Category Archives for "Business Identity Theft and Fraud"

Are you leaving the “keys in the car”?

Would leave keys in a running car? Would you leave the front door to your house unlocked?
Our guess is the answer to both is “no.” So, why then would you leave your business open to cyber-criminals?

Businesses are constantly under attack. In its first month in business, Axiom Cyber Solutions offices were hit over 300,000 times with scans, intrusion attempts and network mappers. Not one of those actually got through because they were smart to have installed their own firewall that actively prevents these threats and notifies the command center it is under attack.

Their engineers immediately review traffic to ensure that firewall services are doing everything necessary to handle the threat. With today’s ever-increased bandwidth and shifting threat landscape, any business can benefit from installing an Axiom SecureAmerica® managed firewall that is constantly updated to stay ahead of the latest threats including ransomeware, Ddos threats, botnets and more.

Axiom’s patent pending algorithm identifies ransomware as soon as it is activated and actively prevents it from encrypting your company’s data, Axiom engineers have identified key markers for ransomware communication.

Denial of Service is a real threat to American businesses. Attackers are constantly launching these attacks for a variety of reasons. From “hacktavism” to data theft, the attacker’s intentions vary widely. In the past, denial of service was simply meant to knock your website offline. Today, attackers are making these attacks very sophisticated and are generally trying to overload your systems so that they can find vulnerabilities that they can come back and exploit. A large percentage of denial of service attacks lead to a later data breach.

Again, DoS stands for “denial of service” and refers to an attack that overwhelms a system with data. In a DDoS attack, the first “D” stands for distributed and that simply means that many computer across the internet are engaged, sometimes hundreds or thousands at a time.

More often than not, the computers being used in attacks are not knowingly participating but rather are compromised systems from home computers, routers, and even CCTV cameras plugged into the network. This remote control by hackers is called a “botnet,” a combination of the words robot and network. Any device can be turned into a “bot” through malware on infected websites, through spam file attachments, and sometimes just through known vulnerabilities in operating systems or devices, all without their owners’ knowledge.

Axiom Cyber Solutions strives to be the leading cyber-security technology partner by providing world-class solutions that are intelligent, adaptive, innovative, and automated. Through it’s technology solutions, customers are able to remain focused on what they do best with the peace-of-mind that unwanted intrusions are dealt with properly.

Axiom has assembled an industry leading team of infrastructure specialists, developers, database and business intelligence experts, and project managers holding several industry leading certifications like Certified Information Systems Security Professional (CISSP) and Information Technology Infrastructure Library (ITIL) in addition to degrees in Analytics, Computer Engineering, and Information Systems Management.

The Identity Defenders is proud to have partnered with Axiom that specifically addresses the cyber-security needs of small-to-medium businesses and provides cutting edge technology solutions that are complimentary to the other solutions we offer.

The 6 Essential Pillars of the Identity Lifecycle

What is the definition of the Identity Lifecycle?

Up until now, identity lifecycle management was relegated to the IT department for a company, and it solely referred to the user rights and access privileges associated with managing employee access on a corporate computer network.

charts

When the U.S. Supreme Court determined in 2010 that a business had the same rights as a person when it came to dealing with the regulation of campaign spending by organizations, the opportunity to enhance and expand the definition to an Identity Lifecycle came about. It has a striking resemblance to consumer behavior models such as the “Diffusion of Innovation” and the “Product Lifecycle.”

When it comes to the Identity Lifecycle, there are six essential pillars (or stages) that must be addressed whether it’s for a person or an organization.

An effective identity is unique, and every identity has a lifecycle that begins at birth and sometimes is able to transcend death. Whether it’s your personal identity or that of your business, it’s your responsibility to manage and protect what’s yours!

characteristics

  1. Create It! – A business is formed and registered with an applicable government body. A business owner creates a business and marketing plan based on the vision and values of the founder, and crafts a brand strategy.
  1. Claim It! – The business name, address & phone number (NAP) is registered or claimed on as many internet search engines and directories to make it easier to find in a local search.
  1. Promote It! – The business starts to promote itself using Search Engine Marketing, PPC (Pay-per-click) advertising and traditional media buys including print and broadcast media to help grow sales.
  1. Enhance It! – As the business begins to grow, the owner or marketing team enhances it’s brand by implementing authority and content marketing techniques to position the business as a market leader. It also deploys Reputation Management systems to customers to build positive “word-of-mouth” – one of the most successful marketing methods.
  1. Defend It! – As a person or company grows and become noticeable, it essentially creates a “target” for cyber-thieves. There are many steps a person or business can take to Defend It’s Identity, but it is impossible to be 100% safe from being a victim of Identity Theft.

