How Identity Thieves Target Businesses

Businesses are not exempt from identity theft

Identity theft keyboard
Getty Images/Peter Dazeley

You would think that since a business isn't a person, identity theft would not be an issue. However businesses do have an identity, and they can be victimized by an identity thief just like a person can.  Every American business has its own Social Security number (called a Federal tax ID, Employer Identification Number, or EIN) that can be stolen by an identity thief. Corporate identity theft (or business identity theft) can close your business' doors.

Worse, you can become personally liable for a thief's actions if your business isn't structured to protect you from that risk.

Is Your Business a Tempting Target?

There are many reasons an identity thief may choose to target a business.

  • Even small companies tend to have generous credit terms and are not necessarily monitored as closely by the bank since banks expect companies to make large-ticket purchases.
  • Some companies have several credit cards on a single account and don't bother looking over the itemized list of charges before they pay the bill.
  • It's relatively easy to collect information about a public business. For example, most companies display their business license in the lobby, sometimes because they are required by law to do so. Getting a company's EIN is fairly simple since it's public record. This may even be available online.
  • It's easy for an identity thief posing as a business to get a line of credit with another company. Sometimes all it takes is a request on your company's letterhead (also easy to obtain,) that includes the business license number and tax ID.

    Together, these factors make your business a very tempting target.

    A Case Study

    When an identity thief attacks a company, they can hit hard and fast. The case of Village View Escrow, Inc. is a perfect example. An identity thief was able to hack into their computers, and in less than two days the company lost almost $500,000.

    Although the owner of the company could not recall a single international transfer in the previous two years, Professional Business Bank (now Bank of Manhattan) allowed 26 of them to go through without even calling to ask about the unusual activity.

    This is precisely the sort of activity that the Red Flags Rule requires financial institutions to look out for. Unfortunately for Village View, although Professional Business Bank was either unable or unwilling to help with the problem. Four months after the loss, the company has found very few resources that would help. The owner had no choice but to let employees go, and even decline her own salary in an effort to keep the doors open.

    Why Is It So Hard to Protect Businesses from Identity Theft?

    Few business owners know about or think about identity theft, in part because it's rarely discussed in business school or even online. The reason nobody is talking is simple: nobody can figure out how to stop it.

    A good deal of business identity theft is committed by individuals or organizations that are outside of the United States' jurisdiction. The problem moves from a financial arena to the business world and crosses over to become a legal problem.

    But once it goes international, politics come into play as well.

    From the company's perspective, there are few things that can be done to help protect against business identity theft. Investing in a good IT staff will help, but any senior computer tech will tell you companies don't want to invest in technology as long as their network is running. Data encryption can help protect your information but can be costly to implement. Identity theft insurance is geared almost exclusively to the individual.