How to Report Business Identity Theft

What is business identity theft?

Business identity theft is when a fraudster uses your business information to open accounts, file a tax return, file fraudulent W-2s, open or access accounts or commit other crimes. Filing fraudulent tax returns or W-2s allows thieves to receive a tax refund in their name that is not valid.

Phishing scams are very common among businesses. According to the Association for Financial Professionals, 63% of businesses reported fraudulent email scams. For example, your business may receive spoof emails from vendors requesting payments or fake emails from senior management requesting a transfer of funds.

And businesses are a target due to the potential for large payouts for thieves.

“Criminals target businesses because transactions are large, there is trust and existing relationships between companies, and the identity theft may go on longer without detection, when compared to individual identity theft,” said Matthew Stern, CEO of CNC Intelligence.

Signs of business identity theft

The warning signs of business identity theft can be missed due to poor communication between management and employees. What can look like a processing error is actually theft, but it goes unnoticed until major damage has occurred.

Here are some signs of business identity theft that the PNC Bank chief information security officer, Susan Koski, recommended watching out for:

• Strange transactions on business accounts
• Unexplained notices from regulatory agencies
• Customers reporting irregular contact protocols

“In a worst-case scenario, accounts are drained of funds, and personal data is exposed,” Koski said. “For small businesses, this can signify an existential threat.”

» MORE: How to dispute discrepancies on your credit report

How to report business identity theft

If you have identity theft protection for your business, you should contact the servicer first for assistance on how to move forward. If not, you’ll need to report the identity theft to all the banks, agencies and third parties that are affected. But you must act quickly.

“Taking quick action can help minimize the damage. Place fraud alerts with all banks, creditors and credit bureaus,” Koski said. “It’s also critical to notify clients, as soon as you’ve completed immediate triage and assessed the impacts.”

1. File a report with the police

Report the business identity theft to the police. This is crucial because you may need to submit copies of the police report to banks and creditors to prove that identity theft occurred.

2. Report it to the Federal Trade Commission

You can also file a report with the Federal Trade Commission (FTC) at IdentityTheft.gov. This is a government agency that can help you take the necessary steps to recover your business identity.

3. Contact your bank

If you find fraudulent transactions on your business accounts, contact your bank and creditors and provide them with copies of the FTC and police reports. Let the bank know which transactions were fraudulent and dispute the charges.

If a loan was taken out in your business’s name, let the bank know that it was fraud. It will close the account and take appropriate action. Also, change all your passwords and PIN numbers to prevent further access to your accounts.

4. File Form 14039-B with the IRS

If your taxes were affected, you’ll want to file Form 14039-B. You’ll need to file this form if someone submitted taxes or filed W-2 notices using your business employer identification number (EIN).

5. Contact the business credit bureaus

The business credit reporting agencies are Dun and Bradstreet, Equifax Business and Experian Business. Contact each credit bureau and let it know that you’ve experienced business identity fraud so it can put an alert on your report.

6. Contact other affected parties

If the thieves got access to any customer, employee or vendor information, let the affected parties know right away. This allows them to protect themselves from future identity theft. This might be uncomfortable, but it may be required by law.

Let these parties know that you’ve been a victim of identity theft, what information may have been compromised and what steps you are taking to prevent this from happening again.

How to protect your business from identity theft

You can protect your business from identity theft by keeping up to date on the critical accounts and empowering your employees to question emails or transactions that look suspicious.

• Keep up with the Secretary of State filings: Register your tradename and ensure that the Secretary of State always has the correct address on file. If you see anything suspicious, notify authorities right away.
• Check your accounts regularly: Even if you have a bookkeeper, ensure you are looking at your bank account regularly for any suspicious transactions. An employee may not notice smaller transactions or transactions to vendors that seem legitimate. What looks normal to them may be suspicious to you.
• Train employees on how to recognize phishing emails or calls: Phishing scams are very popular. An employee might disclose sensitive information or transfer funds to a fraudster based on a fake email they received.
• Store your sensitive documents securely: If you keep employee, customer or vendor information, make sure that it is stored securely. Require a password to access digital information and keep papers locked up.