Millions of Americans have their identities stolen each year with 15.4 million victims in 2016, according to Javelin Strategy & Research. This year's Equifax breach may have exposed ten times that number: 143 million. Tax-related identity theft remains one of the most common forms of identity theft. This occurs when a person files a fraudulent tax return using a legitimate social security number belonging to someone else for the purpose of getting a cash refund.
Combating Tax-Related Identity Theft
The IRS has been cracking down on this problem over the past several years by implementing new policies and procedures to help stop identity theft before it happens, and steps to take after the theft has occurred. Just this year, the IRS introduced provisions from the Protecting Americans from Tax Hikes Act (PATH Act) of 2015 which mandates that refunds claiming the Earned Income Tax Credit or Additional Child Tax Credit must be held until mid-February.
Thus far the crackdown has worked. The IRS prevented $1.1 billion fraudulent refunds in 2016 on 171,000 tax returns, and that number could look even better once the 2017 numbers are released. However, cyberattacks are still on the rise, compromising taxpayers’ information on a daily basis, and the cyber criminals behind the attacks are becoming more sophisticated in the ways they are using the stolen information. It’s likely we’ll never see tax-related identity thefts completely eradicated, and it’s our job as tax preparers to ease the concerns of our clients and secure their information that we have in order to prepare their taxes.
What has the IRS has done to prevent the filing of fraudulent returns
The IRS uses a number of different programs and features to prevent the filing of fraudulent returns. These programs and features are continuously updated each year to combat new issues as they arise.
One of the longest standing programs is the Questionable Refund Program (QRP) which has been in use since January 1977 and is designed to identify fraudulent returns and help reduce payment of fraudulent refunds. More recently, the IRS introduced the Taxpayer Protection Program (TPP) which authenticates the identities of suspicious tax return filers and prevents identity theft. While the TPP has detected and stopped millions of suspicious tax returns, it has also produced false-positives on legitimate returns causing extreme delays on some refunds that honest taxpayers are waiting for.
The IRS has also implemented the Identity Protection PIN (IP PIN), a unique six-digit number that is assigned to identity theft victims which they use when filing their federal tax return. The number is used to identify the person filing the tax return as the rightful filer. But generally this IP PIN is only issued after a known incident.
In addition to a multitude of programs, the IRS also utilizes the Security Summit Initiative which is a partnership between the IRS, state revenue departments and private tax industry leaders such as TurboTax and H&R Block. Each year the Security Summit Initiative utilizes new and innovative defenses to help protect taxpayers’ information, as well as the integrity of the federal and state tax systems.
The IRS also sends notices to taxpayers whose returns have been flagged and requires that they call to verify information. This information may be regarding income, jobs listed and more.
Preventing your client’s information from being stolen
While you can never fully safeguard yourself or your client from potentially having their identity stolen, there are a few steps and measures that can be used to make the stealing of personal information harder for thieves.
If your client has ever been in a situation in which their personally identifiable information was used fraudulently (e.g., a data breach or someone using their information to obtain credit), advise them to submit IRS Form 14039, Identity Theft Affidavit. This will flag their account to identify any questionable activity.
When providing physical copies of tax returns or support documents to your clients, make a habit of marking out the Social Security number, direct deposit bank account information, and other sensitive information. You should also direct your client to be extremely careful with the financial and personal information they share and to make sure they never ignore a notice they receive in the mail. However, if they receive a notice that they suspect is not real, they should contact you as the tax professional first.
What happens when your client’s information has been stolen
Unfortunately, there’s really no way of being able to tell that your client has fallen victim to identity theft until you’ve attempted to file their tax return and it is rejected. Your client might be a victim of identity theft if they (1) receive a notice from the IRS indicating that more than one tax return was filed with the same name; (2) receive a notice for a year that a tax return was not filed; or (3) receive a notice stating that the income and payment information the IRS has on file does not match what was reported on the tax return.
Continue Reading at www.CPAPracticeAdvisor.com/12372417
The first thing you and your client should do is to follow the IRS procedures for reporting a fraudulent return. Be advised, the IRS often will not talk to the tax professional, even with a POA in hand, as they want to hear directly from the taxpayer. Afterwards, fraud alerts should be added to your client’s credit records with Equifax, Experian and TransUnion, and financial institutions should be notified of the fraud.
If your client receives a notice stating a fraudulent return has been filed, the IRS should be contacted immediately with the number provided on the notice. The legitimate tax return should be filed by paper if you’re unable to e-file it, and Form 14039 should be filed along with it.
Your client’s case will be handled by IRS’s Identity Theft Victim Assistance (DTVA) organization if another return was filed. DTVA will assess the scope of the issues, address all of the issues related to the fraudulent return and ensure the tax return is properly processed and release the refund. The DTVA will also remove the fraudulent return from the taxpayer’s records and will mark their account with an identity theft indicator. Some identity theft victims will also be given a IP PIN to add an extra layer of protection.
Your client will receive a notice that the case has been resolved, but the length of time for resolution varies. Most cases are resolved within 120 days, but more complicated cases may take 180 days or more. This means your client may not see a refund for upwards of six months.
Obtaining the fraudulent return
No doubt, a number of questions will arise from the fraudulent return (how much was the refund, what other information might be compromised, etc.). You can assist your client in obtaining a partially redacted copy of the fraudulent tax return, which will help you understand how their personal information was used. They will need to complete Form 4506-F, Request for a Copy of a Fraudulent Tax Return, and mail it to the IRS along with other required documents.
Resolving a case of tax-related identity theft is a long and tedious process with much of it out of both your and your client’s hands. It’s likely your client is terrified of the events and feels violated to a certain extent. You, as their tax professional, can help ease their concerns by assisting them through the entire process and helping to ensure their information is not stolen again.
Dave Du Val is an Enrolled Agent and Vice President of Customer Advocacy, for TaxAudit.com. In his role, he ensures that the TaxAudit team is on the forefront of tax education and research. He is a nationally-recognized speaker and educator who is well-known for his high energy and dynamic presentation style. Du Val is a frequent and popular guest speaker for the California Society of Tax Consultants, the California Society of Enrolled Agents and the National Association of Tax Professionals.