Business Identity Theft

 

Business Identity Theft Defined:

The Department of Justice’s Office for Victims of Crime, defines business identity theft as a type of identity theft committed with the intent to defraud or hurt a business (e. g. financial business identity, extortion).

Types of Business Identity Theft:

  • Financial Fraud – fraudsters obtain new lines of credit, loans or credit cards
  • Tax Fraud – criminals file fraudulent returns using tax subsidies or other compromised data to obtain refunds
  • Website Defacement – cyber hackers manipulate a business’s website

How bad is it?

IRS stated in 2017, “Small business identity theft is a big business for identity thieves. Just like individuals, businesses may have their identities stolen and their sensitive information used to open credit card accounts or used to file fraudulent tax returns for bogus refunds.” (Footnote #1)

In November 2014, the IRS Advisory Council raised concerns with business identity theft and issued the following statement:

“Business identity theft can be more complex than individual identity theft and.…. can occur in many ways. A fraudulent business entity tax return can be filed that generates a larger refund than would be obtained on an individual income tax return due to available refundable tax credits, or fraudulent W-2 forms with fictitious withholding may be filed and the information subsequently used to file multiple fraudulent individual income tax returns claiming refunds. Similar to individual identity theft, business identity theft also impacts the banking and business communities. Because of the potentially larger payoffs available, business identity theft is on the rise. (footnote 2)

The FTC’s Identity Theft Clearinghouse collects data on consumer identity theft, but does not collect statistics on business identity theft. In 2016, the FTC reported that the number of complaints for consumer identity theft at 400,000 —- which had declined slightly from previous years — with a cumulative number of identity victims at 17.6 million or 7% of the U.S population.

Background on the Business Identity Theft project

In October 2017, the Identity Theft Resource Center selected the National Cybersecurity Society as one of six sub-grantees, to lead a national coalition under the auspices of the National Identity Theft Victims Assistance Network (NITVAN). NITVAN is a network of coalitions across the country engaged in creating, enhancing and delivering identity theft and identity-related cybercrime victim assistance training and outreach to improve the ability to provide direct victim assistance services. The program provides resources to establish and augment the work of regional, statewide and community-based coalitions, with an emphasis on threats from cyberspace. Funding for this award is derived from the U.S. Department of Justice, Office for Victims of Crime, through the Crime Victims Fund.

 

In response to this effort, the NCSS developed the Business Identity Theft in the U.S., June 6th, 2018 and can be found here: