Business Owners at Risk for ID Theft
The Small Business Administration (SBA) estimates that 10 million individuals in the United States are victims of identity theft each year. However, this crime doesn’t just affect individuals. Business identity theft is a new and rapidly increasing crime that can strike companies and their owners — including those in the construction industry.
Tax-Related Identity Theft
Tax-related identity thieves usually strike early in the tax filing season. This often enables them to collect fraudulent refunds before their victims have filed their legitimate tax returns. One contractor learned this the hard way.
A business owner and his wife had always kept a close eye on their books but began to let a trusted manager oversee payroll and other transactions. After two years, the manager had a dispute over compensation and, while the conflict was resolved, he resigned soon after. A year later, the company began receiving collection letters for debts the owners weren’t aware of.
After weeks of forensic work, their accountant was able to trace the paper trail back to the disgruntled former manager. He had stolen sensitive company information to file a fake tax return and claim a sizable refund while also using their taxpayer ID and other company data to obtain credit cards in the business’s name.
Business Identity Theft
Business identity theft occurs when fraudsters assume the identity of a company’s owner, officers or employees to obtain cash, credit or loans. For example, an Oregon contractor found out how identity theft can destroy a company’s credibility when his Construction Contractors Board (CCB) license number was stolen and used to solicit work that was never completed.
Identity theft could also occur when a fraudster uses an owner’s Social Security number and other personal information to apply for and exhaust a line of credit. The victimized company is then stuck with the debt and may even lose assets that were fraudulently pledged to secure the loan.
Preventing Fraud in Your Business
Although thieves are constantly thinking up new ways to steal identities, business owners can take steps to reduce the odds of being victimized. For example, they should closely monitor their business accounts and reconcile bank and credit card statements — as soon as they arrive — with an eye toward suspicious purchases or transactions. Many identity thieves will initially make a few small purchases on a hijacked account and, if the business doesn’t appear to notice them, proceed to larger transactions.
Keep company documents is a secure location and dispose of records using a micro cut shredder. Never provide your company’s federal tax identification number, employee identification number, account numbers or financial documents to anyone who you did not contact first. If you must provide this information through the web, check that the site is legitimate and safe and that its security certificate is up to date.
Avoid creating a “master user” account or general password combination that makes it easier for an individual to gain access to all of your company information. Consider using a password generator or unique naming convention for ultra-secure passwords.
Unauthorized accounts and debt will eventually show up on a company’s credit report. Businesses are advised to routinely order reports from the three main credit agencies and review them for inaccurate and suspicious activity.
Business owners also should keep their company and personal finances separate. Personal credit cards, accounts and lines of credit should never be used for business-related transactions. In fact, most banks and credit card issuers exclude business-related transactions made with a personal card from their “100% fraud protection” programs. This means that owners could be personally responsible for losses that result from fraudulent business charges and withdrawals.
Finally, owners should periodically check with their Secretary of State’s office to ensure their business entity history and details remain correct. If unauthorized changes have been made, they should report them immediately.
Enlisting Help to Fight Fraud
Training is important, too. A company’s employees are its first line of defense against fraud perpetrators, and staff members need to know and understand their roles. A qualified CPA can conduct training sessions on how to recognize common and emerging identity theft schemes, along with the related red flags.
What to Do if You Suspect Fraud
First, contact one of the three major credit bureaus (Equifax, Experian or Trans Union) to place a fraud alert on your account. This will make it harder for identity thieves to open fictitious accounts in your name by placing a “red flag” on your account. An initial fraud alert will protect your credit from unverified access for 90 days and can be renewed. You should request a fraud alert if you are concerned about identity theft, such as if your wallet, Social Security card or other personal or financial information is lost or stolen. For victims of identity theft, an extended fraud alert will protect credit for seven years.
Request a free credit report right away to ensure identity thieves have not opened additional accounts by going to annualcreditreport.com, which is operated by the three major credit bureaus.
For even stronger protection, a credit freeze restricts access to your credit reports, which makes it difficult for thieves to open new accounts in your name. There is often a fee that varies by state, and you will need to contact each of the three credit bureaus to set up a credit freeze.
We’ve highlighted just a few of the items that should be on your radar in the fight against fraud. If you are concerned about identity theft in your business, please contact us to discuss your next steps.