such a sensitive piece of information, as the other two pieces of information are available through public records.

Your business’s EIN is used for many reasons, such as to open a new company bank account, to process W-9 forms, and to report taxes and wages. There are many other examples; in the end, there is quite a paper trail leftover.

2. Breaking in through the owner’s personal information.

An identity thief could use the business owner’s personal information to defraud the business. This would be a more extensive crime in most cases and often requires ID cloning and personal impersonation. It could also be targeted at other high-level staff members.

With the fraudster pretending to be the business’s owner, it becomes easy to gain access to its finances. The fraudster can then obtain many new cards and loans in both the company’s and owner’s names.

Personal information is partially shown through the public records of your business. As such, it’s important to know how to protect yourself from such a security breach.

3. Theft of sensitive documents or company credit cards.

All it takes is for one piece of paper to end up in the wrong hands, whether misplaced or taken. From there, that person has the power to defraud your company into oblivion. In fact, it does not have to be physical documents they steal — virtually stored or transmitted information about your business can be just as dangerous!

Remember, there are many new faces you learn to trust when you start a business. There is no guarantee that you will not hire a ‘bad apple’ at some point. This could be your upper management staff members or even the janitor that comes in to clean at night.

You must always:

  • Keep sensitive paperwork locked and secure,
  • Be cautious of who has access to such information,
  • Make a note of anything you entrust an employee with, and,
  • Avoid e-filing sensitive data on minimally secure workplace servers.

Even more, it’s important to shred before disposing of any sensitive cards or paperwork. Dumpster divers often target businesses, and you do not want such a simple lapse of judgment causing serious problems for your company.

GFI published a whitepaper detailing how small business owners can build secure workplace platforms. It also gives a lot of insight into technical tactics used by cyber fraudsters, so it’s a worthy (but long) read.

And if you are not scared of cyber threats, you really should be — we covered social engineering identity theft recently and found a few interesting cases.

The most notable takeaway was that it’s not just about what the business owner does to protect their company. If just one employee’s e-mail gets hacked, it could spiral into a horrible mess — even if they do not have a security clearance, the fraudster could impersonate them to steal information or more accounts. If you think your employees would not be so gullible, think again.

How Can You Prevent Business Identity Theft?

The unfortunate fact is that it’s even harder to guarantee protection against business identity theft than it is against yourself. Too many variables are out of your control, and even the best ID protection plan cannot stop your employees from falling prey to fraud.

However, there are certain things you can do to step up your security, and by taking these steps, there will be fewer ‘easy ways’ for fraudsters to target your company.

Here are some good tips:

  • Get company bank account statements digitally instead of through the mail,
  • Have an IT guy onboard that you can actually trust to maintain network security,
  • Keep up-to-date with the latest online security risks,
  • Manage internal communications through internal servers,
  • Avoid sharing sensitive files and information over the Web, and,
  • Notify the bureaus if you ever end your business venture.

Of course, there are just some of the many things you can say about preventing business identity theft. What really matters is that staff knows how to stay safe, which involves understanding how to handle sensitive information. Use the appropriate training materials to ensure your employees know how to handle themselves; there are various security standards at state and federal levels.

We also recommend getting your employees to sign the Non-Disclosure Agreement (NDA) forms for safety purposes. This will ensure that they are rightfully convicted if they spread any sensitive information to fraudsters that lead to a fraud attack.

What might be more worried is that your business’s credit report is behind a door with no locks, and within it is a master key. You will understand why in a moment.

Identity Theft and Business Credit Reports

Your business’s credit report is available for anyone to access, supposing they are willing to pay the cost to pull the file. They can do this through any credit bureaus, including Dun & Bradstreet, Equifax, Experian, and TransUnion.

If you are not yet in business or have not heard of Dun & Bradstreet, they are basically the credit report bureau and verification service for businesses; they do what the other three do for individuals but are for companies instead.

Also, if you do not know what a business credit report really contains — here it is:

  • Company Profile. Basic information about your business, including contact details and the physical mailing address.
  • Credit Overview. The summary of all the company’s accounts, including bank, credit, supplier, and service provider accounts.
  • Public Records. The business’s registration details, judgments, tax liens, or bankruptcies are filed with the Secretary of State.
  • Other Company Details. Some examples include other company names, the owner’s names (s) and the guarantor(s), and comments from businesses and/or creditors.
  • Business Credit Score. This credit rating indicates how likely your business will run three months late on a payment or have a debt charge-off within the next year.
  • Business Failure Score. This credit rating indicates how likely your business will fail within the next year, whether from a formal or informal liquidation.

These are the main pieces of data that you are likely to find but remember. It can vary a lot depending on which credit bureau you request your credit report from.

Here are five fast tips:

  1. As the business owner, you might want to place a credit freeze on your own credit report.
  2. Avoid using personal credit cards for business expenses and vice versa.
  3. Inquire to your company’s card issuer over unsuspected charges of all sizes.
  4. Check your business and personal credit report at least once every four months.
  5. Jot down all open accounts and cards in case you have to notify of suspected fraud.

And speaking of taking action, you also need to know how to do that if you suspect your company got targeted.

What Must Business Identity Theft Victims Do?

The specific process will vary depending on the business’s situation, but here’s a general outline of a business owner’s steps.

#1 – Notify your bank and creditors about the suspected fraud to put a freeze on your current accounts.

#2 – Notify all credit report bureaus — Dun & Bradstreet, Equifax, Experian, and TransUnion.

#3 – File a police report in the jurisdiction of your business and with the FTC.

#4 – Notify the rest of your creditors, service providers, etc., of the financial pause.

#5 – Draft up and send the ‘Statement of Correction.’

#6 – Maintain records of all communications, whether suggestive or not.

#7 – Once all is processed, check your credit report for an update.

#8 – Keep all records about the incident stored away somewhere safe.

#9 – Start monitoring your business credit report regularly.

Would Business Identity Theft Protection Save You?

It’s funny because identity theft victims often look at ID theft protection as nothing more than a scam — until they become victims themselves and truly learn how these services work.

There are many parts of personal identity theft protection that we do not like. Particularly, it’s senseless to pay for so many protective features that are free to manage on your own.

However, the circumstances are a little different when it comes to investing in business identity theft protection.

Doing so will grant you the following key benefits:

  • Immediate alerts whenever an identity theft attempt is suspected,
  • More frequent access to your business’s credit report,
  • Easier to catch stolen information that’s sold in black markets,
  • A speedier recovery with customer victim protection after a data breach, and,
  • Protection for not just the company but also the business owner.

This is just a scratch at the surface of what a business identity theft protection plan can do for your company. If you are interested in learning more, see what iDefend Business does to protect businesses from identity theft.

Note: We by no means are giving our recommendation for this service provider (review to come), but they have many of the features you should want. Above all else, you must make sure to avoid the ‘business protection plans’ that really work for data breach situations and very few other circumstances.

Conclusion: Your Business is at Risk!

With so much time spent chasing profits, it’s important to slow down for a minute and focus on preventing the things that could wipe out all your hard work. One of those is an identity theft situation that leads to major frauds against your business’s valuable accounts.



Recommended Articles