A band of thieves rents an office in the same building as a California law firm. They then use that address (with a different suite number) to have $70,000 worth of computers and office furniture delivered using the law firm's line of credit. They load the furniture into a truck and disappear.
In Pennsylvania, thieves place malware on a school district's computer system and use information gained to siphon about $700,000 from its bank accounts in 74 transactions over a two-day period.
These are examples of the growing problem of business and institutional ID theft provided by Michael Barnett of the Identity Theft Protection Association.
Although the theft of personal information Â such as Social Security numbers, date of birth and credit card numbers has been a big problem for individuals for a number of years, experts such as Barnett say the equivalent for businesses has become a multibillion-dollar headache.
"The thieves have discovered that businesses have fewer legal protections," said Barnett, whose Utah based group provides information about identity theft to consumers, businesses, law enforcement and others.
One Utah enterprise thinks it has come up with a way to help companies protect themselves from a crime that hits businesses at higher rates than individuals.
A study released earlier this year by Javelin Strategy & Research of Pleasanton, Calif., found that although identity fraud among small businesses has decreased since 2008, they were still hit at a rate of 4.1 percent in 2010, compared with 3.5 percent of consumers.
The mean amount of the fraud the total dollar amount divided by the number of victims for small business was $4,851, with the mean out-of-pocket cost for the victim at $1,574, about twice that of a consumer. Banks, credit card companies and insurers ended up eating most of the business losses.
"Overall there's about $8 billion lost is this particular small [business] market," said Philip J. Blank, Javelin's managing director.
In contrast to individuals, business have larger amounts of money to steal and bigger lines of credit. Because of their relative size, large orders of goods often aren't noticed.
Invisus of American Fork has launched a product to help businesses keep crucial information out of the hands of thieves. It offers what it believes is the first business ID theft prevention program in the United States. The 10-year-old cyber fraud and risk management company serves small companies, those under 200 employees.
Cybercrime and identity theft is a far more likely loss for businesses than fires or floods, said Jami Harrison, the Invisus CEO.
But he said the effect is not just on the business but on owners who in small businesses use their personal information to obtain lines of credit for their businesses.
"The business owners better be paying attention because there are few protections for them, and it's going to impact them personally," said Harrison.
Invisus offers a package of services for about $25 per month. As part of the service, the company monitors the black markets for stolen identities. "We're constantly looking for activities using their business information," Harrison said.
The company also schools owners in prevention tactics and, should an identity be stolen, it walks the business through the process of recovery, said Harrison.
Blank of Javelin Research said financial institutions should realize that they benefit by helping small businesses prevent fraud. Not only do banks, credit unions and credit card companies lose money to fraud when their clients are victims, but when it occurs, around 20 percent of small businesses switch banking and credit card accounts. Some victims about 32 percent in the Javelin survey refuse to bank online and revert to writing checks, driving up costs.
Blank recommends banks and credit unions provide small businesses with free or incentive-based antivirus, anti-spyware or firewall software and other protections.
Among other schemes that target small businesses involves thieves using information from business registrations with state governments, or even altering that information, something that typically can be done for as little as a $5 fee. With that information, scammers have been able to open lines of credit in order to buy goods that can be easily resold for cash.
In Colorado, scam artists from California revived the Secretary of State registration of a defunct company using the name of the former owner as an officer. They then took out lines of credit, ordered goods and then disappeared with what they bought on the business' dime.
Unlike Utah, Colorado until fairly recently had no password requirement for people wishing to alter business registration records. That contributed to dozens of thefts from businesses, according to Ralph Gagliardi, agent-in-charge of the identity theft and mortgage fraud units of the Colorado Bureau of Investigation, which began looking into the crimes in late 2009.
He said large computer companies and big-box stores are typical targets for purchases of goods with stolen credit. The thieves access "credit cards or lines of credit, or, if it is a cellphone company, they would buy up phones on credit."
As authorities there have caught on and started altering procedures, including requiring passwords for business registration changes, the thieves have continued to modify their tactics, said Gagliardi.
In Utah, the state Division of Corporations has long had a password system that controls who can make changes in business registrations. Division spokeswoman Jennifer Bolton said she is not aware of any reports of thefts related to registrations.
O The Colorado Secretary of State's resource guide to business ID theft is available at http://bit.ly/o99bWN.