Business identity theft is a lot like jury duty—unexpected, time-consuming, and almost always inconvenient. Although there’s nothing you can do to prepare for business identity theft, there are steps you can take to mitigate the fallout once your business identity is threatened.
We’ll go through everything business owners need to know about business identity theft—what it is, exactly, how to protect yourself, and what to do if you’re a victim. After you go through this guide, you should feel more prepared to take on a challenge, even if you can’t see it coming.
What Is Business Identity Theft?
Business identity theft, also known as corporate or commercial identity theft, involves the illegal impersonation of a business (or a business’s employee) for criminal gain. That’s the key word to remember here: impersonation.
If you’ve ever had a credit card stolen—or owned a credit card, for that matter—you’re likely familiar with consumer fraud. But unlike this type of fraud, which involves the loss of strictly personal information, business identity theft is typically larger-scale and can trickle down to affect employees and clients alike.
It’s also worth noting that business identity theft can happen to any business, regardless of its size or legal entity. So, even if you trust your employees with your life or just installed high-end security software meant to protect all of your data, no business is entirely safe from identity theft.
What Business Identity Theft Is Not
For a clearer understanding of business identity theft, it’s helpful to understand what it isn’t.
- Business identity theft is not an information security breach, which refers to the loss or theft of a business’s or consumer’s sensitive information.
- Business identity theft is not employee theft, or when a current or past employee unlawfully abuses business assets.
- Business identity theft is not consumer theft, which involves an individual’s loss of personal information, financial or otherwise.
Why Does Business Identity Theft Happen?
Essentially, business identity theft occurs for the same reason that consumer identity fraud does—for the thief’s financial gain. Of course, businesses operate on much larger scales than individual consumers do, which makes businesses especially vulnerable to theft for a few reasons. The chief among them? It’s just a more lucrative pursuit for the criminal.
“Businesses usually have high credit limits, large bank accounts, and make large payments on a regular basis,” says Alayna Perhson, who writes about identity theft for Best Company. “All of these are great things for identity theft criminals, because they’re able to achieve more stolen wealth and [are] less likely to be noticed.”
Perhson also cites the trouble of today’s hyper-digital world, where business information is readily available for anyone with a computer: “Identity thieves don’t have to work as hard [as they once did] to obtain information they can use to steal the business’s identity.”
The Major Consequences of Business Identity Theft
When you’re building a business from the ground up, there’s high potential for growth—but that also means you’ve got a lot to lose. For younger companies, the financial consequences of business identity theft can be destructive.
“Business identity theft costs American companies billions each year,” says Jacob Lunduski, a financial industry expert at Credit Card Insider. In addition to the most obvious risk of income loss, some other major consequences associated with business identity theft include:
Late payments: If your business loses significant income, it could be difficult to pay employees and vendors, uphold tax obligations, or purchase supplies. You might be forced to cut back on operating expenses or let go of loyal employees, whose salaries are no longer within budget.
Negative credit reports: When identity thieves get ahold of business credit cards, there’s a good chance it will also impact your business credit score, a number that measures how trustworthy a business is viewed by creditors. For small business owners, who may be guarantors for business lines of credit, there’s an additional risk to their personal credit reports.
State and federal tax disputes: If your business identity is used to file a fraudulent tax return, you can expect to face serious disputes with the IRS and/or state tax agencies. Identity thieves are apt to target businesses—more so than individual taxpayers—as business tax IDs, profit margins and revenues are more easily accessible.
Business reputation: In business, relationships are everything. That’s why one of the biggest risks of identity theft is the way a business is perceived in the aftermath. “It can negatively impact cash flow and affect your business’s reputation with creditors, suppliers, and clients,” says Lunduski.
Personal liability: As a small business owner, any criminal breach to security could also put you at risk. Be extra cautious when disclosing personal information, as you’re a prime target for identity thieves, and know that you could be held accountable for any outstanding debt of credit cards or loans linked to you.
Top Small Business Scams to Watch Out For
Identity thieves prey on businesses of all sizes and industries, but there is considerable risk for small and newer businesses. Such businesses often lack the sophisticated security systems and infrastructure of more established corporations, which means they are more vulnerable to attack.
If you’re a new business owner, there’s also a good chance that you’re unfamiliar with the tactics that identity thieves commonly use. Here are some of the top small business scams to watch out for:
Fake invoices: Be wary of any invoices for services or goods that you never ordered or received, as well as duplicates of bills that you’ve already paid. This scam can also take the form of a phone call, under the pretense of confirming your company’s billing information.
Credit card processing: Many small businesses rely on credit card processing services to facilitate customer payments. Several of these are legitimate, but that isn’t always the case. “Some of these services are bogus or unlicensed companies that sign you up and then charge exorbitant fees or simply take your money,” says Justin Lavelle, the Chief Communications Officer of online background check platform BeenVerified.com. He warns that small business owners should always do research and check with their bank before working with a processor.
