Identity Theft2016.pptx [Read-Only] · • Identity theft is still the #1 complaint filed ... –...

1/19/2016

1

Identity Theft and Client Protection

Kristy MaitreCenter for Agricultural Law and TaxationJanuary 19, 2016

Remember…..

• Not all data theft is identity theft

• Not all identity theft is tax‐related identity theft – the filing of fraudulent returns

Major Concerns Regarding Identity Theft

• Identity theft is still the #1 complaint filed with the Federal Trade Commission

• Identity theft victim occurs every 2 seconds

• In 2014, more than 1 billion personal records were stolen

• Large‐scale data breaches netted more than 100 million SSNs in 2015, to date

1/19/2016

2

Defense Against Tax‐Related Identity Theft

• IRS Actions for Protection– Increased fraud filters from 11 in 2012, to 200 in 2015

– Limit the amount of direct deposits to 3 refunds per single account

– Locked accounts of nearly 29 million deceased taxpayers

– Improved cooperation with local law enforcement

– Reduced internal use of SSNs

– Reduced prisoner tax fraud

– Works with 286 financial institutions to identify fraudulent refunds, recovered $3 billion in the past 3 years

– Improved EFIN policies to prevent abuse

What is the IRS Doing to Aid Prevention?

• Improving fraud filters every year

– Reviewed 19 million suspicious returns between 2011‐2014

– Stopped $63 billion fraudulent refunds between 2011‐2014

– Rejected or stopped 4.5 million suspicious returns from processing in 2015

• 1.2 million of those were confirmed Identity Thefts

• As of September 2015, $9.5 billion in fraudulent refunds protected

Security Summit Update

• Improve verification of taxpayer/return at the time of filing

– Include more than 20 new data elements

– Require new password standards

• Improve circulation of information

– Some providers make weekly reviews for schemes

• Increase security awareness among taxpayers and professionals

• Create a new tax preparer work group

1/19/2016

3

How Do They Do It?

• Hackers will try and get your information through scams and schemes

– Easiest way for them to obtain information is to ask for it via:

• Phishing emails, texts or phone calls

– Include links to fake websites

– Use malware‐infected attachments

– May pretend to be a trusted organization such as a bank

Risks Involved with Data Theft

• Account take – overs

– Bank Accounts

– IRS e‐Services

– Tax Software

• Computer breaches by cyber hackers

– Some cyber hackers are more skilled and sophisticated than others

– May not even appear to have been hacked until a much later date

Improvements Are Needed in the Identity Protection Specialized Unit to Better Assist Victims of Identity Theft

• In October 2008, the Internal Revenue Service (IRS) formed the Identity Protection Specialized Unit (IPSU) as part of its strategy to reduce taxpayer burden caused by identity theft

• The IPSU is a dedicated unit for victims of identity theft to have their questions answered and obtain assistance in resolving their identity theft issues quickly and effectively

• The IRS reports that the IPSU received a total of 746,942 cases for Calendar Year (CY) 2014

• From the week ending January 3, 2015, to that ending June 13, 2015, the IPSU received a total of 232,006 cases

1/19/2016

4

IRS Processes

• The Majority of Identity Theft Victims Are No Longer Provided With an Identity Protection Specialized Unit Single Point of Contact

• In November 2014, the IRS indicated that budgetary constraints did not allow for a single employee to be assigned to each identity theft victim

• In addition to not providing a single CSR to work with a victim of identity theft, in May 2013, IPSU officials decided that the IPSU would no longer monitor identity theft cases worked by a single IRS function

• The IPSU’s process for issuing required acknowledgement and case status letters to taxpayers does not ensure that taxpayers are timely informed about the IRS’s receipt of their supporting documentation or the status of their identity theft claims

IRS Processes

• IRS procedures require the employee receiving a Form 14039, police report, or other correspondence alleging identity theft to acknowledge receipt of the information from the taxpayer by sending Letter 5073C or another appropriate letter to the taxpayer within 30 days of receipt

• For cases that meet Taxpayer Advocate Service criteria, i.e., ITAR‐monitored case, acknowledgement Letter 4524C must be sent to the taxpayer within five workdays of IRS receipt of the taxpayer’s information

• In addition, a subsequent Letter 4524C must be sent to the taxpayer every 30 days

• The letter provides an update to the taxpayer on his or her case

IRS Processes

• Research Is Not Always Effectively Conducted to Identify and Assist Taxpayers Who Submit Identity Theft Claim Documentation

• Processes and Procedures Are Ineffective to Ensure That Taxpayer Voicemail Messages Are Timely Addressed

1/19/2016

5

Risks Involved with Data Theft

• Account take – overs

– Bank Accounts

– IRS e‐Services

– Tax Software

• Computer breaches by cyber hackers

– Some cyber hackers are more skilled and sophisticated than others

– May not even appear to have been hacked until a much later date

What Can You Do?

• Educate employees on scams and risks

– IRS will not ask for sensitive information such as passwords or SSNs

• Increase employee awareness of dangers related to data theft

– Handling phishing emails, phone calls, etc.

• Check EFIN statistics regularly – if stats don’t match expectations, consult e‐Help Desk

Protecting Client Information

• Create and implement a security and data compromise plan

• Necessary security software to include:– Firewall

– Anti‐virus

– File encryption

• Use encrypted email programs to exchange PII information with taxpayers

• Utilize strong passwords that are required to change periodically

1/19/2016

6


• Use a secure wireless connection

– Wi‐fi should be password protected

• Taxpayer information should be backed up with limited access granted to others

• Any paper files should be stored in secure location

• In case of breach, contact local stakeholder liaison

– Find liaison at IRS.gov, keyword “Stakeholder Liaison”

Planning Procedures

• Data Theft Plan– Review FTC Suggestions for Data Theft Response

– Notify parties • Law Enforcement

• IRS Stakeholder Liaison

• Major Credit Bureaus

• Individual(s) affected by theft

– Information to disclose:• How it happened

• Information jeopardized and taken

• Actions taken to resolve situation

The Identity Thief

• “I’ve always wanted a plasma television. High‐def, of course. I think I’ll buy the most expensive model I can find. Why should I worry about what it costs? It’s free, at least for me.”

• From the FBI Website

1/19/2016

7

19

Identity theft occurs when someone uses your personal information such as:

• Name

• Social Security number or

• Other identifying information

Without permission, to commit fraud or other crimes

What is Identity Theft?

20

Most misused SSN of all time

• Happened more than 70 years ago• Involved Social Security cards “issued” by Woolworth

• At peak, nearly 5,800 people were using SSN• More than 40,000 reported as their own SSN• As late as 1977, 12 people still using SSN

Federal Trade Commission

• The Federal Trade Commission is at the forefront of combatting Identity theft

• Their website at www.identitytheft.gov provides helpful steps of what a victim needs to do once they determine they have been a victim of ID theft

1/19/2016

8

Federal Trade Commission

Federal Trade Commission/IRS

• Report identity theft to the Federal Trade Commission (FTC) and the Internal Revenue Service

• Complete the FTC’s online complaint form :• https://www.ftccomplaintassistant.gov• The client should give as many details as they can• Many cases of tax return identity theft will not be known until an e‐filed return

has been rejected• A copy of the reject acknowledgement should be made available to the client• The complaint form is not available on mobile devices, but the client can call

1‐877‐438‐4338 to make the report• They should print and save the FTC Identity Theft Affidavit immediately• Once they leave the page, they will not be able to get the affidavit

Tips

• Act quickly to limit the damage

• Have Your Clients: – Call the companies where the client knows fraud occurred

– Provide as much information as possible concerning the individual who stole the identity, if known

– Ask the company to freeze the account so no one can use the account for fraudulent purposes

– Finally change all logins, passwords and PINS on the accounts

• Place a fraud alert and get a current credit report

• Make contact with one of the three credit bureaus, that company is then obligated to inform the other two

1/19/2016

9

Fraud Alert

• A fraud alert is free

• It will make it harder for someone to open new accounts in your client’s name

• Your client will get a letter from each credit bureau

• It will confirm that the credit bureau has placed a fraud alert on the file

– Equifax.com/CreditReportAssistance 1‐888‐766‐0008

– Experian.com/fraudalert 1‐888‐397‐3742

– TransUnion.com/fraud 1‐800‐680‐7289

Credit Reports

• To get a credit reports right away go to:

– ww.annualcreditreport.com or

– Call 1‐877‐322‐8228

File a Report with the Local Police Department

• Go to your local police office with:– A copy of your FTC Identity Theft Affidavit

– A government‐issued ID with a photo

– Proof of your address (mortgage statement, rental agreement, or utilities bill)

– Any other proof you have of the theft (bills, IRS notices, etc.)

