Think identity theft only impacts individuals? Think again.
Identity theft is no longer only a consumer crime. In fact, according to identity theft statistics by White Canyon, the average loss to consumers totals $5 billion annually; the loss for businesses, on the other hand, amounts to about $47.6 billion a year – with organizations of all shapes and sizes being impacted.
And yet, “business identity theft is incredibly underreported,” according to Hugh Thompson, a professor at Columbia University who chairs an annual conference on security. In some instances, larger companies may not notice smaller breaches until well after the fraud has been committed. Other small and mid-size businesses often don't report breaches at all out of fear that their operations will be harmed by negative publicity.
Business Identity Theft Defined
Business identity theft involves the actual impersonation of the business itself and is typically more severe than personal identity theft – so much so that some organizations do not survive it. It can take many forms, but often occurs through the theft or misuse of key business identifiers and credentials, and manipulation or falsification of business filings and records.
The perpetrators of business identity theft are not all faceless strangers on the Internet. Oftentimes, it’s an employee or ex-employee who is committing the crime. For example, a dishonest employee may tap into a business’s line of credit in order to purchase personal goods or inform customers of a new address to send payments to, only to steal the funds sent.
Opportunists or petty criminals are also a threat, as are competitors, international governments and other third parties. For instance, they may scam employees or use ‘phishing’ attacks to gain access to an organization’s credit or business banking information. The criminals involved may not use the information for months or even years after collection, making it difficult to determine when and where the illicit activity started.
Other common tactics used for stealing business identities include:
• Ordering goods or services using a stolen credit card or with phony bank account details in the name of a victimized organization.
• Going through a company’s garbage and recycling bins, also known as dumpster diving, in search of account numbers and other sensitive data.
• Using computer software, scanners and printers to create professional looking financial documents on corporate letterhead.
• Filing fake documents with governmental agencies to change an organization’s registered address or the names of company directors so thieves can establish lines of credit.
• Stealing cellphones and computers, which are often loaded with stored information including passwords and pin numbers.
Why are More Businesses Being Targeted for Identity Theft?
Thieves have learned that unsuspecting organizations are easy and oftentimes more lucrative targets when compared to individuals. Not only do businesses have larger bank balances, but it’s simple to open a new account for a business and larger purchases can be made without as many questions. Businesses also enjoy far more flexible payment terms that enable them to receive goods or services first and then pay later, within a certain period of time.
In addition, business information is easily accessible and more widely distributed than ever before because of technology. As a result, more people (employees, customers and vendors) have access to financial data, including checks, invoices and other business documents.
Also, most businesses have multiple credit cards, many of which aren’t monitored as closely as personal ones, making them prime targets. What’s worse is that businesses don't have protection like individuals do, so they are not reimbursed for fraudulent charges when they occur.
What’s Being Done to Stop This Growing Trend?
Business identity theft is difficult to investigate and prosecute because criminals can cover their tracks with technology. Also, many times, these crimes occur across state lines and even around the globe, hindering prosecution further.
Former FBI Special Agent and Senior Manager of Financial Forensics for Lakelet Financial Forensics Group Timothy B. Crino remarked, "Sophisticated thefts of a business's identity can be difficult to detect, investigate, and ultimately resolve. It takes a business-savvy knowledgeable and experienced fraud examiner or investigator to determine the means and scope of the fraud. This investigation must then be followed by a concerted effort- by both the examiners and company management- to reach not only the desired outcome, but more importantly, the implementation of the checks and balances necessary to ensure that it does not happen again."
The FBI currently has four units to investigate financial fraud: The Economic Crimes Unit, Health Care Fraud Unit, Financial Institution Fraud Unit and the Asset Forfeiture/Money Laundering Unit. Ultimately, though, it’s up to the businesses themselves to protect their corporate identities.
The following strategies can help:
• Monitor all your financial accounts and bills. If there is an unexpected charge or credit, or bank account, or a regular bill doesn’t come in the mail, contact the organization immediately.
• Use one of the many credit-monitoring bureaus, such as Experian, TransUnion, or Equifax, to monitor your business’s credit report.
• Secure sensitive financial data in password-protected files or under lock and key.
• Ensure transmissions are secure when you have to provide financial or business data over the Internet or via email.
• Shred all financial documents before discarding them.
• Check your business filings with the Secretary of State’s office at least once a year to ensure no changes have been made without your authorization.
• Maintain a safe and secure operating system and run computer virus protection software.
If you believe you are a victim of business identity theft or if you would like help in this area, please contact Lakelet Financial Forensics Group. A significant portion of our financial forensics engagements relate to criminal matters arising in the aftermath of fraud.