It seems that some so-called “businesses” are using an EIN as a facade for illegal activity…and insufficient identity assurance is preventing the fraudsters from being caught.
Obtaining Employer Identification Numbers to commit tax fraud
What is an EIN? In the same way that U.S. citizens have Social Security Numbers, U.S. businesses have Employer Identification Numbers. It’s not a rigorous process to get an EIN; heck, Bredemarket has one.
But maybe it needs to be a little more rigorous, according to TIGTA.
“EINs are targeted and used by unscrupulous individuals to commit fraud. In July 2021, we reported that there were hundreds of potentially fraudulent claims for employer tax credits….Further, in April 2024, our Office of Investigations announced that it helped prevent $3.5 billion from potentially being paid to fraudsters. Our special agents identified a scheme where individuals obtained an EIN for the sole purpose of filing business tax returns to improperly claim pandemic-related tax credits.”
Yes, that’s $3.5 billion with a B. That’s a lot of fraud.
Perhaps the pandemic has come and gone, but the temptation to file fraudulent business tax returns with an improperly-obtained EIN continues.
Facade.
Enter the Identity Assurance Level
So how does the Internal Revenue Service (IRS) gatekeep the assignment of EINs?
By specifying an Identity Assurance Level (IAL) before assigning an EIN.
Specifically, Identity Assurance Level 1.
“In December 2024, the IRS completed the annual reassessment of the Mod IEIN system. The IRS rated the identity proofing and authentication requirements at Level 1 (the same level as the initial assessment in January 2020).”
IAL1 doesn’t “assure” anything…except continued tax fraud
If you’ve read the Bredemarket blog or other biometric publications, you know that IAL1 is, if I may use a technical term, a “nothingburger.” The National Institute of Standards and Technology (NIST) says this about IAL1:
“There is no requirement to link the applicant to a specific real-life identity. Any attributes provided in conjunction with the subject’s activities are self-asserted or should be treated as self-asserted (including attributes a CSP asserts to an RP). Self-asserted attributes are neither validated nor verified.”
If that isn’t a shady way to identity a business, I don’t know what is.
But I agree with TIGTA’s assertion that Identity Assurance Level 2, with actual evidence of the real-world identity, should be the minimum.
Does your firm offer an IAL2/IAL3 product?
And if your identity/biometric firm offers a product that conforms to IAL2 or IAL3, and you need assistance creating product marketing content, talk to Bredemarket.
I recently cited my 30 years of experience in selling to governments by using the acronym B2G (business to government). This confused the person I was talking to, who had heard of B2B (business to business) but not B2G.
By the same token, you have KYB (know your business) and KYG (know your government).
Two recent incidents in Southern California indicate that some of us are pretty bad at KYG.
El Pendón Estrellado
In case you haven’t been paying attention to the news, a lot of people in Southern California and elsewhere are talking about a portion of the Department of Homeland Security called Immigration and Customs Enforcement (ICE).
I won’t get into the details about why people are paying attention to ICE right now, but let’s just say that when ICE shows up, a crowd gathers.
And that’s what happened at Dodger Stadium this morning when some white vans showed up at the Dodger Stadium parking lot. The Dodgers stated that ICE agents came to Dodger Stadium and that the Dodgers denied them access.
Except that it apparently wasn’t ICE, but Customs and Border Protection, another part of the Department of Homeland Security.
“‘This had nothing to do with the Dodgers. CBP vehicles were in the stadium parking lot very briefly, unrelated to any operation or enforcement,’ Assistant Secretary Tricia McLaughlin said in a statement.”
But it isn’t just people in Chavez Ravine that assume that white van equals ICE. Take my county, San Bernardino County. Or as former county resident Frank Zappa put it, San Ber’dino.
[The] department is sending a message to the community following two incidents involving white department vehicles that it says were “targeted” after being mistaken for Immigration and Customs Enforcement units.
“All white vehicles are NOT ICE,” read Thursday’s post on the San Bernardino County Sheriff’s X account….
“We have had two incidents of our sheriff’s department personnel targeted while driving our unmarked units and in one case they were run off the road,” the post reads.
With so many agencies providing law enforcement and homeland security services, it’s understandable that some people could get confused about exactly which agency is at their door. ICE? CBP? The San Bernardino County Sheriff’s Department (SBCSD)?
So if you’re not careful, the white van that you block may not be trying to send people to El Salvador, but instead may be trying to deliver your Amazon shipment.
Jobseekers need to know their potential employer when something about a job opportunity doesn’t feel right. And there are ways to do that.
Trusting the person who says to trust your gut
I’ve previously talked about how common sense can minimize the chances of being fooled by a deepfake.
But common sense can help prevent other types of fraud such as employment fraud, as noted by Rachel Lund, chief risk officer with Sandia Area Federal Credit Union.
“Trust your gut- if it feels off, it probably is.”
But can we trust Lund?
Using search engines for employment fraud scam research
Let’s look at another tip of hers:
“Research the company: Google “[Company Name] + Scam” and see if anything comes up.”
Although you can use Bing. Google isn’t the only search engine out there.
So I entered “Sandia Area Federal Credit Union Scam” into Bing…and found out about its warnings about scams.
From Microsoft.
As far as Bing is concerned, Scandia Area Federal Credit Union is not a scammer itself.
But Bing (and Google) are old fashioned dinosaurs.
Using generative AI for employment fraud scam research
So I clicked on the tab for Copilot results. (ChatGPT isn’t the only generative AI tool out there.)
