We no longer support this browser.  Using a supported browser will provide a better experience.

Please update your browser.

Close browser message

Manage your business

Identity Theft: Business Owners Are Vulnerable Too

How Companies Can (and Must) Prevent Identity Theft


Elizabeth Millard

| May 15, 2015

May 15, 2015



Updated: 11/10/17

Although consumer identity theft gets a great deal of attention — and for good reason, since an attack can hurt a person's credit for years — individuals aren't the only ones in the crosshairs of identity thieves. Businesses are being targeted as well.

According to the Identity Theft Protection Association, business identity theft is separate from the kinds of information-security breaches that have been in the news lately, where confidential customer information is stolen.

Instead, the crime involves impersonation of the business itself.

A thief might act as a representative of the company in order to defraud creditors and suppliers, loan officers, unsuspecting customers and even the government if taxes are involved. The results could be a drained company bank account, unexpected lines of credit, misdirected customer payments and unauthorized equipment purchases.

With this kind of threat looming, it's crucial for businesses to be careful. Here's a checklist of strategies that might guide your security decisions to reduce your company's chance of falling prey to identity thieves:


"A standalone device purchased only a year ago that hasn't been updated or monitored may already be breached and you wouldn't even know it."

Eric Knight, CEO, SimpleWan


Make Security Updates Often

Many companies tend to purchase security devices or software, but then take a "set it and forget it" mentality that pushes the issue to the back burner, says Eric Knight, CEO of the Phoenix-based technology firm SimpleWan. "A standalone device purchased only a year ago that hasn't been updated or monitored may already be breached, and you wouldn't even know it."

Review Commercial Bank Accounts

Just as consumers are encouraged to look at their bank activity frequently (even checking daily online) to catch any fraudulent charges, businesses should review transactions regularly. If a company has a longstanding relationship with a bank, it's worth having a conversation with bank officials to let them know that there are no plans to open new lines of credit or loan accounts.

Put Authentication Controls Into Wire Transfers

If a company uses wire transfers and electronic payments, it's wise to implement a system that requires at least two people to approve each transfer. Some financial institutions also offer other forms of authentication that must be provided before a transfer is approved.

Train Employees About Phishing Scams

This type of scam relies on an authoritative tone over email or the phone that tricks people into divulging confidential information, such as company account numbers or passwords. Phishing scams often purport to be from government agencies or legitimate financial institutions, even though none of those entities would ever ask a business owner to divulge such information by phone or over email.

Put Customers on Alert

Create invoicing standards with customers, and ask them to check with you if there are any changes. For example, you may regularly email invoices and accept electronic payments. If a customer gets a mailed invoice with a request that a check or money order be sent to a location that's different from the company address, that should be a red flag.

By monitoring accounts frequently and being more aware of potential threats, a business can reduce the chances that identity thieves will do long-term damage.

Learn more about fraud prevention and how to protect your customers as they make payments to you.

For everything your business needs in one place, from news and expert tips to valuable products and solutions, visit chase.com/forbusiness.

Illustration by Mike Austin