Several years ago, my business was targeted by an identity thief. Someone took our business checking account information, printed false checks, and used them to go shopping. You wouldn’t think that scammers would go after lawyers, but it turns out we’re popular targets.
You’re probably aware that identity theft is a serious and growing threat. But you may not be aware of how easy a target your business may be. There’s a good reason for that. This crime is often underreported, according to Eduard Goodman, chief privacy officer for Identity Theft 911. I called him to get some general advice about this kind of fraud.
Goodman describes a couple of small business ID theft cases he’s witnessed below.
- Fraudsters took out office space in a building where a law firm was located. Posing as representatives of the law firm, they claimed to be expanding the business. They purchased computer equipment, furniture — and a moving truck to haul away their new purchases so they could be sold. Of course, these items were bought on credit under the law firm’s name.
- A nonprofit organization in the United Kingdom was raising money to fight AIDS in Africa. An identity theft ring stole the identity of an individual in the United States and used his personal information to set up a Web site that spoofed the nonprofit’s Web site, then used the fake site to raise money. Both the nonprofit organization and the individual whose personal information was stolen were victims. Of course, the donors unwittingly became victims, too.
“Small to medium size businesses are an easy target, and the reward is typically much greater than it would be if the thief stole the identity of an individual,” Goodman told me. “They are prime targets.”
There are several reasons for this:
- It’s not that hard. Someone can represent themselves as a shareholder or guarantor of the company. Between public corporate records and corporate credit histories that can be accessed or purchased by anyone, it’s not that difficult for a thief to steal a business’s identity.
- Amounts can be much larger. Losses can run from several thousands of dollars to hundreds of thousands of dollars. When established businesses are targeted, the total dollar limit is often higher than what can be obtained by stealing the identity of an individual.
- This type of crime is often underreported. Business owners may be embarrassed or don’t want to hurt the reputation of their company by admitting they’ve been taken. Goodman says that law offices and medical offices are especially vulnerable. It’s easy to imagine why doctors or lawyers wouldn’t want to go public.
- The prosecution rate is low. In fact, it’s so low that it makes it a good gamble for crooks. In our case, we left it up to the police, and we never heard back. To my knowledge, they were never caught.
- Businesses may not even know they’ve been taken. It may take a while for a business owner to discover that their company has been hit. The longer it takes to recognize that you’ve become a victim of identity theft — corporate or personal — the longer it can take to clear it up.
Monitoring your corporate credit files is one way to help keep tabs on illicit activity. You can purchase subscriptions to monitor your reports from Dun & Bradstreet, Experian, or Cortera. Unfortunately not all business credit accounts or inquiries are reported to corporate credit reporting agencies; so reviewing your corporate credit isn’t foolproof. But if you do spot something unusual, investigate it immediately.
Legislative changes are needed to help protect businesses, says Goodman. He notes that California changed its identity theft statutes so that the definition of a person includes businesses. That gives businesses the same rights as individuals to combat identity theft crimes. More important, it gives prosecutors greater resources to prosecute. Hopefully the next few years will bring similar changes in other states.
Since this type of crime can wipe out a business, it’s crucial that you pay attention to what’s going on within your accounts as well as with your credit. Goodman describes a colleague — a criminal defense attorney — who didn’t notice that a thief had gone into his business credit card account, transferred money to an investment account, and then took out about $6,000 from there. Being busy, the attorney didn’t catch the transfer until a couple of months later. By the time he did, the time limit under which he could have disputed the fraudulent transaction had passed. (Business credit cards can be subject to different fraud limits under the Truth In Lending Act.)
Fortunately, my bookkeeper caught our fraud case quickly, and we stepped in before things got out of hand. But I’ve seen how easy it is for someone to take advantage of the business you’ve worked so hard to build.