Identity theft is an unfortunately reality for more consumers as data breaches continue to rock the market. Research from Auriemma Consulting Group estimates that identity theft has cost banks at least $6 billion, and cost consumers $58.9 million, in 2016 alone. According to the Internet Crime Complaint Center (IC3), identity theft is the seventh largest crime in the U.S., with more than 16,800 victims recorded in 2016.
But individual consumers aren't the only victims of identity theft. A new report from The National Cybersecurity Society (NCSS) published this week warns that business identity theft is an emerging threat for entrepreneurs and executives.
Funded with a grant from the Identity Theft Resource Center and the Department of Justice Office for Victims of Crime, the "Business Identity Theft in the U.S." report examines how this crime occurs, and what business owners can do to protect themselves and their companies.
"Small business identity theft – stealing a business' identity to commit fraud – is big business for identity thieves," warned NCSS CEO Mary Ellen Seale in a statement.
Business identities can be used to open card accounts, initiate wire transfers or commit tax fraud. And while small businesses are progressing in their digital transformations, the shift of sensitive data from paper to online systems means public business data can be altered relatively easily by criminals.
"Unfortunately," the NCSS report warned, "many businesses neither are aware of this threat nor take prudent measures to protect their business identity."
There are four main types of business identity theft, according to the report: financial fraud, tax fraud, website defacement and trademark ransom. Each of these can have significant financial consequences and can damage a business' reputation and customer relationships. Fraudsters can alter business information online and then use that information to apply for credit cards or make payments to other criminals.
"Unlike consumer credit fraud, the payoff for stolen business credit is huge," the report said. "In one case, criminals forged business identities to obtain bank loans and lines of credit, allowing them to make a number of large and expensive purchases, including high-end automobiles."
The Internal Revenue Service highlighted other tactics of fraudsters covered in the report. Criminals can use the employer identification number (EIN) of active or inactive businesses to obtain fraudulent refunds, file fraudulent tax returns or file individual returns claiming refundable business credits.
According to the IRS, there were 4,000 recorded instances of business identity theft cases in 2016. That figure rose to 10,000 last year.
Because of the high loss value linked to business identity theft, the NCSS noted that while these low numbers may seem inconsequential, damages were estimated at $268 million in 2016 (interestingly, however, the value of business ID theft last year declined to $137 million, though 2017 saw the largest ever year-over-year increase in the number of cases, up 46 percent).
The report noted that interviews with one major financial institution's fraud department revealed a 200 percent increase in fraudulent wire transfers initiated via business email compromise, another tactic that requires a stolen business identity to commit the crime.
What to Do About It
The NCSS recommends several steps the U.S. can take to combat business identity theft, including the development of a national business identity task force. Overall, the report noted, regulators should initiate educational outreach to business owners, improve access controls, improve victim resources, enhance credit file visibility and create guides to help business owners protect their identities.
"As the Internet Crime Complaint Center reports, identity theft is the seventh-largest crime in the U.S. based upon the number of victims," the NCSS said in its announcement. "Now more than ever, attention needs to be directed to correcting the system vulnerabilities that criminals are using to exploit. The NCSS is actively seeking coalition partners who can assist in reaching the business community, participate in solution development and assist victims."