Wire transfers: One of the most common phishing scams is when an identity thief poses as a senior executive or CEO, requesting a wire transfer payment to an unknown account. Look out for emails marked with urgency, and never divulge sensitive company information electronically. Businesses that work with foreign vendors and/or regularly perform wire transfer payments are frequently targets of this scam.
Membership and service fees: In this scheme, identity thieves pose as official organizations and agencies to charge for phony membership fees, accreditations, and license renewal services.
How to Recover from Business Identity Theft If You’ve Been a Victim
If you’ve been a victim of business identity theft, don’t panic. First, you’re not alone—and you can recover. If you’ve identified that you’ve been the target of one of the above scams, or maybe something else entirely, and fear that your business information could have been compromised, you could be in danger of fraud.
These are the major things to know:
1. Collect as much information as you can.
If you’ve received a suspicious alert from the IRS or other financial institution, or if you’ve noticed suspicious behavior yourself, be reactive and respond immediately. Take notes, ask questions. The more information you can collect, the better. It’s crucial to take this time to understand the extent of the fraud, as well as any gaps in security that could have made your business vulnerable.
2. Document your case.
Once you have more information about the scope of the damage, go ahead and file a report with local police and submit a complaint with the Federal Trade Commission. You’ll also want to close any accounts that have been illegally opened or otherwise affected.
3. Alert the business credit bureaus.
Lastly, be sure to place a fraud alert with one of the three major business credit bureaus: Experian, Equifax, or Dun & Bradstreet. “This ensures that the business will be advised prior to any credit requests, eliminating the possibility for a fraudster to open credit in the business’s name,” says Credit Card Insider’s Lunduski.
How to Protect Yourself from Business Identity Theft
It’s true that sometimes the best defense is a good offense. But as much as you want to know how to be reactive, you should understand how to be proactive, too.
Rather than sit back and hope your company evades identity theft, take action. Here’s what you can be doing regularly to ensure that confidential business information remains confidential.
1. Keep a low profile.
This one might seem obvious, but it’s worth mentioning: You shouldn’t share anything about your business, online or in public, that could put the company at risk. Set guidelines for employees—especially those who are active on social media—and spend time training your team on the common identity theft schemes to avoid.
BeenVerified’s Lavelle adds, “Never give information or allow employees to give information to someone you don’t know. Always carefully check credentials first.”
2. Stay vigilant.
One of the best ways to protect your business from the risk of identity theft? Always be prepared. This means regularly reviewing and reconciling all account statements, credit reports, and business registration information (for both active and closed accounts).
Robert Siciliano, a security analyst for Hotspot Shield, recommends taking your watchfulness one step further. “The big thing is to hire forensic accountants to look at your books,” he says. “And frequently.”
3. Invest in security.
You know better than to give out information to anyone who asks for it, but sometimes gaps in security are beyond human control. An investment in strong cyber security software can go a long way when it comes to protecting your business from identity theft.
Keri Lindemuth of Kyle David Group, a high technology consultancy firm, advises her clients to invest in cyber liability insurance. “[It’s] one of the most important things businesses can do to protect themselves from corporate identity theft.”
Insureon, the online insurance agency that caters to small businesses, reports that the average cost of a small business data breach is a startling $38,000. Another report from cybersecurity and anti-virus provider Kaspersky Lab estimates an even higher average, at $86,500.
“Cyber liability insurance helps business pay the steep costs that come with data and identity theft,” says Lindemuth. “Most businesses close permanently after a data breach because they can’t afford to pay high recovery and rebuilding costs. Cyber liability insurance can help prevent this.”
Annual premiums for this type of coverage can range between $1,000 and $7,500. Reach out to an insurance broker or agency to learn about the different plans and find one that fits your business needs. Whether you need cyber protection or not, it’s a good idea to have a form of liability insurance in place.
4. Talk about your experiences with business identity theft.
Remember that you’re not the first business to experience identity theft—nor will you be the last. Try connecting with fellow small business owners to get advice and trade resources.
At work, encourage an open dialogue between your management team and employees. Allow them to ask critical questions about ongoing security threats, and hold training sessions to review company protocol. Unless you’re the sole proprietor and employee, you’ll always face internal threats to your business security.
The best thing you can do to reduce that risk? Take the time to talk about it.
What to Remember About Business Identity Theft
Although it happens to businesses of all sizes, business identity theft is a major risk for small business owners—so it’s especially important for you to know the implications. A single lapse in security could be volatile, leading to any one of these consequences: significant income loss, late payments, negative credit reports, serious tax disputes, diminished company reputation, and personal liability.
If it happens to you, try not to be discouraged and remember that you have recourse. Be reactive, taking the time to respond to immediate concerns while gathering information about the attack, and be responsible, closing all affected business accounts and filing the appropriate reports. And stay vigilant, remembering that your gut is your best judge of all.