Entrepreneurs are vulnerable to scammers fraudulently using their identities just like the rest of us. But for business owners, the stakes can be greater. Here’s how crooks target businesses and what you can do to prevent business identity theft.
But for business owners, the stakes can be greater, as they can also be affected by business identity theft.
Most people think about identity theft happening to individuals, but it can also be a big risk for small businesses, says Mary Ann Strout, senior product manager for Experian Business Information Services.
Business identity theft occurs when a criminal uses information from the business such as its employer identification number (EIN), state business registration or credit profile to impersonate that business and commit fraud.
A scammer might set up wire transfers out of the company’s accounts, open new business entities in the business’s name, issue fake invoices or even charge thousands of dollars of equipment on the company’s credit card.
“The modern-day criminal has realized that businesses have more data than an individual to take advantage of, so they want to get to the business entity, not just to the owner,” says James Harrison, CEO of Invisus, a company that provides cybersecurity solutions for businesses.
A scammer may also be able to do more damage through business identity theft than he would by targeting a consumer, since businesses are likely to make multiple transactions in the normal course of business.
Nightmare for businesses, gold mine for scammers
The consequences of business identity theft can be catastrophic for a small firm. Not only might it cost the business income, but it could hurt the business’s credit score and lead to trouble with the IRS.
If a business faces significant cash flow issues as a result of business identity theft, that might cause it to default on other financial obligations, which could in turn further harm the company’s reputation.
Once scammers get what they can from the company, they may set their sights on employees and customers by selling their personal data, which puts them at risk of personal identity theft, Harrison adds.
Business identity theft probably happens more frequently than we know because many business owners don’t want potential customers to know they’ve been a victim, says Mary Ellen Seale, founder of the National Cybersecurity Society, an organization that focuses on keeping small businesses safe online.
Assessing the risk
While no company is 100% safe, a business’s risk may vary based on the number of employees it has and the number of customers it serves.
For example, “a small mom-and-pop flower shop is generally mostly concerned about credit card fraud versus a small real estate firm that might have thousands of customers and lots of sensitive information,” says Robert Siciliano, a cybersecurity expert for financial services company ETFMG.
In some cases, businesses can become victims through no fault of their own, Seale says. A lot of information about businesses is public record, such as business licensing and registration data. Also, many states are woefully behind when it comes to having systems in place to protect sensitive information about the companies in that state, Seale says.
While there are protections in place to protect consumers, the same doesn’t hold true for businesses, Seale adds.
”If you have a fraudulent charge on your Visa, you just call up your bank and say, ‘Hey, I didn’t charge this,’ and they immediately take it off thanks to the Fair Credit Reporting Act,” she said. “Well, businesses can’t call the bank because the bank is going to say, ‘prove to me that you didn’t make that charge or that one of your employees didn’t do that.’”
What to do if you become a victim
If you think you’ve been the victim of business identity theft, take these steps as soon as possible:
- Report it to the proper authorities. Gather as much information as you can about the incident and file a report with the police. Also contact the IRS if someone has fraudulently used your EIN or if you’ve received any suspicious notices from the IRS.
- Contact the business credit bureaus. You can place a fraud alert on your business credit file with the business credit bureaus – Equifax, Experian and Dun & Bradstreet. “This extra precaution will notify the potential lender that they should take additional steps to verify your identity before granting any new line of credit in your business’s name,” Strout adds.
- Monitor your business credit report. Monitoring services like Experian’s Business Credit Advantage will allow you to spot unusual activity such as new accounts, new business information or inquiries, Strout says.
Ways to prevent business ID theft
While you can’t eliminate your risk of being targeted, there are steps you can take to minimize the risks.
- Take security precautions. Shred documents that have sensitive information and make sure staff members understand the importance of using strong passwords and updating them frequently.
- Use cybersecurity software on computers. Other ways to protect yourself include using two-factor authentication and making sure Wi-Fi connections are properly encrypted, Siciliano says.
- Use the expertise of professionals. Have a business credit monitoring service look out for any changes to your business’s credit and watch out for business identity theft. Another option is to have a cybersecurity professional do an assessment of your business’s risks, Harrison suggests. “Get the data, understand where you’re at and then you can make smart decisions on moving forward.”