Individual Americans have started to wise up to on-line identity theft opportunists—in many cases, the hard way. In recent months, though, on-line scammers have set their sights on a potentially more lucrative—and vulnerable—target: businesses.

Not the biggest of them, mind you; those companies long ago implemented sophisticated and costly processes to secure their on-line presence. And not the small shops, where transactions can be so closely monitored that unauthorized activity is immediately evident.

The most vulnerable targets of such con artists are mid-level business with enough transactions to provide cover for illicit withdrawals, transfers and sham purchases, but not large enough to have invested heavily in online and accounting system protections.

All a scammer needs to start wreaking havoc with a business owner’s finances and reputation are valid bank routing numbers and account numbers—easily obtained from any business check a company issues—or, in some cases, a business owner’s federal Employer Identification Number or personal Social Security number. On-line agents operating from Eastern Europe, Russia, Africa and the Far East have left behind a growing list of American business victims.

“One way they can do it is by ordering checks online, using banking information acquired from a small business,” said Cherie Reese, vice president of the Greater Kansas City Better Business Bureau. “A company that has a lot of (phony) checks coming and going, they may overlook a few small ones.

But then they get the large ones and start looking into it, and by then, a few have been cashed and no one noticed it, especially if they run lot of checks.”

The major concern for businesses as victims of online ID theft is that banks don’t provide nearly the blanket protections afforded individual customers whose accounts have been raided. With California taking the lead among states to broaden those protections for banks’ corporate clients as well as individuals, that’s starting to change. But until that practice gains traction in more legislatures, businesses in many states will remain vulnerable.

In the past, most of the fraud taking place in a business venue has ultimately been focused on an organization’s clients, whether through theft of credit card numbers by employees or through outsiders hacking into company computers for similar data. What’s changing is that the identity of the business itself is now in peril, along with its finances and creditworthiness.

At this point, outright business identity theft hasn’t been a problem regionally, said Jim Cross, a spokesman for the U.S. attorney’s office in Kansas. Don’t count on that holding up. “You know, it’s a small world when it comes to the things criminals will do when money is involved,” said Don Ledford, with the Justice Department’s western Missouri district office.

That makes this an ideal time, Reese said, for businesses to start locking down their processes and protect themselves. “If you keep it on your computer, they can get it,” she said.

“Businesses just need more security than they used to,” Reese said. “From what I’ve seen, even young kids can hack into quite a few things, and they know how. Lots of times, they get caught fast, but others are a lot better at getting away with it.”

Another way to stay ahead of the con artists, she said, is to stay informed of recent developments in scam techniques and approaches. The bureau plans to add updates on such trends to its Web site soon.

Finally, adding your company’s name to the news release distribution lists from local and state prosecutors’ offices and consumer-protection offices will also help keep businesses informed, Reese said.