Businesses sometimes adopt a head-in-the-sand attitude when it comes to identity theft.

That's good news for thieves. By stealing the average consumer's credit card data, a thief can run up a sizeable bill at a department store or online auction. But if the crook absconds with corporate files, a treasure trove of sensitive information (from vendors, customers, and employees) can be his for the taking.

Say you operate a local video store. In the process of signing up new members, you collect sensitive information such as credit card numbers and home addresses. One night a tech-savvy thief breaks in and steals the store's computers, thereby gaining access to all customer data you've collected. When the spending spree begins (and it will) and your customers learn of this security breach (and they will), your business reputation is headed for a nose dive.

Or there's the scam (often called the "bust-out") in which a crook rents space in the same building as your business. Using your company name, he or she applies for a corporate credit card. When the card issuer reviews the address, it checks out. So the corporate credit line is approved and the thief goes shopping — on your dime. Consider also that corporate accounts often maintain higher credit limits than those offered to consumers and large purchases may be commonplace, raising fewer "red flags."

To reduce the risk of identity theft at your company, consider the following:

  • If you don't need it, don't collect it. The more sensitive information that's sitting in your filing cabinets or on your computer, the more risk you run. So don't ask for a customer's social security number and home address if all you really need is a name and phone number.
  • Limit access. Staff should only be allowed to view information that's needed for their particular duties. The maintenance guy probably doesn't need to know about client health records. Perhaps the receptionist can remain ignorant about supplier identification numbers.
  • Who's asking? Thieves often get sensitive information from eager-to-help staff who fall for believable stories. "Miss, my mother is in the hospital and she really needs this information for proof of insurance." When you or your staff get a seemingly legitimate request, be sure to follow up. Call the hospital directly before sharing information.

Identity theft is not just a problem for your clients; it's a business threat as well.


Client Resources

Client Tips