    More often than not, business identity theft is an “inside job” caused by a current employee. With far fewer protections than what’s available to individuals, it’s necessary to track a business identity with business credit bureaus, secretaries of state, and see if the business EIN is being used anywhere for fraudulent activity.

    For individuals, fraudulent use or personal or confidential information (PII) can be significantly greater. Information can be purchased on the black market ranging from $1 per record to nearly $250 per record (in Medical ID Theft).

    There’s so much information exchanged in the internet, it becomes impossible to monitor all areas where PII is used so it becomes more important to implement a service that can monitor and report on all the possible databases.

  1. Protect It! – Identity Theft and Fraud has been a growing problem, and now small businesses are the primary target. Without a comprehensive protection plan for your business, a data breach can result in catastrophic financial consequences. There are many state/federal laws requiring a business to safeguard the confidential and personal identifiable information it collects. We are your partner in combating data, privacy and identity theft risks.

 
iDefend Offers Full Identity Theft Protection for the Entire Family
 

Who Needs to be PCI Compliant?

If you accept or process credit cards and have not yet completed your PCI DSS certification, along with your InfoSafe certification we’ll help you get PCI compliant, reach “Safe Harbor” status with the credit card companies, and get it all taken care of at one time.
NOTE: This additional certification is required by Visa, Mastercard, American Express and Discover for any organization that accepts credit cards. If you have already completed your PCI Certification with a qualified ASV or QSA vendor, and have your certificate of PCI DSS compliance, you do not need this additional certification with InfoSafe.

Who Must Be PCI Compliant

Any business who accepts, processes, transmits or stores credit/debit card information, including retail, mail or telephone order, and e-commerce. Fines and deadlines for non-compliance vary depending on the Acquiring Bank and credit card companies you accept.

Penalties and Fines
Up to $10,000 on first violation for not implementing required safeguards. Visa Fraud Control fines of up to $500,000 per incident for any merchant or service provider that is compromised and not compliant at the time of the incident. Fines and penalties vary depending on the acquiring bank and credit card companies you accept.
The security of cardholder data affects everybody.

Your PCI Compliance can easily be taken care in conjunction with your InfoSafe certification. We’ll help you get PCI compliant and reach “Safe Harbor” status with the major credit card companies who are enforcing the credit card security regulations. We get it all taken care of for you at one time – quickly and easily.

When you become InfoSafe Certified, you’ll already meet virtually all requirements for PCI Certification. You won’t have much to do – if anything. We work together with SecurityMetrics, our ASV/QSA certified PCI Compliance partner that ultimately provides you with your PCI Compliance validation and certificate.

To become certified PCI Compliant with credit card companies, in addition to other basic security measures InfoSafe gives you, you’ll need to complete either a full “Site Certification” or a “No Internet Site Certification” depending on whether or not you collect data or process transactions via the internet or on your website.

Don’t worry about details! Your Compliance Specialist with InfoSafe will walk you through the entire process and explain everything to you in easy-to-understand terms. It doesn’t get any easier!

Why PCI Security Matters
The last several years have seen unprecedented assaults on personal and financial data that customers have knowingly or unwittingly entrusted to retailers, e-commerce businesses, banks, service providers and credit card companies.

To help mitigate losses, the payment card industry (PCI) countered the criminal onslaught with its own security initiative that is broader in scope and more specific in its requirements than any measures federal or state government regulation might have imposed. The Payment Card Industry Data Security Standard (PCI-DSS) is a comprehensive security standard that establishes common processes and precautions for handling, processing, storing and transmitting credit card data.

“The security benefits associated with maintaining PCI compliance are vital to the long-term success of all merchants who process card payments. This includes continual identification of threats and vulnerabilities that could potentially impact the organization. Most organizations never fully recover from data breaches because the loss is greater than the data itself.”
— Quick Service Restaurant (QSR) Magazine

Following PCI security standards is just good business. Such standards help ensure healthy and trustworthy payment card transactions for the hundreds of millions of people worldwide that use their cards every day.

