Company Identity Theft

Businesses of all types and sizes are vulnerable to company identity theft and although consumer identity theft has been on the forefront of the battle against identity theft, business identity theft is a serious threat and probably the next wave of identity theft cases with serious and devastating consequences.

The consequences of business identity theft can not be overlooked as most successful businesses have great and sometimes unlimited credit lines. Even if the company has no available credit lines, a recognized company brand name and good business credit can be used to open unauthorized credit lines or make credit purchases from already established business relationships. Specific business identity theft schemes include unauthorized credit cards or purchases orders with items shipped to rented offices under the business name. These unauthorized purchases comingled with legitimate business purchase orders are harder to detect on a timely basis and when detected, it’s extremely difficult or impossible to reverse the charges and prosecute the fraudsters. Phishing is of course another challenging and increasing scheme to commit identity theft whereby a consumer or business receives emails, phone calls or other types of communications requesting specific information for fraud purposes. Phishing is a crime in some places but fraudsters continue to use this technique to pretend being someone the recipient recognizes and trusts to obtain specific information regarding accounts, passwords, and other information needed to commit company identity theft.

What makes it even worse is that current identity protection laws mostly protect the consumers against identity theft leaving businesses with little or no budget for legal battle against identity fraud. Federal laws protect businesses against mail fraud, forgery and counterfeit as well as unauthorized use of their proprietary assets such as logos, corporate identity, content or product and service trademarks. Also, some State laws such as anti-phishing laws make it illegal to pretend to be a legitimate business and illegally collect personal information and limited State laws expand the definition of fraud victims to also include small businesses, associations, partnerships and corporations for the purposes of locating and prosecuting identity fraudsters in company identity theft cases. However, not all businesses are protected against company identity theft in all States or countries.

Although the distinction between consumers and small businesses is getting narrower in order to provide the same consumer protection to small businesses by the major credit card companies, not all businesses may benefit from the limited identity theft laws and business security practices. Consumers and businesses rely on each other to protect identities and report information security breaches which might lead to identity theft. In fact, Federal laws require companies to report their security incidents which involve stolen consumer information and might lead to identity theft. One of the highly publicized cases of company identity theft was discovered and reported by T.J. Maxx which reported that hackers stole 45 million credit and debit card numbers, however, when it comes to stolen information, most companies prefer to remain under the radar and not publicize their security breach cases which most believe are under reported.

In most cases, the purpose of a company identity theft is financial gain and when the money is collected, it must be cleared. The Anti-Money Laundering (AML) laws are established to detect illegal money and prevent it from being deposited and/or transferred through the financial institutions’ systems. As such, fraudsters may induce innocent people to help them with their schemes with a promise of a small commission and deposit money in increments of less than $10,000 to avoid being detected by the financial institution’s AML group.

While the identity theft laws need to be improved and include protection for businesses, companies must be aware of the growing business identity theft risks and help each other detect such schemes and fraud through identity validation for each transaction, monitoring, reporting and follow-up investigations.

Consider the Certified Identity Protection Advisor designation as a company identity theft solution.