Identity theft is a pervasive problem that has been exacerbated during the COVID-19 pandemic. Nearly 50 million Americans were victims of identity theft or fraud in 2020, resulting in combined damages of $56 billion. Digital identity theft attempts increased recently as well, as scammers have tried to leverage the pandemic for personal gain. Common COVID-19-related scams include phishing links to fraudulent e-commerce sites for safety supplies, fraudulent investment sites, and fake health organizations or government websites.
Businesses can also be victims of identity theft. Instances of business identity theft have also increased during the pandemic, especially where scammers have attempted to take out fraudulent loans with another business' information via government-issued COVID-19 relief.
The Economic Injury Disaster Loan Program
Introduced by the Trump administration, the COVID-19 Economic Injury Disaster Loan (EIDL) program provides loans to businesses that have been impacted by COVID-19-related lockdowns. The program, operated by the Small Business Administration (SBA), originally allowed business owners to apply for as much as $500,000 in relief, but that figure has since been quadrupled to $2 million as many sectors continue to be disproportionately affected by the pandemic. Loans are offered at a 30-year term and can be used for normal operating expenses and to cover business debt payments. The program was expected to expire on December 31, 2021.
While the EIDL program has helped many small business owners, it has also been the source of rampant fraud and identity theft. In August 2021 the SBA reported that it had received 1.2 million loan identity theft complaints via the program. In a November 2021 article for Forbes, entrepreneur Gerri Detweiler noted he found out he was targeted by noticing the SBA ODA (Office of Disaster Assistance) inquiry on his personal Experian credit report despite not having applied for a loan.
Because SBA EIDL loan approvals don't show up on business credit reports, it can be difficult to notice and rectify fraudulent loans. Moreover, the onus is on the victim to correct this mistake and ensure it doesn't negatively affect their credit. Victims need to send the SBA a copy of a Federal Trade Commission Identity Theft Report, a government-issued ID, and a signed Declaration of Identity Theft.
On the Rise before COVID-19
Business identity theft was already on the rise before COVID-19. Dun & Bradstreet’s High Risk and Fraud Insight team reported an increase of more than 100 percent of business identity theft in 2019.
Similarly, the National Cybersecurity Society has noticed regular year-over-year increases in instances of business identity theft. In its 2018 Business Identity Theft in the US Report, it notes the IRS reported 10,000 cases in 2017, up from only 4,000 the year prior. These included fraudulent tax returns to include filings for estates, trusts, and partnerships.
How to Prevent Business ID Theft
It's not feasible to protect against business identity theft completely, but business owners can do several things to mitigate the negative consequences. For instance, you can monitor your business and personal credit reports regularly and search for suspicious activity that might be a sign of fraud. Be sure to check each of the three major credit reporting agencies (TransUnion, Equifax, and Experian), as they rarely share information.
Business owners should also regularly check state business filings to make sure bad actors didn't gain access and make changes to the business address. This is easier in some states than in others. Once any suspicious activity has been detected, you should file a police report and place a fraud alert on your personal credit.
As a proactive measure, be wary of all emails and phone calls that ask for personal information or contain suspicious links. A padlock symbol in the URL bar suggests a website is safe and secure.
There are also relatively inexpensive “cyber security” liability insurance policies available today, as part of your business property and casualty package, so ask your P&C insurance expert about this important new coverage.
ID Theft Protection as an Employee Benefit
Because of the prevalence of identity theft and the amount of time and attention it can take to recover, many businesses offer their employees ID theft protection and insurance. Allstate, for instance, provides ID and privacy protection to roughly one-third of Fortune 500 companies. According to Aite Group, losses resulting from personal identity theft increased 42 percent to $712.4 billion in 2020.
"A person can spend over 100 hours . . . resolving ID theft on their own without any help," notes Dan Manea, senior vice president and chief human resources officer at Insulet, a medical devices company that began offering the benefit five years ago. "Most of the work is handled during traditional business hours, which can significantly impact employee productivity."
Insulet employees receive support from cybersecurity professionals in resolving identity theft cases and can be financially compensated in the event they are scammed out of money. The benefit is free to eligible employees and can also cover family members at a group-discounted fee. Kidder Matthews provides a similar benefit in addition to identity theft protection through Dark Web Monitoring and ID Watchdog.
Legal Shield of Oklahoma had a top notch Identity Theft Protection and Restoration service called Identity Shield, which can be offered as an inexpensive group benefit, and which has the distinction of being the only ID theft protection service available that offers licensed professional investigators ( through the use of a limited power of attorney) to fight your battles and which guarantees to return your identity to pre-breach status regardless of what they have to spend in order to do it. Having a professional restore your identity for a few dollars per pay period, in addition to the typical monitoring and alerts, is a great and underutilized group benefit these days.