Tax identity theft has grown exponentially over the past several years. Identity theft has topped the Internal Revenue Service’s “Dirty Dozen” annual list of tax scams for both 2012 and 2013, and also appeared on the list in 2011. According to the National Taxpayer Advocate Service, identity theft grew by more than 650 percent between fiscal years 2008 and 2012. Unfortunately, the predictions are that this trend will continue, even in the face of growing safeguards that are currently being put into place by the IRS, tax practitioners and taxpayers themselves. An audit report released in August 2012 by the Treasury Inspector General for Tax Administration estimated that during the next five years, the IRS could lose a projected $21 billion to fraudulently claimed tax refunds related to identity theft. This figure, according to TIGTA, takes into account the new fraud controls that the IRS has put in place that the agency touts as having saved $20 billion of fraudulent refunds on 2012 returns alone.
Impact On Individual And Businesses
Generally, identity theft as encountered by the IRS, typically involves a taxpayer’s stolen Social Security number that is then used to file a tax return and claim a fraudulent refund. When the legitimate taxpayer then files their return, the IRS rejects it. The taxpayer must correct the situation to obtain their refund, which in many cases can consume a considerable amount of time, effort and expense. In best-case scenarios, a six-month delay has been common. Identity theft usually plays out differently when a business taxpayer’s identity is stolen. Similar to return filings for individuals, the theft can occur in the form of a fraudulently claimed tax refund, but often involves more subtle schemes that remain undetected until the business receives a notice from a government agency related to unpaid employment taxes, erroneously claimed tax credits, unreported merchant payment card income, and similar business transaction-generated subterfuge.
Tax-information thieves employ a variety of techniques to glean information to defraud the IRS and unknowing taxpayers. They usually include one or more variations on the following:
• Pilfering through trash (whether paper or electronic)
• Phishing scams (including bogus “IRS” inquiries)
• Deceit by familiar faces (such as a business associate, an ex-spouse or a particularly financially hard-pressed relative)
Best Practices For Individuals
Some steps that may be taken by individuals to minimize the risk that they will be victims of tax ID theft include
• Filing tax returns early (identity thieves generally file early in the season to ensure that the IRS will process their fraudulent returns and distribute the refunds before the legitimate taxpayer has the chance to file)
• Protecting Social Security numbers
• Safeguarding Internet passwords
• Installing firewalls and antivirus protection
• Safeguarding mail
• Shredding important documents
• Checking credit reports regularly
Best Practices for Businesses
Businesses generally deal with larger transactions, have larger account balances and credit lines than do individual taxpayers, and organizations can set up and accept merchant credit card payments with numerous banks. Business information regarding tax identification numbers, profit margins and revenues, officers, and even officer salaries is often public and easily accessed. At the same time, remedies and enforcement tend to focus more on individual identity theft. Business identity theft itself tends to be more subtle and, consequently, more difficult to immediately detect. Thus, business identity theft can be more lucrative and arguably less dangerous for a thief to engage in than individual taxpayer identity theft.
Stealing An EIN And EFIN
Identity thieves can use a business’ employer identification number to initiate merchant card payment schemes, file false tax returns, and even generate hundreds of fake Form W-2s in furtherance of individual taxpayer identity theft. Thieves targeting return preparer businesses can obtain electronic filing identification numbers just as easily. They, like EINs, are found on the taxpayer’s copy of a tax return and on filing confirmations.
Payment Settlement Entities (PSE) and Form 1099-K.
When identity thieves steal a business’ identity, they can also set up a business account with a PSE, which would be responsible for reporting all income from credit card transactions to the IRS. Typically, an identity thief provides a PSE with the information from the real business that only first realizes there is a problem when it receives 1099-K forms or, even later, when it is audited because Form 1099-K income does not match income as reported on its tax return.
Other Best Practices
Certain basic steps may be taken by businesses to minimize the unique risks that they face in becoming a victim of tax ID theft. These precautions may include:
• Account monitoring
• Safeguarding a dissolved business
• Bank protections
• Safeguarding documents and identification information
• Changing passwords
Tax return preparers are also at risk of having their identities stolen and used in furtherance of fraudulent tax refund schemes. Return preparers in particular should safeguard their business files, for both their sakes and those of their clients. Recommendations cited by the American Institute of CPAs in a written statement issued to the IRS Oversight Board listed several basic tasks that tax practitioners can perform to protect their clients’ sensitive information. These include:
• Locking desk drawers and file cabinets
• Using encrypted flash drives
• Using other encrypted procedures in electronically transferring a client’s information to a third party
• Redacting or truncating SSNs, EINs, EFINs, and other personal information
• Using couriers and certified mail to ensure that the correct person receives their correspondence
• Training staff and notifying clients about the proper handling of client information and how to avoid Internet schemes, and installing and requiring antivirus and other security software on all of the firm’s computers
Individuals who have been victimized by taxpayer identity theft have a number of steps that they should consider taking. These might include:
• Closing financial accounts
• Contacting Equifax, Experian and TransUnion
• Following up on fraudulent credit report information (including notifying all lenders)
• Triggering fraud alerts (including notification of a taxpayer’s banks and creditors)
• Contacting the Social Security Administration
Contacting the Federal Trade Commission (and its online FTC Identity Theft Report is helpful to local law enforcement officials trying to complete a police report). Taxpayers should also file a police report to help establish a theft for a casualty loss deduction, IRS Form 14039, Identity Theft Affidavit to place a fraud alert on their accounts with the IRS as soon as they suspect that they have been victimized by identity theft, such as when they have received a notice from the IRS that their tax return has been rejected because one has already been filed with their Social Security Number.
Taxpayers are allowed to file IRS Form 14039 even if no tax problem has yet occurred. However, although no penalty will attach to being wrong about a situation, filing Form 14039 will slow normal dealings with the IRS, because they take additional precautionary steps because of such notification. When the IRS receives the affidavit, it will flag the taxpayer’s account with a marker indicating that a tax return filed under the taxpayer’s name could be fraudulent. In some cases the IRS will issue that taxpayer an identity protection personal identification number. This must be included on the tax return for the tax year for which it was issued, or the tax return will be automatically rejected.
OTHER MEASURES THAT CAN BE TAKEN
IRS Identity Protection Specialized Unit
A taxpayer that has previously been in contact with the IRS regarding tax-related identity theft and has not achieved a resolution may contact the IRS Identity Protection Specialized Unit at (800) 908-4490. The IRS established the unit in 2008 as a means to provide centralized assistance to victims of identity theft.
Taxpayer Advocate Service
Taxpayers may also contact the Taxpayer Advocate Service (TAS) through the state/territory links, which has helped taxpayers attempting to resolve identity theft-related issues. The TAS itself handled nearly 55,000 identity theft cases in fiscal year 2012.
Tax Pro Today – Geoge G. Jones and Mark A. Luscombe 08/01/2013
Edited and posted by Harold Goedde – CPA, CMA, Ph.D. (accounting and taxation)