– FTC's Memo to Law Enforcement

– Tell the police someone stole your identity and you need to file a report

– If they are reluctant, show them the FTC's Memo to Law Enforcement

– The client should ask for a copy of the police report

– This document will be needed to complete other required steps

1/19/2016

10

Identity Theft Report

• Create the Identity Theft Report by combining the FTC Identity Theft Affidavit with the police report

• The identity theft report proves to businesses that someone stole your identity

• It also guarantees the client certain rights

• If there is tax related identity theft additional steps are required

30

• Refund‐related identity theft

– Identity thief uses a stolen SSN to file a forged tax return and obtain a fraudulent refund early in the filing season

• Employment‐related identity theft

– Identity thief uses a stolen SSN to obtain employment

Types of tax‐related identity theft

1/19/2016

11

ID Theft ProcessClient Has Not Filed

• Client has received a refund check – mark void on the back, and return to the campus on the face of the check with a letter of explanation that a return has not been filed

• Try file the return electronically – get reject code

• File return on paper with Form 14039 and required documentation

• Attach Form 8948 and complete section 4

• If taxpayer has not been contacted by notice or letter send to the normal campus

ID Theft ProcessClient Has Not Filed

• Client has received a letter that they need more information to complete the processing of the return Letter 12‐C, Letter 4883‐C or Letter 5071‐C

• Try file the return electronically – get reject code

• File return on paper with Form 14039 and required documentation

• Attach Form 8948 and complete Section 4

• Respond to the letter with the return and send to the campus on the letter

ID Theft ProcessClient Has Filed

• Client has received a letter that they need more information to complete the processing of the return Letter 12‐C, Letter 4883‐C or Letter 5071‐C

• Respond to the letter with the information requested

1/19/2016

12

Tax Related Identity Theft

• Notify the Internal Revenue Service as soon as possible by calling the Identity Theft Hotline at : 800‐908‐4490

• Then complete IRS Form 14039, Identity Theft Affidavit• Mail or fax the form according to the instructions• Include proof of your identity, like a copy of your Social Security

card, driver’s license or passport, and other information• Provide this form independently or if your client receives a notice

or is unable to file a return electronically attach the form to the return or other correspondence

• Your client should keep copies of any letters sent

Form 14039

Form 14039

1/19/2016

13

Form 14039

Form 14039

Other Steps

• Review Social Security work history by creating an account at: https://www.socialsecurity.gov/myaccount/

• If errors are found the client should, contact their local SSA office

• Report a misused Social Security number

• Replace government‐issued IDs

1/19/2016

14

Child Identity Theft

• When a dependent child’s identity is stolen you will need to correct the child’s credit report, send each credit reporting agency the Minor’s Status Declaration form:

• http://www.consumer.ftc.gov/articles/pdf‐0095‐uniform‐minor‐status‐declaration.pdf

• This form provides proof that the child is a minor

• Include a letter with the form that asks for all information associated with the child’s name or SSN to be removed

• If your client does this there is no need to send a “blocking” request for the child

• The SSN‐only search means that any items associated with the child’s SSN are included in the report ‐‐ even if the thief used the child’s SSN with a different name

• In addition, because the child is a minor they cannot legally agree to contracts, any debts on the child’s credit report are fraudulent by definition

UNIFORM MINOR’S STATUS DECLARATION

UNIFORM MINOR’S STATUS DECLARATION

1/19/2016

15

2016 Filing Season

IRS Statement on Identity Theft

• Stopping identity theft and refund fraud is a top priority for the Internal Revenue Service

• For the 2016 filing season, the IRS continues to expand these efforts to better protect taxpayers and help victims

• IRS employees are working to prevent:

– Refund fraud

– Investigate identity theft‐related crimes and

– Help taxpayers who have been victimized by identity thieves

New Steps are Being Taken in 2016 to Deter Identity Theft

• Software companies are sharing information with the Internal Revenue Services and state revenue departments

• New data will be shared to assist in better detection and prevention of identity theft – Improper or repetitive use of Internet Protocol numbers– The time it takes to complete a tax return – hoping this will cut down the robo tax

returns, created by a machine– Information will be provided if the returns come from a foreign address– If numerous returns are filed from the same device that will also be able to be identified– New password standards for software providers– New limits on log in attempts that were unsuccessful– The addition of security questions

• All these new processes will not interfere with the normal processing, and will be seamless to the tax practitioners and their clients.