Potential Liabilities:

  • Lost confidence, so customers go to other merchants
  • Diminished sales
  • Cost of reissuing new payment cards
  • Fraud losses
  • Higher subsequent costs of compliance
  • Legal costs, settlements and judgments
  • Fines and penalties
  • Termination of ability to accept payment cards
  • Lost jobs (CISO, CIO, CEO and dependent professional positions)
  • Going out of business

Benefits of PCI Compliance

PCI compliance provides merchants with “Safe Harbor” from fees and penalties associated with PCI non-compliance and card data compromise. By staying PCI compliant, you are relatively assured that you are following best security practices to prevent a serious security breach that would result in a serious loss of customer confidence in your business. Consumer confidence with credit/debit cards will help you maximize your sales and other revenue opportunities.

Being PCI compliant shows your customers that your business can be trusted with their credit/debit card information. With skyrocketing credit theft and fraud occurrences in today’s marketplace, preserving consumer confidence is critical.

How to become PCI Compliant

PCI Compliance is easy and can be completed in as few as three simple steps. Site Certification does not require any software installation, software configuration, training or costly maintenance. Compliance may only take a couple of hours to finish, or it may take longer if there are security holes in your computer network you need to close.

Once you have completed the validation process, your business is certified PCI DSS compliant. We’ll notify your merchant bank (credit card processor) that your business is certified compliant, and you’ll receive a printable certificate of compliance to prominently post at your place of business. If you pass the website scan, you’ll may place a PCI compliant certified logo on your site. When customers have confidence in your website, they’re secure in making purchases and ultimately this will help generate additional revenue.

Compliance Support
Our PCI Compliance Support Team with SecurityMetrics offers unlimited technical support, 24 hours a day, 7 days a week.

Annual Renewal: Your PCI certification must be renewed annually. Annual renewal of your PCI certification will guarantee you’re always up to date with current data security standards, and will help you avoid big fines and penalties for non-compliance. For your convenience, we’ll notify you via email or phone when it is time for renewal.

Get Started! Enroll in InfoSafe today.

Protecting yourself and your customers, saving time and money, and getting your business compliant with federal, state and industry regulations is simple and affordable with InfoSafe.

business Buttton

The Technical Safeguards & Services You May Not Know About

Internal Vulnerability Management
Quarterly scans and checkups to verify that your internal computer network devices (servers/wireless networks/LAN routers) and every computer (desktop/laptops) are all locked down and free of malware or other hidden security threats or vulnerabilities that a cyber-criminal can exploit to gain access to private customer or employee information. This is performed manually by certified INVISUS security technicians via remote Internet connection, working together with your current IT staff as needed.

External Vulnerability Management
Regular external IP address penetration tests to discover and report potential security weaknesses and vulnerabilities in your Internet connection(s) and your website(s) that put your organization at risk of a data breach from hackers and cyber-criminals. Where vulnerabilities are discovered, we assist you (working together with your current IT staff as needed) in locking down your Internet connection(s) and your website(s) to ensure you meet minimum regulatory requirements for technical safeguards and information security best practices.

Also Provided as Needed (no additional cost):

Secure Data Disposal Service
Prior to disposal of a computer or hard drive, our tech team will provide secure and permanent deletion of individual electronic records and files or completely wipe all hard drive information according to regulatory requirements and that meets or exceeds DoD/NSA secure destruction standards.

Computer Security Software
If needed, we provide you the necessary business grade security software (firewall/anti-virus/anti-spyware) for each computer in your organization – installed and optimized for you by our expert tech team.

File Encryption Software
If you don’t already encrypt sensitive data, we provide professional-grade file encryption technology that meets or exceeds FIPS/NIST standards for encryption of electronic data. Installed on your organization’s computers to protect both stored and transmitted files and records.

Emergency Computer Security Support
When you are alerted to virus or other malware infections on any of your organizations’ desktop or laptop computers, to prevent further spreading or infection to other computers, we provide immediate on-demand expert help via remote connection for virus, spyware, and other malware removals.

