Page 1 of 3
By Rachel James
Generally speaking, when most people discuss identity theft, they are referring to an individual using the personal identifying information of another individual, without their consent, to obtain some profit or advantage.
Identity theft is largely viewed as a "people" problem, and for good reason — most state and federal laws, websites, non-profit organizations and consumer advocacy groups tasked with the job of helping identity theft victims address the American consumer at large.
Yet, small and medium sized businesses (SMBs) are an attractive target for identity thieves.
According to the Institute of Consumer Financial Education (ICFE), SMBs usually qualify for larger lines of credit, "enjoy extended payment terms and less transactional scrutiny for large purchases or high-value ticket items than individual customers." They often have physical property such as computer equipment of value, or perhaps inexperienced employees that may be susceptible to phishing attempts or bribes.
Many SMBs are located in shared business buildings, making it even easier to obtain credit cards and loans. All a criminal has to do is rent a small space or mailbox in your building — the address will verify as correct, and he'll get the credit cards, loan documents, and bills instead of you. Before you even know something is wrong, he has skipped town without a trace — except for the damage to your business.
In addition to being lucrative, small and medium size businesses are often careless with privacy and security because they are preoccupied with, well, running their business. According to the ICFE, "Many businesses do not regularly review their business credit report ... [or] ... always carefully scrutinize employee charge card billing statements before they are paid, particularly those accounts for which multiple cards are issued."
Additionally, a recent survey from security firm Panda Security shows SMBs in the United States are increasingly the victims of cybercrime, yet many do not take simple precautions to protect themselves.
By the numbers:
- 44 percent were hit by some form of cybercrime
- 10 percent surveyed were hit so bad that they had to stop production — worldwide, the average was 30 percent.
- 50 percent of companies in the survey lost time or productivity as a result of being infected.
- 97 percent of U.S. SMBs have installed anti-virus and 95 percent claim their security systems are up to date. YET 29 percent said they have no anti-spam in place, 22 percent are without anti-spyware technology and 16 percent do not have firewalls. 52 percent said they have no web filtering solution in place. 39 percent of respondents said that they have yet to be trained about IT threats.
When you combine large cash /credit flow and little scrutiny or security, it is easy to see what a gold mine this is to thieves. I'm not done yet …
There is another factor that makes these threats an increasing danger in an age of government transparency and online communications. Not only are you an attractive target, but obtaining the documentation necessary to impersonate a business or pose as a representative of the business is often easier than for an individual. Your business information is easily obtained from a variety of offline and online sources.
Business stationary and business cards are easy to obtain and duplicate, and since "most businesses are eager to open new accounts for other businesses, and the process can be quite simple — such as submitting a request on company letterhead along with the business license number and Tax ID." (ICFE)
Since most businesses display their business license on their wall (as many are required to by law), this theft is dangerously easy.