1/19/2016

16

IRS “Filter” Program

• As in prior years the IRS will deploy the identity theft filters, which include characteristics IRS has identified that are common in fraudulently filed tax returns

• The filter program “net”, impacts valid as well as fraudulent returns• Any return that is “still being processed” could have falling into the “net” which will delay

the refund• Client will need to be patient as IRS goes through the process of determining the “valid”

return• Generally, this process can take from six to twelve months, which causes frustration for the

tax payer as well as the tax preparer • It is important to remember that though the process is far from perfect it is the only

current way, among others, to stop fraudulently filed tax returns• This process protects the client and the integrity of the tax system • As the IRS moves forward with the new partnerships established with public and private

sector entities to battle identity theft, we can only hope these small steps will help in the continuing improve crisis

IRS “Filter” Program

• Generally, this process can take from six to twelve months, which causes frustration for the tax payer as well as the tax preparer

• It is important to remember that though the process is far from perfect it is the only current way, among others, to stop fraudulently filed tax returns

• This process protects the client and the integrity of the tax system

• As the IRS moves forward with the new partnerships established with public and private sector entities to battle identity theft, we can only hope these small steps will help in the continuing improve crisis

Information from The Tax Book

• At a recent tax seminar attended by authors from TheTaxBook, the speaker said certain IRS administration officials with knowledge of the subject told him unofficially that 7% of electronically filed tax returns this past filing season were fraudulent, and that due to budget cuts, only seven IRS employees were available to work on resolving these identity theft cases

• The IRS is aware that requiring PINs or electronic passwords could prevent most cases of identity thieves from filing fraudulent returns, but their computer systems are too old and outdated to handle all of the PINs that would be required for every taxpayer in the nation to use one

1/19/2016

17

Resolving Identity Theft

• A copy of the e‐file rejection notice (typically provided by the preparer’s software)

• Form 8948, Preparer Explanation for Not Filing Electronically, indicating why the return is not being e‐filed

– The e‐file rejection code should be noted, along with an explanation that the taxpayer is a possible identity theft victim

• Form 14039, Identity Theft Affidavit, filed for each person affected

B201

Resolving Identity Theft

• A copy of any IRS correspondence received by the taxpayer regarding possible identity theft issues

– Attach to the return

• Any erroneous refund checks the taxpayer received – mark void on the front and back and return to the campus named on the front of the check

• File a paper return

B201

How Does the Thieves Get The Client’s Information?

1/19/2016

18

How Do the Thieves get the Information?

• Stealing wallets, purses and your mail (bank and credit card statements, pre‐approved credit offers, new checks and tax information)

• Stealing personal information you provide to an unsecured site on the Internet, from business or personnel records at work and personal information in your home

• Rummaging through your trash, the trash of businesses and public trash dumps for personal data

• Posing by phone or email as someone who legitimately needs information about you, such as employers or landlords or

• Buying personal information from “inside” sources– For example, an identity thief may pay a store employee for information about you that appears on an application for goods, services or credit

How is Identity Theft Discovered?

• Many have no idea their identity has been stolen until an event happens • The client cannot file their annual tax return electronically• The client receives a notice from IRS that you worked for a company in Texas• The client received an IRS notice to verify their address has changed and they

have lived at the current address for many years• The client’s credit is suddenly not as good as it used to be and you do not know

why• They are getting phone calls stating they have not paid a credit card bill when

you do not have a credit card • More than one tax return was filed using your SSN• They owe additional tax, refund offset or have had collection actions taken

against them for a year they did not file a tax return

Business Identity Theft

1/19/2016

19

What is Business Identity Theft?

• Business identity theft happens when someone creates, uses or attempts to use the identifying information of a business, without authority, to obtain tax benefits

• Business identity thieves file fraudulent business returns to receive refundable business credits or to perpetuate individual identity theft

Identity Theft Related to Tax Administration

• Business identity theft is more complex than individual identity theft• Many of the same indicators that signify simple filing or processing errors also

hint at business identity theft• While on the surface these occurrences may appear to indicate business

identity theft, they may also stem from something as simple as transposed numbers– Your client receives IRS notices about fictitious employees– Your client notices activity related to or receives IRS notices regarding a defunct, closed

or dormant business after all account balances have been paid– Your client’s return is accepted as an amended return, but the taxpayer has not filed a

return for that year

• If these things occur, the IRS and the taxpayer will need to do some research before determining the incident is a result of identity theft

Identity Theft Related to Tax Administration

• Identity theft not related to tax administration should be reported to the Federal Trade Commission

• Clients may be victims of identity theft not related to tax administration if they:– Receive bills for business lines of credit or credit cards they do not have– Notice that a credit report indicates credit or other open accounts they did not authorize

– See unexplained bank account withdrawals– Don’t get their bills or other mail– Find unfamiliar accounts or charges on their credit report– Get a notice that information was compromised by a data breach at a company where they do business or have an account

1/19/2016

20

What Protective Actions Should Your Clients Take if Their Business Information Has Been Compromised?

