By Kristine Loomis, CPA, CVA
Daily we hear about a new data breach exposing personal credit and financial information. Last Spring even the IRS was “hacked.” They announced their “Get Transcript” application was breached allowing access to over 100,000 tax returns. Hackers break into information databases to gather confidential information. The problem is the use of the information: it can be used to set up accounts, make purchases, obtain false identification or file tax returns. All of these data breaches are concerning, but when you combine identity theft with the IRS most of us react with panic and anger.
The Spring of 2015 tax filing season uncovered an explosion of refund theft. The IRS, tax software developers and tax professionals are all working to assist clients in protecting their data.
The biggest problem for taxpayers is a false tax return being filed under their name. It provides an opportunity for the thief to receive a refund before anyone is aware. For example, someone obtains personal information to create a return. Once they are able to fill out the return, all of the income and payments can be manipulated to create a large refund. The return can be filed and they receive the refund. It can take the IRS months to match wage and expense information to the filed tax return; by which time the criminal has the funds and is long gone before fraud is detected.
A common occurrence during the 2015 filing season (the filing of 2014 returns) was the fraudster changed the taxpayer’s refund from direct deposit to a pre-paid debit card account which had been created just before the fraudulent return was filed. In response, the IRS in conjunction with some states, may delay refunds which appear questionable. Further, some states have indicated they may opt to mail a paper check to a filer who has requested a direct deposit if there is any indication of a possible fraud.
In addition to taking a longer time to accept the filed returns and issue refunds, the IRS has taken other measures (think bank level security) in an effort to combat the filing of fraudulent returns. This includes more multiple choice questions (the ones asking what street you lived on when you were 17) when filing electronically as well as other automated warnings something has changed. For example, if a taxpayer changes the email address on an electronically filed return, they will receive notification of the change to both the new and the old email addresses. Additionally, taxpayers may get notification if they change their address and/or any direct deposit information. There will also be a requirement for stronger, more complex passwords which are commonplace at bank and other consumer websites. The passwords for tax filing must now include a lowercase and uppercase letter, symbol and a number (for example, #Gr8News).
Behind the scenes, the IRS has implemented more fraud sniffing programs to be used at the Federal level, the state level and by the tax prep industry. There is also more information sharing between the states and the federal agencies to assist in identifying and stopping this tax fraud.
Most taxpayers find out they are a victim of IRS identity theft in one of two ways: a letter from the IRS reporting suspicious activity or an electronically filed tax return is rejected notifying the taxpayer a tax return was previously filed.
If you receive a letter from the IRS notifying you of potential identity theft you should follow the instructions in the letter from the IRS. You will also want to check in with your CPA and may want to request a special PIN from the IRS which you can use to verify your identity in subsequent years.
If your return is rejected due to a return having already been filed under your name you should in addition to the above:
- Call the IRS Identity Theft Hotline: 1-800-908-4490.
- Visit identitytheft.gov and learn how to start your identity recovery plan.
- Ask your tax preparer to file IRS Form 14039 Identity Theft Affidavit notifying the IRS of potential identity theft with attached proof of identity. The IRS will provide the special PIN to file your return.
Due to the significant amount of fraud in the last filing season, many individuals will or may already have received a PIN for the 2015 returns. These PINs were mailed the week of January 4th, 2016. The IRS has announced those letters included an incorrect date – the letter identified the PIN as for the 2014 filing season. This is not correct. The PIN mailed with a January 2016 date is for the 2015 filing season. Do not lose this PIN as it is not visible to IRS agents answering call center phones.
Finally, the IRS never e-mails you nor generally calls you directly. If you get an e-mail appearing to be from the IRS immediately delete it. Don’t return voice mails left by individuals identifying themselves as IRS agents unless you were expecting a return call from a specific agent.
Dealing with the IRS is a stressful event under the best of circumstances; adding identity theft to the mix makes it even worse. The IRS is working on it, they have launched a fraud prevention awareness campaign. It remains one of the agency’s highest priorities. If you have any questions or concerns about your personal tax information, contact your accountant or the IRS.