Online Employee Training Center

Because information security and privacy training for all employees is a regulatory requirement, InfoSafe provides you with your own full featured, fully hosted and managed online training center account to easily deliver and manage the required ongoing information security, privacy, and regulatory compliance training for all of your employees, new hires, and temporary workers.

The training center also includes a complete catalog of additional low cost, engaging, and interactive privacy, information security, and compliance training courses available 24/7 for your internal compliance administrator, managers, and employees.

Program Features

With InfoSafe, you’ve got a personal team of experts to help guide and manage your compliance with federal, state and industry data security regulations for protecting your customer and employee personal information against identity theft and fraud.

InfoSafe Certification:
Being InfoSafe Certified gives you critical third party validation and certification that your business meets or exceeds the minimum recommended standards and best practices for protecting your customer and employee personal information against identity theft and information compromise.

InfoSafe Certification is a “seal of approval” to show your customers that your company/organization is a safe place to do business. It demonstrates your commitment to doing business the right way, with a genuine commitment to customer privacy, safety and trust.

Your business can become InfoSafe Certified by enrolling in the InfoSafe program and working with your InfoSafe team to implement and maintain the necessary administrative, physical and technical safeguards in accordance with the compliance requirements of virtually all major federal, state and industry regulations including HIPAA / HITECH, GLBA, Red Flags Rule, FACTA, PCI, state data breach protection laws, and more.

business Buttton

Security and Policy Information You Did Not Know You Needed

Compliance Administration
We help you designate a compliance administrator in your organization (or work with your current compliance administrator) and provide them with everything needed to properly manage your organization’s compliance with all applicable information security and privacy regulations. This includes complete administrator training, employee information security handbook including your employee security/privacy agreements, and ongoing regular compliance updates as applicable laws and best practices change.

Information Security Policy
A comprehensive Information Security Policy (including related employee, management, and vendor forms) fully customized and prepared for your business. Includes all the technical, administrative and physical security policies for your business to properly protect customer and employee information and establish compliance with state and federal laws and regulatory requirements.

Privacy Notice
A personalized information Privacy Notice to provide to your customers in print and online – detailing the types of information you collect, how you use it, and how you protect it.

Other Policies (as required)
Other more specific information security and privacy policies are also provided should your business be required to have them, including a Red Flags Rule policy, Address Discrepancies Rule policy, and other vertical market specific policies.

Policy Updates
As your business changes, and as information security and privacy regulations change, our compliance team makes sure your Information Security Policy and other policies are updated and kept current.

passwordButtton

 

Laws & Regulations You Should Follow

Businesses and organizations bear the biggest liability and the greatest monetary damage from identity theft and fraud. If you collect, use, transmit, or store information about your customers or members, you must comply with these laws and regulations.

While not every law or regulation is applicable to every business, every business must meet minimum standards of information security, or face steep fines, penalties and even civil action against them in the event customer, vendor or employee information is leaked, lost or stolen.

InfoSafe is the leading information security compliance and certification program, helping businesses to meet these requirements and best practices in a single overall, easy to implement, and affordable compliance program.

Becoming InfoSafe Certified means your business meets or exceeds the minimum recommended standards and requirements for protecting your customer’s and employee’s personal information against identity theft and fraud. It also shows your commitment to doing business the right way, with a genuine commitment to privacy, safety and trust.

Given that virtually all companies are subject to several law’s requirements and penalties, it is critical that you immediately move toward compliance. Those that choose not to implement the necessary technical and administrative safeguards are placing their customers, employees and themselves at significant risk.

InfoSafe Certification:
You become InfoSafe Certified by enrolling in the InfoSafe program and working with your InfoSafe team to implement and then maintain the necessary administrative, physical and technical safeguards required for compliance with virtually all major federal, state and industry regulations including:

  • Red Flags Rule
  • PCI Compliance
  • HIPAA / HITECH
  • Graham Leach Bliley Act (GLBA)
  • State data breach protection laws

InfoSafe Certification signifies a company’s genuine commitment to protecting their customer and employee private information against identity theft and fraud. Consumers can work, play and shop with confidence with businesses that rely on InfoSafe information privacy and security services.

Here is a brief overview of major laws and regulations every business owner must know.