• Respond immediately to any notices from the IRS

• If they believe someone fraudulently used their Employer Identification Number, notify the IRS immediately using the contact information on the notice or letter

• File a police report with the local police department

• Carefully review and reconcile account statements as soon as they receive them

• Regularly review business registration information online (for all active and closed businesses)

• Monitor credit reports for suspicious activity every 12 months

What Protective Actions Should Your Clients Take if Their Business Information Has Been Compromised?• Place a fraud alert on credit reports by contacting any one of the four

nationwide credit reporting companies:– Dun & Bradstreet 800‐234‐3867 www.smallbusiness.dnb.com– Equifax 800‐525‐6285 www.equifax.com– Experian 888‐397‐3742 www.experian.com– Trans Union 800‐916‐8800 www.transunion.com

• Close any accounts that have been tampered with or opened without their permission

• File a complaint with the Federal Trade Commission• Update virus, malware, and other security software programs on their

computers• Remain vigilant and be alert for suspicious or unusual activity

60

Laws to Protect Taxpayer Information

• Identity protection laws– IRC § 7216 & USC § 6713

– Privacy Act (5 USC 552a)

• Additional laws for safeguarding personal information– Gramm‐Leach‐Bliley‐Act (1999) Privacy and Safeguards Rules

– Sarbanes‐Oxley Act

– IRS e‐file rules

– State laws

1/19/2016

21

Who is Eligible for an IP PIN?

• Your client is a victim of identity theft and IRS has resolved the case

• IRS placed an identity theft indicator on the account and in December, they sent your client a CP01A Notice containing an IP PIN, or

• The client filed a federal tax return in 2015 as a resident of Florida, Georgia or the District of Columbia, or

• The client received a CP01F Notice or another IRS letter inviting them to voluntarily 'opt in' to get an IP PIN

62

Understanding the IRS’s ID theft process

• IRS issues a CP01 notice to let the taxpayer know an identity theft marker has been placed on her account, “Your assigned 2014 IP PIN is: ______.”

• Before the next filing season, the IRS generally assigns the taxpayer a unique Identity Protection PIN to verify her return

• If the taxpayer is identified as being deceased, the IRS locks the account to prevent future filing

63

Key IP PIN Information

• Six‐digit number assigned to a validated identity theft victim• Specific to the tax year and a new IP PIN is issued every year• Some IP PIN CP01A Notices will continue to be mailed through mid‐February, 2016

• Should not be confused with the five‐digit electronic signature ‘self‐select’ PIN

1/19/2016

22

64

Key IP PIN information

• Necessary only if the primary taxpayer is the identity theft victim• E‐filed returns requiring IP PINs will be rejected if the IP PIN is missing or incorrect

• If an IP Pin has been issued the return must contain the IP PIN effective for the 2016 filing season

• Taxpayers who misplace their IP PINs will be able to receive replacements by contacting the IRS

65

IP PIN Guidance for Tax Professionals

• Ask your client if he received a letter from the IRS containing an IP PIN

– If so, input IP PIN in the appropriate area

– If your client states he misplaced his IP PIN or his return rejects because of a missing IP PIN, have your client contact IRS for a replacement IP PIN

• If your client says he did not receive an IP PIN letter, continue preparation as usual

Lost or Misplaced IP PINs

• If the client received a CP01A Notice, they can register and create a user profile to get your current IP PIN issued this year

• The registration process will require that they provide IRS with specific personal information and answer a series of questions to verify your identity

• This process is essential to protect their personal and tax information

• If they received a CP01F Notice or participated as a resident of FL, GA or DC, and already have an online account, they simply log into the account with their username and password

• Follow the prompts to retrieve your IP PIN.

1/19/2016

23

Replacing a lost IP PIN

• If they are unable to create an account on IRS.gov or choose not to do so, they may contact the Identity Protection Specialized Unit at 1‐800‐908‐44901‐800‐908‐4490

• The IPSU hours of operation are: Monday ‐ Friday, 7 a.m. ‐ 7 p.m. your local time (Alaska & Hawaii follow Pacific Time)

• Using a replacement IP PIN will cause a delay in processing the tax return and the issuance of any refund

68

Tax Practitioner Due Diligence • Treasury Department Circular No. 230(Rev. 8‐2011), Section 10.22, requires practitioners to:

Exercise due diligence when preparing or assisting in the preparation of filings for submission to the IRS, and that they determine the correctness of the representations they make, both to the IRS and to clients

