Identity theft: It's not just for credit cards anymore
It wasn’t long ago that the most important tool a person needed to protect his or her identity was a shredder. Unfortunately, in today’s world of big data, even the most conscientious shredder of documents who uses the most sophisticated of passwords is still at risk from an information breach that puts sensitive financial data in the hands of people who would use it for fraudulent purposes. One of the most troublesome uses for stolen information is the filing of fraudulent tax returns; in 2015 alone, an IRS hack left the data of more than 700,000 taxpayers compromised.
Tax return identity theft presents a harder problem to solve than fraudulent credit card use. If a thief uses a person’s credit card, or obtains a credit card fraudulently in someone else’s name, the credit card company can shut down the compromised account and, if necessary, quickly issue the rightful cardholder a new account. But if criminals file a false tax return using someone else’s information, a taxpayer’s social security account is much harder to change.
Protection from tax identity theft is similar to protection from other forms of identity theft. The key is to protect your personal information.
Once a criminal files a false return, it’s processed by the laws and regulations that are in place. First, the IRS is obligated by law to pay a claim for refund within a very short turnaround time. In many cases, the refund must be paid before the IRS has a chance to match the income reported on the tax form with information reports that it’s received, such as Forms W-2. Also, in an ironic twist that’s caused frustration for many victims of this crime, the fraudulent return gets the protection of IRS privacy restrictions. These examples illustrate a critical challenge facing the IRS: the agency must observe laws and regulations that, in some cases, protect the fraudulent filer. In some instances, the changes the IRS needs to make in order to improve its ability to identify and prevent tax return identity theft require law changes.
Still, the IRS has made substantial progress when it comes to identifying returns filed under stolen identities. The initial screening process for an electronically filed return has been adapted to identify and reject forms that have indicators of identity theft. The service has issued “Identity Protection PINs” to more than a million taxpayers who fit a profile suggesting that their tax account may have been compromised. These PINs provide a second layer of security as they’re required to be used by taxpayers in addition to their social security numbers.
So how can you protect your own tax return? The same way you protect yourself from any other type of identity theft — by protecting your personal information. The recent increase in fraudulent filings hasn’t resulted from secure taxpayer information that was breached at the IRS. All indicators point to the use of identifying information obtained elsewhere to file fraudulent returns.
The IRS provides advice on how to protect yourself from tax return identity theft in Publication 4524, Security Awareness for Taxpayers, available at www.irs.gov. It sounds a lot like other identity theft protection suggestions, but the key points bear repeating:
- Protect your computer. Use security software, and make sure it updates automatically. Encrypt sensitive data.
- Know who you’re dealing with when you share sensitive data online.
- Use strong passwords, and change them often.
- Beware of scams. Emails, texts, or calls that appear to be from the IRS or a company you know are often phishing scams. The IRS will not call you with threats of jail or lawsuits. The IRS doesn’t send emails suggesting that you have an unclaimed refund and you need to update your account.
- Don’t open attachments in emails unless you know who sent it and what it is.
If you believe you may have been subject to tax return identity theft, or an identity theft that may include the information needed to file a return in your name, the IRS provides a Taxpayer Guide to Identity Theft on its website. For more information, give us a call.