Red Flag Rules
Under the Red Flags Rule, certain businesses and organizations are required to spot and heed the red flags that can often be telltale signs of identity theft. To comply with the new Red Flags Rule you must develop a written “red flags program” to prevent, detect, and minimize the damage from identity theft.

Applies to: Anyone who arranges for or extends credit or payment terms, or who provides products or services and bills or invoices the customer.

Penalties, Fines: Up to $3,500 per violation, plus attorneys fees. FTC can seek both monetary civil penalties and injunctive relief for violations. Allows consumers the right to recover actual damages.

PCI Compliance

The Payment Card Industry (PCI) Data Security Standards (DSS) is a set of comprehensive requirements for protecting card and cardholder information against theft and fraud.
PCI compliance is a multifaceted security standard that includes specific requirements for protection of cardholder data, implementation of a vulnerability management program, regular security testing, access control measures, and maintaining an information security policy.

Applies to: Anyone who accepts, processes, transmits or stores credit/debit card information, including retail, mail/telephone order, and e-Commerce.

Penalties, Fines: Up to $10,000 on first violation for not implementing required safeguards. Visa Fraud Control fines of up to $500,000 per incident for any merchant or service provider that is compromised and not compliant at the time of the incident. Fines and penalties vary depending on the acquiring bank and credit card companies you accept.

Graham Leach Bliley Act (GLBA)

The Graham Leach Bliley Act (aka The Financial Modernization Act of 1999), requires businesses and organizations to protect consumers’ personal financial related information. Provisions of this law require implementation of privacy policies and notices under the FTC’s Privacy Rule, plus formalized security plans and adequate information safeguards under the FTC’s Safeguard Rule. The law also includes provisions for criminal negligence. Since most personal financial information is computerized, proper data security is a major part of GLBA compliance.

GLBA gives authority to eight federal agencies and every state to enforce the privacy and safeguards rules outlined in this law.

Applies to: A broad list of “financial institutions”, loosely defined as anyone in financial services or products in any way, such as banks, insurance agents/firms, securities firms, lenders of any type, loan brokers or servicers, financial planners, accountants, tax preparers, real estate professionals, credit counselors, debt collectors, money transfer agents, and many more.

Penalties, Fines: Up to $100,000 for each violation. Owners and officers personally liable up to $10,000 per violation. Severe civil and criminal penalties for fraud and negligence, including fines and even imprisonment.

Health Insurance Portability and Accountability Act (HIPAA)

Under HIPAA, all organizations that record, maintain, or transmit personal health information are required to ensure that all patient information is kept confidential, secure, and readily available. HIPAA requires patient medical records and other protected health information be kept private and confidential.

Applies to: All types of healthcare related organizations such as doctors, clinics, dentists, psychologists, chiropractors, nursing homes, pharmacies, and more. Also includes health insurance companies and businesses that support healthcare organizations – such as online backup providers, billing agencies and organizations that support Internet based health services.

Penalties, Fines: The penalties for non-compliance range from a minimum of $100 per violation to a maximum of $1.5 million per year. Possible criminal negligence and fraud prosecution, up to 10 years in prison.

State Laws

Virtually every state has laws requiring businesses to implement proper technical and administrative safeguards to protect customer information against identity theft and fraud.

States are becoming increasingly aggressive at requiring specific practices and safeguards such as having a documented security plan, regular vulnerability risk assessments, updated and monitored computer security systems, data encryption, and most commonly, an incident response plan to notify customers of a breach and to remedy the situation.

Many state laws focus upon “insider threat” from employee misuse of personal information by requiring businesses to develop and implement data protection policies, employee awareness training, ongoing compliance monitoring, and disciplinary standards for willful privacy violations.

State laws are also interstate laws. Businesses with customers in other states must not only comply with their own state laws, they must also comply with state information security and security breach notification laws where any customers reside.

Applies to: Any business or organization, small or large, that gathers, licenses, transmits, or stores any form of personal information about their customers including name, social security number, credit card information, drivers license numbers, account numbers, birth dates, health information, financial information, and more.

