Business identity theft: Yes it’s real, and yes it can happen to your business clients

Your individual clients have long been warned about personal identity theft, and advised to keep information such as passwords, their tax file number and bank account details closely guarded secrets.

It has been shown that even social welfare payments can be scammed should criminals get hold of personal details, as many tabloid current affair reports highlight.

But identity theft is no longer only an individual consumer crime. Fraudsters have learnt that businesses also have identities that can be stolen, and the details of unsuspecting businesses can be used for easy money and/or goods.

But rather than what may be usually thought of as crimes perpetrated against businesses (such as hacking into its confidential customer information), business identity theft can be much like its individual consumer counterpart, and involves the actual impersonation of the business — that is, not the people behind the business, but the business entity itself.

The ATO warns that thieves can target unsuspecting small businesses and steal information that can be used to commit various crimes. A business identity can be stolen and used to commit tax fraud, create other fake business entities, lodge fraudulent GST claims, and take out loans.

More chance of a clean getaway
Unlike the identity theft of a consumer, who may notice a compromised bank balance fairly quickly, victimised businesses could unwittingly be giving thieves up to 30 days (a common payment term on invoices) after fraudulently ordering goods and services.

Of course, identity thieves who access a business entity’s information may also find they have access to employee personal information, such as tax file numbers, bank details from payroll data, super fund details and personal addresses.

To protect your business clients from identity theft (and of course your own business), the ATO recommends:

  • securing business files and employee information when they are not in use
  • regularly changing all passwords
  • ensuring that the business’s principal and staff log out of systems and lock computers when they are not in use
  • making sure that your computers and other devices have up-to-date security and anti-virus software.

It also emphasises that a business’s AUSkey needs to be kept safe, and that if it is used on multiple devices to consider storing your AUSkey on a secure USB with a password.

The ATO says considerable time and effort is required to restore a business’s identity, amend credit profiles and sort out financial arrangements. If a business owner thinks their identity has been compromised, the ATO would like to hear about it (they can call its Client Identity Support Centre on 1800 467 033).

Listen to the ATO’s audio Don’t let your business get scammed – an audio guide (MP3 file, 5.5 minutes).