From Microsoft.
Well, it’s good to know that a regulated credit union isn’t a scammer.
So credit unions are fine
But what about something with a slightly sleazier reputation…like stuffing envelopes?
From Microsoft.
OK, Copilot isn’t hot on envelope stuffing opportunities.
I run in circles that use the acronym KYB, or “Know Your Business.” But I realize that many of you don’t use this acronym every day, so I thought I would explain it.
Let’s say that you encounter a business such as ByteDance or HiveLLM or Lorem Ipsum and you want to know more about it.
“KYC and KYB let companies make sure they’re dealing with real people, and that the business is legitimate and not a front for another company—or for a drug cartel or terrorist organization.”
Even if you’re not dealing with extremist terrorists, you may want to have a better understanding of where the business is and/or who runs the business. Remembering that the legal owner of the business may not be the one who is actually operating it. For example, the Mob Museum documents the original ownership of the late Tropicana Hotel in Las Vegas:
“Miami hotelier Ben Jaffe (part owner of the Fontainebleau in Miami Beach) owned the land on which the casino would sit, but Conquistador Inc. would build and operate the resort.
“It just so happened that Conquistador’s owner, “Dandy” Phil Kastel, had a long and fruitful partnership with Frank Costello, perhaps the nation’s most infamous gangster in the spring of 1957…. And it almost goes without saying that most ‘Miami hotel men’ who came to Las Vegas in this era were more than familiar with Meyer Lansky, another famous gangland name.”
Unfortunately for Costello, people soon knew HIS business:
“On May 2, 1957, while entering a New York apartment building, Costello was shot and wounded by Vincent “the Chin” Gigante on orders from rival Mafia boss Vito Genovese. Written on a piece of paper found by police inside Costello’s coat pocket was the exact gross win from the Tropicana as of April 27, 1957 — $651,284, less $153,745 in markers (loans to players), with the proceeds from slot machines at $62,844. The note mentioned $30,000 for “L” and $9,000 for “H,” likely money to be skimmed on behalf of Costello’s underworld partner Meyer Lansky and perhaps for Mob-connected Teamsters union boss James Hoffa. It was a big national news story.”
It’s best to know your business BEFORE it’s splashed all over the media.
“About 27.6 million people around the globe are ensnared by modern slavery, which refers to people being forced to work and losing their freedom due to imprisonment, threats of violence, debt bondage, or retention of their identity papers, according to the United Nations’ International Labor Organization.”
“As proven at trial, between 2006 and May 2018, [Nicole] Daedone and [Rachel] Cherwitz obtained the labor and services of multiple young women who had turned to OneTaste for healing and spirituality by coercing them to perform labor, including sexual labor, for the defendants’ benefit.”
“n 2017, Ms. Daedone sold OneTaste for $12 million, prosecutors said. The former OneTaste.us website now directs visitors to The Eros Platform, a community that still promotes it affiliation with Daedone, Cherwitz and and their Orgasmic Meditation practice. The Eros Coaching Collective still advertises a three-session OM training package for $525.”
I received a suspicious email from “Sara Romano,” a “scout” with HiveLLM who wanted me to bid on a biometric content calendar with a budget of “75000” (no currency specified).
HiveLLM has no corporate address, no LinkedIn presence, a website only a couple of months old, and an advertised business model in which you can ask a question for 10 cents.
A clear case of the need for Know Your Business (KYB).
And as you can see, HiveLLM failed a rudimentary KYB check.
But let’s ask some questions anyway.
“Sara, to confirm that HiveLLM is not a fraudulent entity, please provide your corporate address, registration information, and the identities of your owner(s) and corporate officers.”
UPDATE. At midnight Pacific Time, “Sara” sent a long response. Buried toward the end: “I’m unable to provide corporate registration or ownership details.”
I recently discussed some proposed changes to the way in which beneficial ownership information (BOI) is collected. However, even after the changes are made, FinCEN will still collect BOI for foreign firms.
Hungary, facial recognition, and geolocation
Biometric Update recently published a story about facial recognition in Hungary, and its use to identify people who display rainbows and dress in ways “that diverge from the gender they were assigned at birth.” I’m going to zero in on one portion of the story: the facial recognition provider involved.
The company FaceKom has been around under different names since 2010 but has seen significant growth during the past few years thanks to investments from the Central European Opportunity Private Equity Fund (CEOM). The fund has no direct links with [Prime Minister Orbán’s son-in-law, István] Tiborcz. However, it is registered on the same address in Budapest where several companies owned by Orbán ‘s son-in-law operate.
Well, that’s enough to drive some conspiracy theorists crazy.
Beneficial ownership and legal ownership
So I didn’t find the smoking gun, but I do want to take this opportunity to point out what BENEFICIAL ownership is. Investopedia:
A beneficial owner is a person who enjoys the benefits of ownership even though the title to some form of property is in another name.
Using the Hungarian example (without the Western Union part), it’s not enough to say that CEOM and/or Chi Fu Investment Fund Management Zrt. (I don’t know enough Hungarian to confirm they are one and the same) does not list István Tiborcz (or Victor Orbán) as an official owner or co-owner.
As Unit21 points out, you don’t have to literally own (either on your own or through a trust) 25% of an entity to be a beneficial owner. Here’s another criterion of a beneficial owner:
Any individual that holds a significant ability to control, manage, or direct the legal entity
De facto control without de jure control could very well be wielded by a powerful politician, or his son-in-law.
Bredemarket 