Penalties, Fines: $500 to $5,000 fines per customer record lost or stolen – depending on the state. Civil penalties up to $500,000 are applicable in most states for failures to safeguard personal data, properly dispose of such data, and to provide adequate privacy protections. Reckless or negligent disclosure of customer or employee personal information generally results in criminal penalties with severe fines and 1 to 3 years jail time.

business Buttton

6 Tips to Protect Your Business from Cyber Criminals

For once, big businesses and small businesses are on a level playing field. Unfortunately that level field is: being attacked by Cyber Criminals. Don’t make the assumption that only major companies like JP Morgan and Home Depot are the only ones getting cyber attacked these days.

Truth be told many of the cyber attacks being done on businesses are against medium and small businesses. The fact of the matter is that major juggernauts like Citibank and Coca Cola have millions of dollars they can invest in protecting themselves against cyber criminals. So where does that leave you?

Small Business Owner Sitting in Front of Her Shop

Who’s after me and why?

Before you start running around looking for the solution to this problem you need to be made aware of whom the major players are in this underground criminal world. First off you have the:

  • Programmers: This sneaky lot is behind the virus that infects a businesses’ computer network.
  • Carders: Carders specialize in selling stolen credit and debit card data. Carders have been known to transfer a person’s data onto blank cards and then selling them to the biggest bidder or using the cards themselves.
  • Hackers: There’s is nothing a hacker loves more than breaking into a company’s PC network through their vulnerabilities.
  • Social engineers: Through their creative means Social Engineers trick people into handing over sensitive and private information, visiting websites and downloading malicious viruses.
  • Rogue systems providers: You can call these the middle man. A rogue system provider provides servers to cyber thieves.

So what is a small business owner like me to do?

Now that you know who is out there you may want to start to consider looking for some professional help. The guys over at Identity Defenders are more than qualified to help. With their many years of experience and their wide range of services Identity Defenders have been providing their customers with piece of mind.

For you other folks who are still on the fence about professional Identity Theft protection we would like to offer up this list of steps you can take to improve your businesses online security.

Step 1: Encrypt your data

Anytime you are storing data, or as other like to call it, when data is at rest (data that is not being transmitted over the internet) you want to make sure it is encrypted. Think of encrypting as coding your data. Only you and people who have access (the decoder ring!) can decipher and use it.

Step 2: Secure your hardware

Although we are talking about cyber criminals one of our recommendations is that you soup up your businesses physical security. Alarms, cameras, computer locks, these are all useful items to keep you from being cyber attacked. A stolen business server, computer or cell phone can bring havoc to your business.

Step 3: Lock your network

When you leave your office for the day you roll down the gate and lock the doors, correct? So why would it be any different for your network? Leaving an unlocked network is just asking for trouble. Once an unlocked Wi-Fi hot spot is found, crooks are as good as in the company’s front door. To protect yourself against this make sure to give your network a password or use a wired network. A wired network is more secure. Hackers would need to plug into physical outlets or hack modem ports to gain entry.

Step 4: Install anti-malware and anti-virus protection

Malware has been known to install code that runs in the background of your computers, these codes can capture keystrokes and login information; which in turn are sent to hackers. Keeping up to date anti-malware and anti-virus software installed will better your chances of not downloading a nasty bit of code.

Step 5: Educate your employees

Keep your employees informed on any new software addition to your systems. The fact of the matter is your employees will most likely be logged into the network more than you will. They too should keep an eye out and follow your guidelines to ensure that your network is not compromised.

Step 6: Hire security

Nothing beats an extra pair of trained eyes. Companies like Identity Defenders can provide you and your company with the privacy it needs. Your odds of deflecting an attack greatly improve with us by your side. For more information on how we can help your business stay secure, contact us today!

passwordButtton

Who Must Comply and The Risks

Do you have customers, vendors or employees?

If you do, not only do you have an extra responsibility to do what you can to fight identity theft and consumer fraud, you have no choice because it’s the law.

Becoming InfoSafe Certified means your business meets or exceeds the minimum recommended standards and requirements for protecting your customer’s and employee’s personal information against identity theft and fraud. It also shows your commitment to doing business the right way, with a genuine commitment to privacy, safety and trust.

The following 8 questions will help you determine whether you must comply with one or more of the information security regulations. Does your business:Continue reading

Real Businesses. Real Stories. Real Fraud.

Real businesses like yours become victims of business identity theft every day. The damages and consequences are breath-taking. Check out the stories and reports below, and hope it doesn’t happen to you!

