According to the Department of Justice, Identity theft refers to all types of crime in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain.
Unlike fingerprints, which are unique and cannot be given to someone else for their use, personal data especially a Social Security number, bank account or credit card number and other valuable identifying data can be used, if they fall into the wrong hands, to personally profit at someone else’s expense. In many cases, a victim’s losses may include not only out-of-pocket financial losses, but substantial additional monetary costs associated with trying to restore their reputation in the community and correcting erroneous information for which the criminal is responsible.
The IRS is asking for help from the tax preparer community. They have created a “Taxes. Security. Together” awareness campaign to help taxpayers protect their personal, tax and financial data online and at home. As part of that effort the IRS released Publication 4524, Security Awareness for Taxpayers. Several highlights:
- Phishing – This is a fraudulent activity using email as the method for obtaining private information from individuals by cloaking the email as a legitimate request. Phishing emails have become more popular and sophisticated in their approach. They appear to be from the IRS and companies you know and trust. Instead of clicking on the link or attachment, go directly to their websites instead.
- Keep Computers Secure – Use the latest security software such as firewalls, virus and malware protection. When sending sensitive data such as a social security numbers and dates of birth encrypt the data with strong passwords.
- Personal documents – When possible avoid emailing sensitive documents such as tax returns, credit card statements, images of driver’s licenses and social security cards. Keep old tax records under lock and key or encrypted if electronic. If the document is no longer needed shred it.
- Monitor your credit report annually – Federal law authorizes a free credit report every 12 months from each of the 3 major credit reporting agencies (TransUnion, Equifax and Experian). To access the free report(s) use the following URL: annualcreditreport.com.
In addition, the IRS created a series of videos to help taxpayers avoid pitfalls and stay safe online. To access the videos, use the following URL: https://goo.gl/8CcCXO
Warning signs for individual taxpayers – The following warning signs indicate a taxpayer’s SSN has been compromised, putting them at risk:
- The taxpayer’s return is rejected and the associated IRS reject code indicates the taxpayer’s SSN has already been used.
- The taxpayer notices activity on or receives IRS notices regarding a tax return after all tax issues have been resolved, refund paid or account balances have been paid.
- An IRS notice indicates the taxpayer received wages from an employer unknown to them.
Note: If you plan to request information from the IRS on behalf of a client, you must have a power of attorney on file and authenticate your identity before an IRS customer service representative.
Warning signs for business taxpayers – The following warning signs indicate that a business’s EIN has been compromised:
- The taxpayer’s return is accepted as an amended return, but the taxpayer has not filed a return for that year.
- The taxpayer received IRS notices about fictitious employees.
- The taxpayer notices activity related to or receives IRS notices regarding a defunct, closed or dormant business after all account balances have been paid.
Tax Preparers – Tax preparers can also become targets of criminals. To avoid becoming a target review and follow the security guidelines outlined in Publication 1345. If an online provider experiences a data breach they must contact the IRS within one business day.
Assisting victims of identity theft – The Federal Trade Commission recommends the following steps:
- Contact the local police to file a report – Once filed request a copy of the report.
- Report the identity theft to the FTC at identitytheft.gov or the FTC Identity Theft Hotline at 1-877-438-4338.
- Call the companies where you know fraud occurred – Explain that someone stole your identity, ask that they close or freeze the accounts and change the login credentials (username, password and PINs).
- Contact all 3 of the major credit bureaus to place a fraud alert on the individual’s record. The contact info for all the major credit bureaus is:
- Close all accounts opened fraudulently.
IRS victim assistance – If a client’s SSN is compromised and they suspect or know they are victims of tax related theft, the tax professional should:
- Immediately call the contact number if the client receives an IRS notice.
- Complete Form 14039, Identity Theft Affidavit, if the client’s SSN has been compromised. This form allows the IRS to put an indicator on the client’s tax records for questionable activity.
- Clients should continue to file returns and pay taxes, even if it must be completed by paper, while the case is being researched.
- If the IRS has already been contacted and they do not have a resolution, call the Identity Protection Specialized Unit at 1-800-908-4490.
- Be aware that the nature of these cases is complex.
Identity Protection PIN (IP PIN) – An IP PIN is a 6-digit number assigned to eligible taxpayers to help prevent the misuse of their SSN on fraudulent federal income tax returns. After receiving an IP PIN from the IRS, taxpayers must use it to confirm their identity on their tax return and any delinquent returns filed during the calendar year. The IRS sends new IP PINs each December by postal mail.
An IP PIN helps the IRS verify the taxpayer’s identity and accept their electronic or paper tax return. If a return is e-filed with the taxpayer’s SSN and an incorrect or missing IP PIN, the IRS will reject the return until the correct or missing IP PIN is submitted.
The taxpayer is eligible for an IP PIN if:
- They are a victim of identity theft and the IRS has resolved the case. As part of the resolution the IRS places an identity theft indicator on the taxpayer’s account and in December they send the taxpayer a CP01A Notice containing the taxpayer’s IP PIN, or
- The taxpayer filed their federal tax return in the prior year as a resident of Florida, Georgia or the District of Columbia, or
- They received a CP01F Notice or another IRS letter inviting them to voluntarily “opt in” to get an IP PIN.
This week is Tax Identity Theft Awareness Week. Taxpayers and preparers should take this opportunity to review the practices and suggestions listed in this article to protect themselves from tax identity theft. As the old adage says, “It is better to be safe than sorry”!