While the overwhelming majority of identity theft schemes take advantage of personal identification, businesses and organizations are also increasingly vulnerable, according to a report in BusinessWeek.
Small and midsize companies can be tempting targets for criminals looking to exploit extensive credit lines, cash reserves, and business relationships.
Given this exposure, California has led the way in offering identity rights to organizations. In 2006 the state legislature expanded the definition of "person" in identity theft cases to include associations, organizations, partnerships, businesses, trusts, companies, and corporations. The bill, authored by former Assemblyman Ron Calderon, also includes logos and "photographic representation" as legitimate personal identifying information.
The bill was supported by the state attorney general, the California Small Business Association, California State Sheriffs' Association, California Manufacturers & Technology Association and California Medical Association, among others. Both the House and Senate voted unanimously to pass Calderon's amendment. Calderon, now a senator, told BusinessWeek the issue came to a head after the California District Attorney Association and the state's attorney general complained that it was difficult to prosecute business identity theft cases. Since amending the law, Calderon said the frequency of such theft has dropped. "As a deterrent, I'm sure it's working," he says.
In addition, California's Anti-Phishing Act of 2005 made it illegal to use the Internet to "solicit, request, or take any action to induce another person to provide identifying information by representing itself to be a business without the authority or approval of the business," a defense against the uptick in identity theft schemes.
From 2004 to 2008, the percentage of Americans who said they received what appeared to be a phishing attempt jumped from 40 percent to 80 percent, according to Gartner Inc. (IT), a Stamford, CT-based information technology research firm. While almost 120 million Internet users reported being solicited, only 300,000 lodged complaints in 2008 with the Federal Trade Commission (FTC), the agency charged with keeping track. Since 1999, the FTC has logged 2 million complaints—less than a quarter of the total number of victims estimated by Betsy Broder, assistant director of the FTC's division of privacy and identity protection. This "crime of substantial proportions," Broder told BusinessWeek, spurred the creation of a federal task force in 2006, consumer hot lines, and a new database to track identity theft.
Without the type of IT security measures larger companies employ, smaller businesses and organizations needed the additional legal protection, California advocates say. As individuals, small-business owners are 25 percent more likely to be victims of identity theft, according to recent studies by Javelin Strategy & Research, a Pleasanton, CA, firm that focuses on financial services. With typically larger lines of credit, business owners are often hit for larger amounts than the average fraud victim and spend more time resolving the issue.