• Tax practitioners play a role in protecting the integrity of the tax filing system through their efforts to authenticate their clients’ identities

Your Tax Clients Can Now Get a Copy of a Fraudulent Return Filed

• A victim of identity theft or a person authorized to obtain the identity theft victim’s tax information may request a redacted copy (one with some information blacked‐out) of a fraudulent return that was filed and accepted by the IRS using the identity theft victim’s name and SSN

• Due to federal privacy laws, the victim’s name and SSN must be listed as either the primary or secondary taxpayer on the fraudulent return; otherwise the IRS cannot disclose the return information

• For this reason, the IRS cannot disclose return information to any person listed only as a dependent

• Partial or full redaction will protect additional possible victims on the return• However, there will be enough data for the taxpayer hopefully to determine

how their personal information was used• The process is another NEW addition to IRS’s fight against identity theft

1/19/2016

24

Your Tax Clients Can Now Get a Copy of a Fraudulent Return Filed

• To make the request, your client will need to prepare a signed letter with the information described below and mail it and any additional documentation to the following address:– Internal Revenue Service

– P.O. Box 9039

– Andover, MA 01810‐0939

• The IRS may return the request if it is missing the required information and/or documentation, or is made in a manner other than described in these instructions

Required Information and Documentation for a Request by the Identity Theft Victim

• If your client is a person whose name and SSN was used to file a fraudulent tax return, the letter must contain the following information:– Their name and SSN

– Their mailing address

– The tax year(s) of the fraudulent return(s) they are requesting, and

– The following statement, with their signature beneath: “I declare that I am the taxpayer.”

• The letter must be accompanied by a copy of your government‐issued identification (for example, a driver’s license or passport)

As a Representative for Your Client Who is Authorized to Receive the Information the Following Procedure Should be Followed:

• If you are authorized to obtain the identity theft victim’s tax information, the letter must contain the following information:– Your name and tax identification number (usually your SSN)– Your relationship to the victim of identity theft (for example, parent, legal guardian, or

authorized representative)– Your mailing address– Centralized authorization file (CAF) number if you were assigned one by the IRS for an

authorization that is on file with the IRS covering the requested tax year(s)– Tax year(s) of the fraudulent return(s) you are requesting– The taxpayer’s name and SSN– The taxpayer’s mailing address

• The following statement, with your signature beneath: “I declare that I am a person authorized to obtain the tax information requested.”

1/19/2016

25

As a Representative for Your Client Who is Authorized to Receive the Information the Following Procedure Should be Followed:

• The letter must be accompanied by a copy of your government‐issued identification (for example, a driver’s license or passport)

• You must also include documents demonstrating your authority to receive the requested tax return information (for example, Form 2848, Form 8821, or a court order) unless:

– You are requesting return information of your minor child as a parent or legal guardian, or

– Your authority to obtain return information for the requested tax year(s) is on file with the IRS and you are providing your CAF number

How Long Will it Take to Get the Copy of the Fraudulent Return?

• The time required to fulfill your request will depend on a number of factors

• One factor is whether there are any open, unresolved issues with a tax return for a tax year requested

• These are very complex cases, and IRS will need to resolve the underlying identity theft case before they can provide the return

• The IRS will acknowledge the request within 30 days of receipt and within 90 days the client will receive the return or follow‐up correspondence

Why is Some Information on the Return Redacted?

• The IRS may disclose return information from a fraudulent return to a person whose name and SSN are listed as the primary or secondary taxpayer when the disclosure does not seriously impair Federal tax administration

• Although some information will be redacted or partially redacted, the remaining information will allow the client to determine what information the identity thief may have about the client and the client’s family

1/19/2016

26

Why Can’t the Client Request a Copy of a Fraudulent Return that Lists Themselves or Their Child as a Dependent?

• Due to federal privacy laws, the IRS cannot disclose information to a person who is listed on a fraudulently filed tax return unless that person’s name and SSN is listed as the primary or secondary taxpayer on the return

The Client Received a Letter Returning the Request Because it was for a Business. Why is the IRS Returning Requests for Business Returns?

• At this time, the client can only request a copy of a fraudulent tax return filed using Forms 1040, 1040A, 1040EZ, 1040NR, or 1040NR‐EZ

The Client Received a Letter Returning the Request Because the Address Didn’t Match IRS Records. What does the Client Need to do?

• IRS will reject a request if the address listed in the request does not match the IRS address of record

• If the client has recently moved and did not file a Form 8822, Change of Address, with the IRS, they will need to file this to change their address of record

• They can resubmit the request of a copy of the fraudulent return after the IRS processes the address change

1/19/2016

27

How Many Tax Years Can the Client Request?

