For decades, a loophole that a truck could barrel through has existed in America’s system for registering businesses. But until Internet use became widespread it didn’t endanger business.
Now? Businesses of all stripes are vulnerable to being hijacked because of these arcane laws.
Join me on a trip down memory lane to learn how state governments created the legal environment in which identity thieves now thrive.
In the beginning
When the United States was founded on July 4, 1776, our forefathers constructed our fledgling government on the principals of federalism. As you might remember from your elementary civics class, federalism is a form of government in which power is divided between a national government and other governmental units – that is, in our case, the states.
At some point – when is really irrelevant – it was decided that the states, and not the federal government, would be responsible for the registering of businesses. That means each state was free to develop their own rules for how they wanted to register businesses operating within their borders.
But, because the powers that be didn’t want to restrict commerce to individual states, rules also had to be implemented that allowed a business established in one state to operate in another with minimal restriction.
Over time, the states developed the system we have today, in which you can register a business in Delaware but headquarter that enterprise in California. Most businesspeople, I think it’s fair to say, would tell you the system works well.
But the system has baked right into it one glaring flaw.
No discretionary power
Every state has a government agency specifically responsible for processing business registration documents. These documents include the articles of incorporation you file when you first establish your business as well as the annual filings you have to make in order to keep your business active and in good standing.
In most states, this task is handled by the Secretary of State – but not all. It might be handled by your state’s Division of Corporations or the Corporation Commission.
Whatever the agency’s name, in most cases state authorities assumed from the very beginning that these agencies’ sole purpose was going to be a ministerial function – that is, ensuring that forms were filled out correctly and that filings were properly organized and stored.
As such, when the states established these agencies they granted them extremely limited powers. The power to confirm that a form was filled out correctly. The power to organize the filings and store them in big filing cabinets. That’s it.
Notably, the vast majority of states did not give these agencies any discretionary power to confirm the accuracy or legitimacy of the filings presented to them. They simply have the power to see if the forms are properly filled in. If they are, the agencies have to accept them and make them official records, with no questions asked.
This is the crux of the business identity theft problem we have today.
The information age
Before the Internet, filing business records with the state was a pain. You had to track down the proper forms and then submit the filings by mail or drive to your state capital and deliver the paperwork in person.
It was time consuming and onerous. The chances of someone intentionally filing a fraudulent document with the state were slim. That’s why the agencies were given such limited powers to begin with. In an analog, paper work, who could imagine a criminal investing the time and effort to file the paperwork necessary to hijack a business?
All that changed, of course, with the Internet. To make the lives of businesspeople easier, state agencies posted their forms online. They posted massive databases of all the registered businesses in their state. And, most critically, they made it so businesses could easily and quickly file their paperwork online.
Now, with just a few mouse clicks, you can file the paperwork necessary to establish a business or update its status – or change its address or managing members. What’s more, thanks to those databases, you can look up the identifying information of literally any and every business in a given state.
In short, these state websites designed to make the lives of businesspeople easier have made in truth made it incredibly simple for criminals to research companies and then take them over.
Yes, it’s true that most of these websites include online disclaimers that require filers to affirm that they have the authorization to make changes to a given business or else face criminal charges of perjury. But these warnings are easily ignored. In many cases, they’re just a pop up you can dismiss with a simple click of an “OK” button.
In practice, the state’s offer no real barrier against the filing of fraudulent business documents.
How criminals exploit this environment
So, how do criminals use this regulatory framework to do their dirty work? It’s amazingly simple.
First, identity thieves research a targeted business online, most likely using the state’s website and a search engine or two.
Then, they file a fraudulent business document with the state, typically changing the targeted business’ address and/or managing members or officers. Within a few minutes, the state agency accepts the filing and, poof, the thieves now have an official government document stating that they control your business or that your business is based at their address.
When identity thieves employ this scheme, they’re counting on the legitimate owners of the business not to notice that their information has been changed with the government. That’s why Company Alarm’s 24-hour monitoring is so crucial: It lets you know immediately when your business has been hijacked.
Ralph Gagliardi, Company Alarm’s advisor from the world of law enforcement, has seen business owners go weeks or even months before they discover their company has been stolen. By then, identity thieves have had plenty of time to do lasting damage to your business.
Company Alarm prevents that from happening.
Company Alarm is dedicated to helping business owners protect what they have worked so hard to build. Our monitoring software is designed to prevent cybercriminals from exploiting loopholes to hijack your company and assets. To learn more about this low-cost, value-added protection, click here.