Identity theft continues to make the news, not only for individuals, but for businesses as well. Businesses are easily targeted because so much of their information can be located on the internet with little difficulty. The following data needs protection from criminals who “phish” to collect this information which is used to impersonate a business.
Federal Employer Identification Number (FEIN) – This number identifies your business and can be found on credit applications, financial accounts, and tax returns. One tactic identity thieves use to obtain a FEIN is to send a letter to businesses requesting the completion of Form W-9. The letter looks legitimate, but the fax number and mailing address belong to the identity thief. Always have your accounting or finance department verify the vendor and their contact information before providing your FEIN. If the phone number and address differ, contact the company who sent the W-9 and inquire if a letter requesting this information was actually sent.
Financial Account Information – Obtaining your company’s bank routing and account numbers is not a difficult task for identity thieves. Control is lost when this information is released to pay vendors and employees. Talk to your financial institution about options available to protect against unauthorized transactions. Consider using direct deposit and Automated Clearing House (ACH) direct debit to pay your employees. An ACH filter can be put in place for added security. Also, establishing a two-step process for ACH transactions – the individual submitting the ACH payment is not the person responsible for approving the transaction. Another option is to have dedicated accounts for payroll transactions and accounts payable.
Creditor Account Information – Identity thieves use creditor information found on credit applications. You can monitor your credit activity by subscribing to a business credit reporting service that notifies you when there is an inquiry made about your credit. Additionally, store your creditor account information in a tightly controlled area and properly destroy invoices and contracts when they are no longer needed. Using a document destruction service will protect your company’s confidential information. Be sure the company you select is certified by the National Association for Information Destruction.
Online Access Information – More and more businesses are using online banking services for convenience and to cut costs. Identity thieves obtain your company’s login and password information to make fraudulent purchases, withdraw funds, and even set up new accounts. When banking online, it is recommended you connect to servers through a Hypertext Transfer Protocol Secure (HTTPS) connection. Additionally, proper password management is vital. Everyone in your company should be educated on the proper selection of strong passwords which will deter identity thieves.
While most businesses use technology to improve efficiency, identity thieves can use that same technology to steal your financial information. Being proactive and reviewing your security policies are vital ways to protect your company’s assets.
ABOUT THE AUTHOR
Mary Ann Zugay
SBAS Senior Associate
Mary Ann Zugay is a Senior Associate in our Small Business Accounting Services Department. She provides clients with personalized bookkeeping and payroll services.