• The client can request copies of fraudulent returns for the current tax year and previous six tax years

The Client Attempted to e‐file their Return and it was Rejected because Someone Already Filed using their Social Security Number. Can the Client Request this

Information Now?

• The client may make a request at any time, but IRS must resolve the identity theft case before they can share the return

• If IRS has just found the client is a victim, have them review the Taxpayer Guide to Identity Theft for the best steps to take to resolve the case

What Information will be Redacted on the Copies the Client Receives?

1/19/2016

28

IRS Tests W‐2 Verification Code for Filing Season 2016

• For filing season 2016, the Internal Revenue Service will test a capability to verify the authenticity of Form W‐2 data

• This test is one in a series of steps to combat tax‐related identity theft and refund fraud

• The objective is to verify Form W‐2 data submitted by taxpayers on e‐filed individual tax returns

• The IRS has partnered with certain Payroll Service Providers (PSPs) to include a 16‐digit code and a new Verification Code field on a limited number of Form W‐2 copies provided to employees

• The code will be displayed in four groups of four alphanumeric characters, separated by hyphens. Example: XXXX‐XXXX‐XXXX‐XXXX


• The Verification Code will appear on some versions of payroll firms’ Form W‐2 copies B and C, in a separate, labeled box (Copy B is "To be filed with employee's federal tax return" and Copy C is "For employee's records.")

• The form will include these instructions to taxpayer and tax preparers:– Verification Code. If this field is populated, enter this code when it is requested by your tax return preparation software

– It is possible your software or preparer will not request the code– The code is not entered on paper‐filed returns.

• Some Forms W‐2 employees receive will have a “Verification Code” box which is blank

• These taxpayers do not need to enter any code data into their tax software product


• For the purposes of the test, omitted and incorrect W‐2 Verification Codes will not delay the processing of a tax return

• The IRS will analyze this pilot data in a “test‐and‐learn” review to see if it is useful in evaluating the integrity of W‐2 information

• The code will not be included in Forms W‐2 or W‐2 data submitted by the PSPs to the Social Security Administration or any state or local departments of revenue

• Nor will this pilot affect state and local income tax returns or paper federal returns

1/19/2016

29

Tax Guidance : Identity Protection Services

• The IRS announced that the value of identity protection services provided by an organization to a victim of identity theft should not be included in the victim’s gross income for tax purposes

• This rule applies to any taxpayer who believes the safety of their personal information may have been breached

• Identity protection and data protection services include credit monitoring and reporting services, identity theft insurance policies, and services to restore victims’ identities

B205

Publication 4557"Safeguarding Taxpayer Data ‐ A Guide for Your Business"

• "Safeguarding Taxpayer Data ‐ A Guide for Your Business"

• The purpose of this publication is to provide information on legal requirements to safeguard taxpayer data

• Safeguarding taxpayer data is a top priority

• It is the legal responsibility of government, businesses, organizations and individuals that receive, maintain, share, transmit or store taxpayers’ personal information

Not in Book

Cybersecurity for Tax Preparers

• “Get a Transcript” breach

• Password guidance

– Change password periodically (every 90 days)

– The password must be a minimum of eight characters in length

– Any three of the following elements must be used

• Upper case letters

• Lower case letters

• Numbers

• Special characters (such as “!” or “&”)

B 205‐B206

1/19/2016

30

Additional Security Measures

• Hard drive encryption– Full encryption of each hard drive in the tax preparer’s office provides an extra layer of protection against unauthorized access that password protection does not provide

• Back up all data using a remote location– Backing up data in a secure, remote location ensures that there is a complete copy of sensitive client data that can still be used if the original data is damaged or compromised

• Use portable backup devices that are secure– Use of secure portable storage devices ensures that if the device is stolen or lost, no one else can access the information and use it for identity theft or other illegal purposes

B 207

89

Physical Safeguards

• Lock rooms and cabinets

• Store records in secured area

• Protect against destruction and damage

• Inventory hardware

• Dispose of information and hardware securely

Protecting your Businessand Clients

90

• System safeguards– Use strong passwords: Minimum of eight alphanumeric characters

– Change passwords periodically

– Use timed, password‐activated screen savers

– Don’t post or share passwords

• Encrypt sensitive data when:– Transmitting over networks

– Storing on servers or media

• Encrypt entire computers, media

Protecting your Business and Clients

1/19/2016

31

91

Protecting your Business and Clients

If you have a security breach:

•Notify law enforcement

•Notify FTC, visit www.FTC.gov for email and phone numbers

•Notify customers and business partners

•Take corrective actions•Prevent other breaches

What Can You Do?

