Business ID Theft 101: Part 2
In Part 1 of our Business ID Theft series, we looked at how business identity theft is much like personal identity theft. Let’s review some key points:
Business identity theft and data breaches are not the same. Business identity theft requires the “actual impersonation of the business itself.”
Stealing your business’ identity allows criminals to open new lines of credit, bank accounts, apply for loans and make fraudulent purchases in your business’ name.
Identity thieves keep coming up with ways around existing protective measures put in place, as well as exploit loopholes in filing processes to carry out their crimes.
Business identity theft can ultimately lead to business failure. A study found that 60 percent of victims go out of business within one year.
Now that we understand what business identity theft is, let’s talk about how criminals go about committing it. This type of crime targets certain companies for a variety of reasons. However, the goal for any identity thief is to misuse the information — while remaining undetected — for as long as possible. Thus, criminals have come up with ways to outsmart existing systems in place, as well as create new routes to a business’ sensitive information.
Let’s explore four ways that criminals can obtain your business’ sensitive information and victimize you and your business through business identity theft:
#1: Technological advances
Fraudsters also utilize legal services to facilitate their business identity theft schemes. Virtual offices and virtual telephone services – used legitimately for remote and cloud-based businesses or overseas communications – help criminals maintain fake business facades without ever having to show their face.
Virtual telephone services (VOIPs) give users the ability to make calls over the Internet instead of through a telecommunications company. Consequently, criminals manipulate phone numbers to appear as local numbers to carry out their identity theft schemes from virtually anywhere in the world.
#2: Ambiguous addresses
Businesses that reside in large industrial complexes or multi-floor buildings can be first picks in business ID theft schemes. Criminals can closely replicate company addresses to redirect sensitive mail to themselves. They can also rent building space to maintain a physical presence through fake offices and phone lines.
Physical address scams highlight a weak link in transaction and application processes, which only require an applicant’s address to meet “exact match” requirements – address line 1 and zip code. While “exact match” is used to spot obvious cases of misused addresses, criminals can easily stay under the radar by modifying the information in the second address line, often not considered when determining “exact match.”
#3: Public business records
Identity thieves can easily evade the Office of the Secretary of State by manipulating existing information on registration applications. A study conducted by the National Association of Secretaries of State’s Business Identity Theft Task Force found that 83 percent of Secretary of State offices do not track business identity theft complaints. What’s more is that 29 percent of offices noted the lack of state laws surrounding business identity theft.
More than 25 percent of fraudulent applications used some form of recycled business information. Criminals take advantage of most states’ “good faith” filing systems – only requiring forms to be completed and submitted, and all filing fees to be paid.
Good Faith Filing: if all basic filing requirements are met, the Secretary of State must accept the information filed about a business at face value and record it.
Source: Business ID Theft
Business credit reports – necessary because companies often extend credit to one another – are also another source of sensitive information that criminals turn to when attempting to steal your business’ identity.
Like people, businesses must provide sensitive identifying information to apply for loans or open lines of credit. Instead of Social Security numbers, creditors and lenders will request a business’ Employer Identification Number (EIN) in addition to account numbers, trade information and even the owner’s personal information.
Unlike personal credit reports, business credit reports are available to anyone who wants them. While these records remain public to maintain transparency amongst businesses, it also leaves sensitive information exposed and easily obtained by identity thieves.
#4: Dissolved businesses
Your business doesn’t have to be in operations for criminals to target it. A dissolved business is one that has either chosen to discontinue business or that has failed to comply with its legal obligations. While varied state-by-state, companies typically have up to two years to reinstate a dissolved business.
Fraudsters rely on the fact that owners are not likely to continue monitoring a dissolved business’ records. However, dissolved business records are still public record. Criminals can easily find and reinstate businesses to carry out their fraudulent schemes – without the prior owner’s knowledge.