Identity Theft
What is Identity Theft?
Identity theft occurs when someone uses your personal information such as your name, social security number, and or other identifying information without your permission to commit fraud or other crimes.
Identity theft is a serious crime. People whose identities have been stolen can spend months or even years (as well as their money) repairing the mess thieves have made of their good name and credit record. Meanwhile, as a result of this financial fallout, victims may lose job opportunities, be refused loans, education, housing or education, and may even be arrested for crimes they did not commit. TYPES OF POSSIBLE IDENTITY THEFT
How is could happen:
Breach of Security ie: employee disgruntled, theft Lose of ID or Wallet
Computer Hackers
Stolen Computers and or thumb “jump” drives Mail Theft
Credit Card Number Theft
Copy machine sold, donated, or junked. Most larger
copiers/scanners/printers have hard drives build in These
copiers/scanners/printers retain information on them. You should destroy the drive
A request from a trusted party.
An example is say you volunteer as a chaperone for a child’s organization, scouts, school, etc. They need to have a background check done. The organization hires a third party to complete this.
How can you minimize becoming a victim
Don’t carry your Social Security card or any documents with your SSN of it. Don’t give a business your SSN just because they ask – only when
absolutely necessary. Question why it is needed and how it will be used. Protect your financial information.
Secure personal information in your home.
Protect your personal computers by using firewalls, antivirus/spam software, update security patches, and change password for internet accounts.
Don’t give personal information over the phone, through the mail or on the internet unless you have either initiated the contact or are sure you know who is asking.
Remember the IRS does not initiate contact with taxpayers by email to request personal or financial information – this includes any type of electronic
communication, such as text messages and social media. DETECTING AND REPORTING IDENTIY THEFT
Usually, an identity thief may use a legitimate taxpayer’s Social Security number to fraudulently file a tax return and claim a refund early in the filing season. You may be unaware that this has happened until you file your return later in the filing season until one of the following occurs:
Rejected e-file. An electronically filed return is rejected because a Social Security number belongs to the taxpayer, spouse, or a dependent has already been used on a tax return for that year.
This situation can occur because of a mistyped number or dispute about claiming a dependency exemption. Such cases do not
necessarily indicate theft.
A return has been rejected because of a previously used Social Security number cannot be e-filed, but must be submitted on paper. IRS notice.
An IRS notice informing a taxpayer that more than one return was filed in the taxpayer’s name, or the taxpayer received wages from an unknown employer, may be the first tip-off the individual receives that he or she has been a victim of identity theft.
IRS Letter 5071C. This letter states the IRS needs additional information to verify your identity in order to process your return accurately. (More discussion on the 5071C Letter to follow) The taxpayer has a balance due, refund offset, or initiation of
collection action for a year when the taxpayer did not file a return or IRS records indicate that the taxpayer received wages from an
employer for who he or she has not worked.
IRS Identity Protection Specialized Unit (IPSU). A taxpayer who believes there is a risk of identity theft due to lost or stolen personal information should contact IPSU immediately so the agency can take action to secure his or her tax account.
Call 1-800-908-4490.
The taxpayer will be asked to complete Form 14039.
The taxpayer should respond immediately to the name and phone number printed on the IRS notice or letter. The taxpayer will be asked to complete Form 14039, Identity Theft Affidavit. (Copy attached)
UNDERSTANDING 5071C LETTER
The IRS request the contact information is only for the taxpayers who receive d Letter 5071C.
Why is the IRS contacting you?
They received your federal income tax return; however, in order to process it, we need more information to verify your identity. The letter you received provides to options for responding. Both options enable you to verify your identity with us so we can continue processing your tax return.
The contact information is only for taxpayers who received Letter 5071C. The toll-free number and website are for identity verification only. No other tax-related information, including refund status is available.
What is involved in this process?
The IRS will continue processing your return once they verify your identity. What should you do?
Use the secure Identity Verification Service website idverify.irs.gov. It is quick and secure. To complete the entries, you will need to have a copy of your prior year tax return and your most recently filed tax return.
If you cannot use the Idverify website call 1-800-908-4490.
When you call the Idverify telephone number the agent will ask you additional information about your taxpayer that only the taxpayer would know. The will or could ask mother’s maiden name or where she was born. City and state the taxpayer was born.
