IRS Data Thefts and Protecting Client Tax Information for CPAs

By | November 18, 2015

IRS Data Thefts and Protecting Client Tax Information for CPAs

You and your clients are on the frontlines in defending against identity thieves. You will hear more about our security summit in a minute, but I want you to know we are committed to working in partnership with you and the tax professional’s organizations to protect the integrity of the tax system. We, the tax industry, states, and the IRS, all have a role to play in this effort. We all share a common enemy, those who are stealing your clients’ personal information and committing refund fraud. And we all share a common goal, protecting taxpayers.


Identity Theft and Tax Returns

It is clear that criminals have been able to gather significant amounts of personal information as the result of data breaches at sources outside the IRS, which makes protecting taxpayers increasingly challenging and difficult. That’s why we had the security summit that Ken will talk about today, and why we joined with the states and the tax industry to make substantive changes for 2016. No one of us can fight this enemy alone, but together we have a chance to achieve our goal of protecting taxpayers


IRS Publication 4524, Security Awareness and Identity Theft

This publication is aimed at taxpayers. You can easily print it and include it in the completed tax package you give your clients. There will also be updated information on this filing season.

The IRS has made significant inroads in combatting tax-related identity theft, but the depth and breadth of the problem continues to present a challenge, not only to the IRS but I would argue to every business and organization in the country. This includes the tax-preparer industry. Personal data, whether it’s credit card numbers or names, bank accounts, addresses, and social security numbers, are commodities, products that can be stolen and then bought and sold on a global black market, and used for fraudulent purposes. The thieves can be international cybercriminals beyond our reach, or they can be that disgruntled employee you just fired. The Bureau of Justice Statistics reports identity theft now costs U.S. victims more than all other property crimes combined. The Federal Trade Commission reports identity theft is the number one compliant by citizens.


How much do criminals steal on tax returns?

A March 2015 study by a California research company found criminals stole $16 billion from 12.7 million American consumers in 2014. That’s a new fraud victim every two seconds, and two-thirds of those victims were data breach victims. Also this spring, IBM issued a study that found more than one billion personal records, many with personally identifiable information, were stolen in 2014. Many of these data breaches most often in the news involve credit cards. But, more important, especially for the tax industry, are the data thefts involving personally identifiable information, or PII. This often involves an individual’s name, social security number, address, and maybe even a list of their dependents and their SSNs. Criminals can do far greater damage to victims with stolen PII.







IRS Identity Theft and Tax Transcripts

Generally, you’re not liable for elicit charges to your credit card, but if a thief opens a financial account in your name or, even worse, hijacks your bank account, you can suffer horrible financial, emotional, and personal losses. The Department of Health and Human Services keeps a record of data thefts involving health care-related entities involving more than 500 people. So far, for 2015, data thefts involving health care-related entities results in more than 150 thefts of PII and/or health care information for more than 100 million Americans. There is a glut of PII on the black market. A good illustration of this is our own “Get Transcript” application. In this sophisticated effort, third parties succeeded in clearing a multi-step authentication process that required prior personal knowledge about the taxpayer, including social security number, date of birth, tax filing status, and street address before accessing IRS system.

In 2012, tax returns passed through 11 filters. Today, returns must pass through nearly 200 filters. We also have accelerated, to the extent we can under present law, the use of information returns in order to identify mismatches earlier. We are also limiting the number of refunds that can be electronically deposited into a single financial account or prepaid debit card. We have implemented a variety of mechanisms to stop the growing use by criminals of decreased individuals’ identity information to perpetuate tax fraud. We routinely lock accounts of deceased taxpayers, and have locked nearly 29 million accounts to-date. Also, the Bipartisan Budget Act of 2013 included the administration’s proposal to limit public access to the Death Master File, which should further help to reduce identity theft related totax fraud.


EFINs, Electronic Filing Identification Numbers

For those of you who have EFINs, Electronic Filing Identification Numbers, you should know we are doing a comprehensive review of this program to determine what we can do to improve safeguards. We already have stepped up efforts to expel those who are abusing EFINs for fraudulent purposes. We are working hard to prevent them from using stolen identities to obtain your EIN or using your EIN to e-file identity theft returns. Also, we have increased our number of on-site visits as a part of our monitoring program to ensure EFINs are being used properly.