Symantec Internet Security Threats 2015
Cyberattacks on businesses are increasing and, although it’s the data breaches at corporate giants like Target and Home Depot that make the news, small and medium-size organizations are more frequent victims. In 2014, 60 percent of all targeted attacks struck small and medium-size organizations, according to Symantec. The cost of cyberattacks is high, averaging $217 per record that was subject to theft, misuse or corruption, according to a 2015 Ponemon Institute study.

Tax Fraud
Fraudsters create over 100 fake W-2 forms

The owner of Seagate Foods, which operates Captain D’s seafood restaurants in metro Atlanta, notified authorities that someone apparently had gotten hold of his company’s taxpayer identification number, Roswell police said. The fraudsters created more than 100 fake W-2 forms to report in excess of $4 million in nonexistent salaries to state and federal agencies, authorities said. It likely was a scheme to collect fraudulent tax refunds, they said. In the end, Seagate was left owing more than $800,000 in payroll taxes.

http://www.ajc.com/news/news/local/id-theft-stings-captain-ds-franchisee/nQRqz/

Fraudulent Business Registrations
A Business Opens Up in another State

Greg Glazner owned a business in the 1980s, which he dissolved in 2009. Then a large retailer called him asking questions… According to Greg, “Somebody had gone into the Colorado Secretary of State’s website, reinstated the business then opened it up in another state, listing me as an officer of the company and proceeded to try to open credit accounts.”
http://archive.9news.com/money/story.aspx?storyid=157648

Fraudulent Asset Sale
Office Building Secretly Sold

A small business owner received a phone call about an unpaid electricity bill for one of his office buildings. The owner discovered he never received the bill because the building had been sold without his knowledge. A fraudster had falsified the company minutes, made himself the new CEO, and sold the building to an accomplice – walking off with the proceeds of the sale.
http://www.theglobeandmail.com/report-on-business/small-business/start/legal/identity-theft-strikes-small-businesses/article1433204/

Fraudulent Business Registrations
200+ Companies Fall Victim in Georgia

A man and his group of over 100 people are believed to have misused the identities of about 3,900 individuals and businesses to have orchestrated more than $5 million in fraudulent transactions. Another case involves an individual who is believed to have stolen and used the identities of 149 individuals and about 200 companies to make fraudulent transactions totaling more than $1.2 million. Both individuals took advantage of business registration system at the Georgia Secretary of State’s office to forge corporate identities and used them to obtain bank loans and lines of credit.
http://www.computerworld.com/article/2519493/data-privacy/corporate-id-theft-hits-georgia-businesses.html

Wire Transfer Fraud
$45,640 sent to Russia

Fraudsters struck JM Test Systems, an electronics calibration company. On Feb. 19, an unauthorized wire transfer of $45,640 was sent from JM Test’s account to a bank in Russia. The company’s bank subsequently provided the company with new credentials, but less than a week later, $51,550 of JM Test’s money was transferred to five money mules across the country. The company was able to recover only $7,200 of the stolen money.

Business Bank Account Hijacking
$1.2 Million Stolen in 30 Minutes

Cyber-crooks stole $1.2 million from Unique Industrial Product Co., a Texas plumbing equipment supply company. Attackers used malware planted on company computers to initiate 43 transfers out of the company’s account within 30 minutes.

http://www.washingtonpost.com/wp-dyn/content/article/2009/08/24/AR2009082402272.html

Business Bank Account Hijacking
Banks Stop Only 22% of Fraudulent Money Transfers

56% of businesses experienced fraud in the past 12 months. Of those, 61% were victimized more than once. 75% percent of the business victims experienced online account takeover and/or online fraud.

In 78% of the reported fraud cases, banks failed to catch the fraud before funds were transferred out of the business’ account. Banks were able to keep money from leaving the bank in 22% of the cases and fully recover fraudulently transferred funds for only 10% of businesses.

Banks were unable to recover funds in 68% of cases. Banks took the losses in 37% of cases by reimbursing businesses for unrecovered funds; while businesses took losses in 60% of cases.

