July | August 2017

Business Identity Theft

by Kay Stimson
States are facing a new wave of crime—thieves are targeting businesses, stealing their identities to open up phony lines of credit to illegally obtain goods and services.
“This can explode quickly and become a big problem,” said Colorado Secretary of State Scott Gessler, who noted his state has registered 85 victim entities with total losses of approximately $3.4 million. One business, he said, suffered a loss of at least $250,000 at the hands of corporate identity thieves.
Colorado isn’t alone. While national numbers on business identity theft are virtually impossible to calculate, Dun & Bradstreet, a leading provider of business credit information in the United States, has reported documented cases of business identity theft in at least 22 states.
“What is particularly disturbing about this trend is the significant dollar amounts involved,” said Robert Strezze, a senior risk analyst with Dun & Bradstreet. “It’s not unusual for the losses to be in the mid-six figures by the time the criminal activity is detected, and it’s a lot more lucrative than stealing individual identities.”
But secretaries of state, who oversee corporate registrations and other business filing processes on behalf of the states, are fighting back.
“We are committed to making Colorado a hard target for identity thieves, and that means identifying new policies and protections for state-based businesses as well,” said Gessler.
Secretaries of state say business identity theft—a mutation of classic identity theft—is on the rise and spreading. Computer-savvy thieves are hijacking business entities from their owners, leaving behind a digital vapor trail of fraudulent credit purchases and other damages. Several states have adopted new or improved safeguards for protecting the state-held data that offers a potential gateway to this type of crime, and they are warning others to do the same.

Methods of Deception

Experts say business identity theft is similar to regular identity theft. Criminals look for ways to steal a legitimate business identity, securing lines of credit with banks and retailers. Once the fraudsters get the money or goods involved, they leave the legitimate business owners steeped in debt and typically unaware that a crime has occurred until creditors come calling.
Enterprising thieves are stealing business identities in a number of ways. In California, they have rented office space, sometimes in the same building as the victim entity, ordering everything from corporate credit cards to electronics and hot tubs, according to an article in Bloomberg Businessweek. The crooks sell the illegally obtained merchandise, shut down the office and move on to the next victim.
In other states, thieves have carried out their scheme by gaining access to legitimate business records. This happened in Colorado, where criminals were able to exploit the state business registration website, altering the names of company officers and addresses for at least 85 entities.
Once the criminals were able to change the corporate registration information, they were able to use the business’s corporate registration history—along with additional false documents—to establish lines of credit with banks or retailers. Identity thieves then purchased items that could be bought and exchanged for cash or sold with relative ease.
“Make no mistake about it, this is organized crime,” warned Georgia Secretary of State Brian Kemp, who has championed new protections in his state. “And there is more than one victim—it’s actually much larger than some might think.”
Kemp pointed to a chain of victims that must clean up in the wake of such fraud, including companies that have received orders for stolen goods and services, banks or lending companies that have issued credit and entities like state governments that house “proof of right” documents to provide confidence in commercial transactions.
Thieves most often target small and midsize companies, according to Dun & Bradstreet, because they have extensive credit lines and cash reserves, but fewer legal and financial protections than larger corporations. Churches, family-owned businesses and dormant companies that are no longer actively doing business also have been targets of such fraud.

State Solutions

Secretaries of state are urging policymakers to take action. It often means ensuring state safeguards keep pace with advances in online services for the business community.
Nevada, home to one of the largest numbers of corporate registrations in the nation, unveiled its Nevada Business Portal this spring. The unique, one-stop shop for business/government transactions will help guard against business identity theft by incorporating single sign-on and identity management elements in the online service.
Meanwhile, Colorado is establishing an optional password system for businesses on its corporate registration website, along with an email alert system that will send electronic notices whenever a company’s information is changed online. Georgia already has established a similar system for email alerts.
The real challenge, secretaries of state say, is ensuring business owners are aware of the relatively new risk of corporate identity theft, and getting them to sign up for email alerts or password protections while checking their filings regularly.
“We are trying to protect businesses in every way that we can,” said Nevada Secretary of State Ross Miller, “but this type of crime is relatively new and the methods of fraud are constantly changing.”
He said states should engage multiple partners in their efforts. “Otherwise, the criminals will just figure out new ways to pull off this crime,” Miller said.
Miller pointed out that because catching the perpetrators of business identity theft can be difficult—and sometimes impossible if they are based overseas or moving from state to state—states should focus on prevention.
Since nearly every state offers a searchable database that can tell users whether a company is in good standing and can identify the names and addresses of registered agents, Miller and his colleagues have formed a national business identity theft task force.
“These business records are documents that are supposed to be used as a tool for commerce,” said Leslie Reynolds, executive director at the National Association of Secretaries of State, an affiliate of The Council of State Governments. “While banks and other entities can use the data for legitimate purposes in business transactions, there is a growing number of would-be criminals who are looking to exploit this information for illicit gains. It has raised some important policy implications for state officials.”
Reynolds added states should work together to combat corporate identity theft crimes, share strategies for communicating with the business community and others who deal with state business registrations and reporting, and discuss ideas for engaging law enforcement in helping to prevent or detect this type of fraud.