(925) 600-8500 talk2us@depretis-cpa.com

Protecting Your Business from Business Identity Theft

Miranda Kazakevich

Is your business at risk of identity theft?

While personal identity theft garners the majority of the national headlines, there is another dangerous form of identity theft that business owners must work diligently to prevent: Business identity theft. This type of crime involves the theft or impersonation of a business’s identity, often with dire consequences for the business and its stakeholders. Much like personal identity theft, perpetrators are often looking for financial benefit, whether through unauthorized tax filings making claims for refund, or opening new credit lines. What can make business identity theft even more dangerous than personal identity theft is the size of the potential transactions involved.

In many cases, businesses deal with larger transactions than individuals, have larger account balances and credit lines than individuals or families, and can even set up and accept merchant credit card payments. Business identity theft is almost just like personal identity theft, with one exception— it’s being played at the high stakes tables. The higher the potential value involved, the greater the potential loss and the greater the risk. Business identity theft can quickly cripple an organization, creating massive liabilities, credit problems and even affecting the business’ status as a going concern. So how can you prevent identity theft and protect your organization?


Tax ID numbers, financial information, and management information of businesses is often public and easily accessed, whether through public filings or private databases. This information can be a great starting point for identity thieves. With company accounts and files being accessed by multiple users from multiple devices, increased risk of IT systems infiltration also exists, providing criminals with many different avenues for obtaining the data they need to perpetrate identity theft. Add greater opportunity to greater value, and it is no wonder that criminals are focusing on business identity theft at an increasing rate. Nevertheless, prevention tools, remedies and law enforcement still focus more on individual identity theft than its business counterpart. All of this adds up to a perfect storm for business owners, one which every business owner should plan to prevent.

As business transactions, banking, and even business operations increasingly move into the cloud, skilled criminals have an increased ability to steal valuable identifying information and use it for potentially dangerous purposes, including opening new lines of credit and filing false tax returns to generate refunds from the state and federal taxing authorities. Businesses which are victimized are often unable to detect the crime until it has already occurred, at which point significant damage has already been done. Because of the ease, speed, and difficulty involved in policing cybercrime, business identity theft has risen rapidly in recent years.

How business identity theft occurs

In general, less information is required to establish a business or open a line of credit than is required of individuals. How simple is it for a criminal to get started? First, the thief needs to obtain the business’s EIN, which is frequently easy to acquire. Common sources for an EIN include:

  • Public databases that enable users to search for business entities sometimes also display the employer’s EIN.
  • Filings made to the Securities and Exchange Commission (SEC) such as the Form 10-K.
  • Forms W-2, W-9 or 1099.

Once a thief has the EIN, their next step is often to establish an alternative address or addresses for the business, allowing for nefarious activities to go on longer without detection. This is done by filing reports with Secretaries of State to change registered business addresses, registered agents’ names or even appoint new officers.

Once sufficient information has been changed with state agencies, thieves may apply for credit using this new information. With official records displaying the new information, business owners and potential creditors will not be alerted to the fraud. Once an identity thief has established a business name, EIN and address information, they have all the basic tools necessary to perpetrate business identity theft.

Protecting your businesses

With the stakes raised for business owners, preventing and detecting identity theft should be a high priority for every business. Businesses should take a proactive approach to preventing identity theft, beginning with a risk assessment, identification of potential threats, and a plan for risk mitigation and ongoing monitoring.

Businesses can start by reviewing their banks’ policies, recommendations and available security measures and detection techniques regarding fraud. It is critical to understand available security measures that are being offered, including the protections that these do and do not provide. In many cases, banks offering security measures can reduce the bank’s liability for fraudulent charges, whether or not the business takes advantage of the tools available. Many states have also adopted the UCC, meaning victimized businesses might find themselves without recourse against their banks in the event of a large fraudulent wire transfer.

In addition to any protections provided by banking partners, businesses can take manual steps to protect themselves include monitoring their financial accounts on a daily basis and following up immediately on any suspicious activity. If available, businesses should also enroll in email alerts from banks, credit agencies, state agencies and more so that they can be immediately notified of changes in your account name, address or other information.

After fraud occurs

If it is too late, and a fraudulent transaction has occurred in your business’s name, take immediate action by contacting your bank, creditors, check verification companies and credit reporting companies. Report the crime to your local law enforcement authorities and your state’s secretary of state business division. Finally, whenever possible, memorialize all correspondence in writing and keep it in your records.

If you’d like more information on how you can take steps to safeguard your personal or business “identity” through safeguarding your tax and other financial accounts, please contact our office.