Steps to take in a case of Identity Theft
1. Report the crime to the police immediately. Get a copy of the police report or case number. Credit card companies, the bank, or insurance company may ask for the reference to verify the crime.
2. Immediately contact the credit card issuers. Get replacement cards with new account numbers and ask that the old account be processed as “account closed at consumer’s request” for credit record purposes. Follow up the telephone conservation with a letter to the credit card company that summarized the request in writing.
3. Call the fraud units of the three credit reporting bureaus. Report the theft of credit cards and/or numbers. Ask that the accounts be flagged. Also, add a victim’s statement to the report requesting contact to verify future credit applications.
Equifax Credit Information Services – Consumer Fraud Division PO Box 740256
Atlanta, GA 30374 Phone: 888-766-0008 Website: www.equifax.com
Experian
Phone: 888-397-3742
Website: www.experian.com
Trans Union Fraud Victim Assistance Department PO Box 6790
Fullerton, CA 92834 Phone: 800-680-7289
Website: www.transunion.com
4. Notify the Social Security Administration’s Office of Inspector General if the Social Security number has been used fraudulently.
5. File a complaint with the Federal Trade Commission
Phone 877-ID-THEFT (877-438-4338) TDD 202-326-2502 Mail: Consumer Response Center, Federal Trade Commission,
600 Pennsylvania Ave NW Washington DC 20580
Website: www.consumer.gov/idtheft
What next……….
Usually the IRS will issue a CP01 Notice (sample attached). This letter states an Identity Theft Indicator has been placed on the owner of the valid Social Security Card.
Questions which arise when the indicator is placed on an account:
What effect does the Identity Theft Indicator have on my account? The indicator has no effect on your ability to file your tax return, make payments or receive a refund.
What happens if someone else uses my SSN to file a fraudulent tax return? The indicator that was placed on your account will alert the IRS to research it to make sure that a tax return filed with your SSN is valid. If the tax return is invalid they will not process it.
How long does the indicator remain on the account?
Because you are a victim of identity theft, to protect the taxpayer, the indicator will remain on the account unless the taxpayer
specifically request that it be removed.
In November or early December of the following tax season (November 2013 or December 2013) the taxpayers will receive Notice CP01A (sample attached). This notice tells the taxpayer about Identity Protection Personal Identification Number (IP PIN) they sent. For the return to be processed this IP Pin must be on the
return.
The IP-PIN will be auto-generated based on the taxpayer’s validated account information. The notice will contain a single-use-six-digit PIN that contains six numbers and may begin with a zero. In order for the IP-Pin to be accepted, all six digits must be input on the taxpayer’s Form 1040, to the right of the spouse’s occupation line.
Important things to remember about the IP PIN Store the letter with your tax records. A new IP Pin is assigned to you each year.
The latest IP PIN assigned to you is your IP PIN of record and you should destroy all prior IP PINs securely.
Do not reveal your IP PIN to anyone other than your tax preparer. The taxpayers should only reveal when they are ready to sign and submit the return.
Taxpayer must use the IP PIN on e-filed returns, the return will be rejected if it is not on the return. This will delay processing if a paper return is mailed as well.
The IP PIN is only for Federal filed returns.
If you need to amend a prior year return, you will use the latest IP PIN you have received.
If the taxpayer has lost or misplaced the IP PIN, they can contact the IRS mid January. The telephone number is 1-800-908-4490 extension245. If the taxpayer is using a replacement IP PIN it will cause a delay in processing the tax return and the issuance of any refund.
The Dirty Dozen
The dirty dozen listing, compiled by the IRS each year, lists a variety of common scams taxpayers can encounter at any point during the year. Many of the
schemes peak during filing season as people prepare their returns.
The IRS is increasingly seeing identity thieves looking for ways to use a legitimate taxpayer’s identity and personal information to file a tax return and claim a fraudulent refund.
During fiscal year 2012, the IRS took 2400 enforcement actions against identity thieves as the result of a national sweep to crack down on return fraud and identity theft. This success was followed in by a coordinated coast to coast effort against identity theft suspects that led to 734 enforcement actions in January 2013.
RETURN PREPARER FRAUD
About 60% of taxpayers will use tax professionals to prepare and file their tax returns. Most return preparers provide honest service to their clients. But as in any other business, there are also some who prey on unsuspecting taxpayers. Questionable return preparers have been known to skim off their clients’ refunds, charge inflated fees for return preparation services, and attract new clients by promising guaranteed or inflated refunds. Taxpayers should choose carefully when hiring a tax preparer. Federal courts have issued hundreds of injunctions ordering individuals to cease preparing returns, and the Department of Justice has pending complaints against many others.