• Educate employees on scams and risks

– IRS will not ask for sensitive information such as passwords or SSNs

• Increase employee awareness of dangers related to data theft

– Handling phishing emails, phone calls, etc.

• Check EFIN statistics regularly – if stats don’t match expectations, consult e‐Help Desk


• Create and implement a security and data compromise plan

• Necessary security software to include:– Firewall

– Anti‐virus

– File encryption

• Use encrypted email programs to exchange PII information with taxpayers

• Utilize strong passwords that are required to change periodically

1/19/2016

32


• Use a secure wireless connection

– Wi‐fi should be password protected

• Taxpayer information should be backed up with limited access granted to others

• Any paper files should be stored in secure location

• In case of breach, contact local stakeholder liaison

– Find liaison at IRS.gov, keyword “Stakeholder Liaison”

Planning Procedures

• Data Theft Plan– Review FTC Suggestions for Data Theft Response

– Notify parties • Law Enforcement

• IRS Stakeholder Liaison

• Major Credit Bureaus

• Individual(s) affected by theft

– Information to disclose:• How it happened

• Information jeopardized and taken

• Actions taken to resolve situation

96

Summary

Fighting identity theft is an ongoing battle that requires a collaborative effort among the IRS, practitioners and taxpayers

1/19/2016

33

Farm Tax Schools 2016

• November 2, 2016 to December 13, 2016 • 8 Locations in Iowa and Online Webinar• Save the Date for the 2016 Annual Farm and Urban Income Tax Schools• The program is intended for tax professionals and is designed to provide

up‐to‐date training on current tax law and regulations– November 2‐3: Maquoketa– November 7‐8: Red Oak– November 9‐10: Sheldon– November 14‐15: Mason City– November 17‐18: Ottumwa– November 21‐22: Waterloo– December 5‐6: Denison– December 12‐13: Ames and Live Webinar

Summer Webinars

• S Corporation Reasonable Compensation• ABLE Accounts• Travel, Meals and Entertainment• Preparing for a Gambling Audit• Your Client Dies, What’s Next?• Innocent Spouse• Above the Line Deductions • Roth IRA’s• Net Operating Losses• The Portability Election• IRS Return Preparer Penalties Overview• Miscellaneous Income• New Developments

Summer Webinars

• Employee vs. Independent Contractor• Cancellation of Debt• Tax Research with Limited Resources• Injured Spouse• IRS Representation• Let’s Talk Dependents• Inventory Issues• Retirement Options for Small Business• Preparing for an IRS Audit• Getting your Client Right with IRS• Appeals – How to Write Your Appeals Request• Start Up Costs• Federal Energy Credits Overview• Hobby Losses

1/19/2016

34

Beginning Tax PreparersClass

• CALT is working on offering a basic class for NEW tax preparers this fall in October

• The week long webinar will cover the basics an individual needs to know such as:– Requirement to file– Dependents– Filing Status– Itemized deductions– Earned Income Tax– Education Credits

• Other issues a first or second year preparer needs to know as well as a refresher for others who need to brush up on issues

• The class will be a week long or more and will be offered at a special rate

The Scoop

• Throughout the filing season two Scoops will be held on Scoop Dates– 8:00 – 8:30 am Central time– 12:00 – 12:30 Central time

• This assists with accommodating our west coast practitioners• The same information will be shared at both sessions• You have the option of registering for whatever session suits your

schedule• https://www.calt.iastate.edu/calendar‐node‐field‐seminar‐

date/month

The CALT StaffJohn D. Lawrence Interim DirectorAssociate Dean, College of Agriculture & Life Sciences Extension Programs and OutreachDirector, Agriculture & Natural Resources Extension132 Curtiss HallIowa State UniversityAmes, Iowa 50011‐1050

Kristine A. Tidgren

Staff Attorney

E‐mail: [email protected]

Phone: (515) 294‐6365

Fax: (515) 294‐0700

1/19/2016

35

The CALT Staff

Kristy S. Maitre

Tax Specialist


Phone: (515) 296‐3810

Fax: (515) 294‐0700

Tiffany L. Kayser

Program Administrator


Phone: (515) 294‐5217

Fax: (515) 294‐0700

Identity Theft2016.pptx [Read-Only] · • Identity theft is still the #1 complaint filed ... –...

Documents

Transcript of Identity Theft2016.pptx [Read-Only] · • Identity theft is still the #1 complaint filed ... –...