Business identity theft is the business variation on personal identity theft–vital business information, such as your officer’s names and your federal tax employer identification number, are misappropriated (stolen, to be blunt). And, business identity theft can be ridiculously easy to accomplish, by using information that is required to be made public and capitalizing on the secretary of state’s “good faith” rules of operation.
Business identity theft is not about “data breaches” per se, although data breaches can provide evil-doers with valuable information to exploit. (We covered that topic earlier in “Don’t Be the Target of a Data Breach.”) It’s also not “brand-jacking.” Brand-jacking is the exploitation of your online brand identity—and good name—for a variety of malicious reasons: to tarnish your reputation, to trick online viewers to ordering cut-rate goods that they think are your products, to steal information from job-seekers who believe they are applying for a job with you. Brand-jacking can strike any size company and we are going to be focusing on how to protect yourself from that risk in a later blog post.
Corporations and LLCs are easy targets because much of the information the criminal needs is required to be publicly available on the secretary of state websites. Other information, such as EIN numbers are often available online or via a request with no checks and balances to determine there is a valid need for the disclosure. While some states, such as Colorado, Georgia, Ohio and Oregon, permit a business to sign-up for an electronic notification whenever business records are updated, many states do not have such a system. In most states, the business needs to affirmatively check its information.
Why does someone what to steal a corporation’s identity? Crooks want your business credentials for many of the same reasons you wanted to form your business. Operating as a corporation or LLC makes it easier to obtain access to banking, credit cards with higher limits, and better terms with vendors.
It often works like this: the crook finds out the names of the corporate officers, the company’s EIN and other relevant information. Using that information, he (or she) opens a business credit card in the company’s name. The fraudster then orders thousands of dollars of merchandise that has high resale value (such as laptops) and has them delivered to a rented address. The criminal then moves on, reselling the equipment for a tidy profit and leaving the corporation with the bills and a badly tarnished credit rating. And, unlike the stop-loss protections attached to consumer credit cards, few business cards have similar features.
The bad guys get the needed information in a variety of ways, but many times they take advantage of the information and processes at the secretary of state’s offices. Their strategies include:
- outright hijacking of the company by changing the corporate information with the secretary of state
- re-instating inactive companies
It only takes a few minutes to update information with the secretary of state, such as officers names and addresses and the company’s registered agent, and using this false information to obtain a certificate of good standing. With that piece of paper, the crooks can gain control of access to banking and credit using your corporation’s name.
These actions often go unnoticed for the crimes that they are.
Why? The business owners aren’t paying attention and the actions appear innocuous to the secretaries of state. After all, a significant number of businesses legitimately change their officers, business locations or registered agents over the course of the year. Plus, in most states, the secretary of state’s role in the process is a ministerial one; the state simply accepts what is put on the forms “in good faith.”
There are actions that every small business should take—all of which involve being vigilant in monitoring and protecting your business identity as rigorously as you seek to protect your personal identifying information. Next week, we will cover those actions in detail. But, for a preview, you can download CT’s checklist of nine actions that you should take to protect yourself.
Article credit: https://ct.wolterskluwer.com/resource-center/articles/business-identity-theft-big-threat-small-businesshttps://ct.wolterskluwer.com/resource-center/articles/nine-tactics-guard-your-business-identityhttps://ct.wolterskluwer.com/resource-center/articles/nine-actions-guard-against-business-identity-theft-checklist