Risk

Identity Theft Protection for Businesses

Paul McCormack Paul McCormack

Businessman using a virtual screen to protect data.

Business identity theft protection requires adopting measures to protect sensitive data.

There's nothing more personal than having your identity stolen. Thankfully, a number of identity theft protection services stand ready to help individuals minimize the impact. But what happens when thieves steal a business identity? Business identity theft is a growing problem, with severe, long-term ramifications, particularly when many schemes inflict losses of six figures or more.

The Many Forms of Business Identity Theft

The USA Today reports that while the Internal Revenue Service announced a drop in fraudulent returns involving individuals, the use of business-related returns by criminals is on the rise, with over $500 million in potentially fraudulent refunds uncovered in the last three years.

Yet tax fraud is just one of many types of fraud associated with business identity theft. As noted by Bank Info Security, one of the latest schemes to target businesses involves cybercriminals tricking employees into emailing payroll information and sending wire transfers. In other schemes, criminals use a firm's identity to access and assume control of their bank accounts. In fact, many schemes rely on the use of phishing to gather the data needed to commit fraud.

And it's not just criminals that steal from businesses, employees can sometimes look to use their employer as their personal piggy bank. The Association of Certified Fraud Examiners reports that companies lose 5 percent of their revenues to fraud. In terms of occupational fraud, check tampering, where an employee steals blank checks and cash them for their own benefit, proves to be the most costly, generating a median loss of $158,000. As the leader of finance, with the responsibility to protect and ensure your department's ability to operate, what can you do to minimize the threat of business identity theft and the fraud it generates?

  • Protect sensitive data — Secure sensitive documents, such as business tax returns, financial statements, payroll data, etc. in a locked file cabinet. When the time comes to get rid of any sensitive documents, shred them using a cross-cutting shredder to make recreating the documents exceptionally difficult and time-consuming for criminals.
  • Reconcile business accounts on a daily basis — Cybercriminals often focus their efforts on taking over an organization's bank account with the goal being to wire funds overseas. Reconcile your firm's bank accounts on a daily basis. Investigate and resolve discrepancies quickly and notify your bank of suspicious transactions immediately.
  • Revisit your bank's ability to send wires — Criminals often turn to wire fraud in particular, as it allows them to steal money and send it outside of the U.S. financial system quickly. If you don't need wire authority, instruct your bank to block that capability from all of your accounts.
  • Learn about your bank's fraud detection capabilities — Review the tools that your bank offers to help businesses protect their accounts, such as ACH positive pay, positive pay, reverse positive pay for checks, and check blocking as these tools can prove effective in preventing check fraud.
  • Adopt dual control for high-risk transactions — Ask your bank to share the security procedures it has in place to detect and prevent transactions. Ideally, that should include the use of dual control, which requires two of your employees to log into the bank's website using separate credentials to approve certain transactions. In the event that your bank calls to verify a transaction, ensure that the bank's points of contact within your organization understand their role in verifying a transaction.
  • Protect your IT environment — Cybercriminals often take advantage of lax security to steal businesses identities. Business identity theft protection depends in part on your ability to stop criminals from installing malicious software, such as malware, on your firm's computers. Educate your employees on what to look for in phishing emails, and make sure that every computer within your environment has the latest security software installed. The Federal Communications Commission also recommends that business backup critical data, and limit each employee's ability to install software on their computer.

Preventing business identity theft starts with protecting your organization's data. The sooner, the better for as long as businesses have money to steal, criminals will attempt to do so.