In 2014 every paid preparer was required to have a PTIN and enter it on the return he or she prepares.
The following signals many indicate an unscrupulous return preparer. The preparer:
Does not sign the return or place a PTIN on it
Does not provide a copy of the tax return to the client. Promises larger than normal tax refunds
Charges a percentage of the refund for amount paid for preparation Requires the client to split the refund to pay the preparation fee. Adds forms the tax taxpayer has never filed before.
Encourages the taxpayer to place false information on the return, such as false income, expenses and or credit.
Safeguarding Taxpayer Data
Taxpayer data is any information furnished in any form or manner by or on behalf of a taxpayer for preparation of their return. Taxpayer data may be furnished on paper, verbally, electronically, in person, over the telephone, by mail, etc. It includes but is not limited to:
Taxpayer’s name, address, and phone number Social Security or other identification numbers Income, receipts, deductions, and exemptions Tax liabilities
Bank and/or credit account numbers.
The Gramm-Leach Billey (GLB) Act of 1999 established standards relating to the administrative, technical, and physical information safeguards required of those who handle taxpayer data. The standards are intended to:
Ensure the security and confidentiality of customer records and information.
Protect against any anticipated threats or hazards to the security or integrity of such records.
Protect against unauthorized access to or use of such records or
information that could result in substantial harm or inconvenience to any customer.
The GLB Act specifically includes tax preparers among those who are subject to its provisions.
Written Plan Required
As part of implementation of the GLB Act, the Federal Trade Commission issued the Safeguards Rule, which requires those subject to the GLB Act to develop a written information security plan that describes their program to protect customer information. The following items should be considered by a tax preparer when developing a written information security plan.
1. Maintain a list of all the locations where taxpayer data is handled. Offices, storage facilities, residences, and temporary return preparation sites.
Filing cabinets, desk drawers, and boxes.
Computers, optical disks, zip drives, and USB removable media such as thumb drives or memory sticks.
2. Assess the risk unauthorized access, use-disclosure, modification, or destruction of taxpayer data.
Can visitors, clients, or service providers access taxpayer data? Can a careless or malicious employee modify a tax return? If return preparation software is provided for customer use, is inadvertent disclosure of another taxpayer’s data possible? Can a computer virus corrupt tax returns being submitted?
Can a flood or other incident destroy paper and electronic taxpayer records?
3. Assess the impact of unauthorized access, use, disclosure, modifications, or destruction of taxpayer data.
Could a client become the victim of identity theft?
Could a denial of service attack or other internet problem cause data loss?
Could the tax preparation business incur criminal or civil penalties? 4. Consider how employees and contractors are used.
Should background and identity authentication checks be done? Do employment agreements and service contracts specify safeguards that must be followed?
5. Test, monitor, and revise regularly. Add additional safeguards as needed.
Can backed up records be recovered if primary records are destroyed?
Are employees, contractors, and service providers following information security procedures?
Do computer systems pas vulnerability testing?
Are federal, state, and local laws and regulations being followed? Information Security Plan
Am information security plan addresses risks and describes how written and electronic taxpayer data is handled. The plan can include safeguards and security controls that are already in place and safeguards that are still needed:
Some Examples:
Lock file cabinets and doors
Create backups of taxpayers records
Conduct information security training for employees who have access to taxpayer data.
Use strong electronic information system passwords.
Prohibit leaving taxpayer data unsecured on desks, printers, or
photocopiers, or in mailboxes, vehicles, trash cans, other rooms , at home, etc
Shred paper containing taxpayer data before discarding it.
Erase or overwrite any electronic data before discarding hard drives. Encrypt taxpayer information stored electronically and during electronic transmission.
Do not exchange sensitive taxpayer data by e-mail.
Use firewalls, routers, or gateways to protect computer systems used for taxpayer data.
Keep antivirus and antispyware software up to date. Monitor computer system logs for unauthorized access.
Implement authorization requirements for removal of taxpayer data on any media.
Privacy Notices
Tax preparers should inform their clients in writing that an information security plan is in place. You could use the following language:
We maintain physical, electronic and procedural safeguards that comply with applicable law and federal standards.