Type of Crime:– Wire Transfer Fraud
Full Article: Ponemon Institute – “2011 Business Banking Trust Study”

Fraudulent Customer Order
Seafood Company Ships $500k Order to Fraudster

A seafood company received an order for $500,000 worth of goods. After completing a credit check, the company shipped the order and billed the customer. The “real” business customer responded that it had never placed nor received the order – the business’ credit information and a different address had been supplied by a fraudster.
http://www.theglobeandmail.com/report-on-business/small-business/start/legal/identity-theft-strikes-small-businesses/article1433204/

Fraudulent Business Registrations
A 10-year-old Denver firm that buries communications lines was victimized
shortly after its annual registration was renewed in January. The owner learned of the theft when he contacted Dun & Bradstreet to ensure an address change was recorded properly. That’s when he learned of a new registered agent and address — an Aurora mail drop that was set up to forward everything to California. The thieves had changed key information about the company on Dun & Bradstreet’s database, including increasing the number of employees from 15 to 150, and increasing the company’s annual revenues by a factor of 10. “I asked Dun & Bradstreet how they checked the information, and they said the secretary of state. In just a few seconds, 10 years of hard work was going down the drain. I was terrified.”

http://www.denverpost.com/business/ci_16149416

Online Impersonation
Small Biz Owner Dragged Into “Job Seeker” ID Theft Scam

In Florida, a small business owner was flooded with calls from job seekers responding to a want ad on the company’s website. Only problem was, the company wasn’t hiring and had no ads posted. According to the Orlando Sentinel, What the firm eventually found was the Internet trail of a global identity-theft scheme that uses stolen corporate information to try to scam hundreds of thousands of job seekers. The complex con uses bogus websites, bulk e-mails, fake job applications, and bank fraud to steal people’s money and personal data.
http://www.itbusinessedge.com/cm/blogs/poremba/corporate-identity-theft-on-the-rise/?cs=43451

FBI Fraud Alert: Fraudulent Wire Transfers to China
Victims tend to be small-to-medium sized businesses and public institutions that have accounts at local community banks and credit unions, some of which use third-party service providers for online banking services. Unauthorized wire transfers range from $50,000 to $985,000, but the malicious actors have been more successful in receiving the funds when the unauthorized wire transfers were under $500,000. Domestic ACH and wire transfers ranging from $200 to $200,000 were also sent to money mules in the United States within minutes of conducting overseas transfers. In just 20 separate incidents, the actual losses to victimized companies totaled $11 million. http://www.ic3.gov/media/2011/ChinaWireTransferFraudAlert.pdf

business Buttton

Business Have Less Fraud Protection. What Does That Mean?

Business entities do not benefit from the same levels of protection against fraud and identity theft as individuals. If a thief steals money from your business bank account, uses your business credit cards or other lines of credit fraudulently, or otherwise hijacks your identity information to commit fraud – you have limited rights and protection for your business.

Because of this, a crime committed against your business can have devastating financial consequences for you personally.

Businesses have less fraud protections and shorter reporting times
Business / commercial bank accounts are covered by the Uniform Commercial Code (UCC). Under the UCC, businesses have shorter reporting timelines, less protections, and higher liability for fraud than consumer banking accounts. Individual banks can also shorten the reporting timelines even further through variations of their commercial banking agreements. Your bank’s own policies can have a significant impact on your business’ liability for fraudulent withdrawals, transfers, and transactions.

A business is not a “person” (or “victim”)
Only a few states have expanded their current identity theft protection laws to include a business entity as a potential identity theft victim. This can impair a victimized business’ rights under state law and makes it significantly more difficult for a business to dispute and resolve many forms of identity fraud.

Business transactions on personal cards – excluded from “zero Liability”
Typically, banks and credit card companies provide customers with “zero fraud liability” protection – meaning they’ll pretty much cover the costs of fraudulent charges to your credit card should a thief steal and use your card. Unfortunately, this protection generally does not apply to business purchases.

Most financial institutions and major card issuers specifically exclude business related transactions done with personal cards from their zero fraud liability programs. Unfortunately, most small business owners routinely use their personal credit and debit cards for business transactions.

Identity theft services and liability insurance – exclude businesses
Even if you currently have a personal identity theft protection service, or an “insurance” policy, your business is still at risk. Check the fine print of your policy or your current service provider’s terms of service and you are likely to see that your business is specifically excluded.

business Buttton