7/14/2016
Tax-related Identity TheftPrevent, Detection and Victim Assistance
IRS Future StateAn evolving effort to meet taxpayer needs
Example Ongoing Initiatives
• Security Summit Group
• Taxpayer Assistance Centers
Appointment-Based System
• Improved Online Services
• Compliance Realignment
• Identity Theft Victim Assistance
• Enterprise Records Management
2 IRS Future State
Presentation Title | BOD 3
Security Summit Initiative 2016
• Increased sharing of data elements
from returns
• Enhanced password requirements for
software
• MOU signed by 40 state agencies, 21
tax industry partners
• Stronger cybersecurity framework
• Creation of a information sharing
center
Presentation Title | BOD 4
Security Summit Initiative 2016
• Created tax preparer work group
• Launched taxpayer education
campaign
• Pub 4524 – Security Awareness for
Taxpayers
• Tax preparers increasingly targeted
by cybercriminals
• Pub 4557 – Safeguarding Taxpayer
Data
• W-2 Verification Code Pilot
–Testing a 16-digit code for the Form W-2
–Taxpayer enters code on return as part of
W-2 entries
–Code helps verify authenticity information
on the Form W-2
• Improved return filtering and modeling
–Help stop business refundable credit fraud
IRS efforts to combat
Business Identity Theft
Presentation Title | BOD 6
IRS Impersonation Scams
• IRS doesn’t make threats of lawsuits
or jail
• IRS does not use email, texts or
social media to ask for personal or
financial data
• Impersonation scams netted $29
million from more than 5,500 victims
Suspicious IRS Emails / Phone Calls www.irs.gov/uac/Report-Phishing
7
8
9
• IRS reviewing improvements to EFIN
safeguards
–Stepped up efforts to expel EFIN abusers;
–Increased on-site visits as part of monitoring
process
• EFIN holders should review return numbers
during filing season
–e-Services Account updated weekly
–Excessive numbers can be reported to
e-Help Desk
Protect your EFIN
Truncated Taxpayer Identification
Numbers TTIN
The IRS issued final regulations (Internal
Revenue Bulletin 2014-31) on July 15, 2014
that allow you to truncate payee identification
numbers on statements. The goal of these
regulations is to reduce the risk of identity
theft that may stem from including a
taxpayer’s entire identifying number on a
payee statement.
2016
Tax Law Updates
Understanding Your CP148A
Notice
When we change a business address in our records,
we send a CP 148A to the new address.
We issue a notice of confirmation of an address
change to both the employer's former and new
address.
We update an address when we receive either a:
• Form 8822-B
• Employment tax return with an address different
from what's on our records.
Presentation Title | BOD 15
Victim Warning Signs
• Receive IRS notice
• Return rejected because of duplicate
SSN
• Receive IRS notice for year did not
file a return
• Record of wages from an unknown
employer
• Taxpayer Protection Program generates:
• Letter 4883C for prior-year suspicious returns
• Letter 5071C for current-year suspicious
returns
–Most common correspondence
–Taxpayer self-verifies at Idverify.IRS.gov
• Letter 5447C for suspicious returns with
foreign addresses
Tax-Related Identity Theft
Presentation Title | BOD 17
Victim Assistance
For returns stopped by filters:
• IRS issues Letter 5071C
• Taxpayer verifies identity online at
IDVerify.IRS.gov
• Fraudulent return is archived
• Taxpayer account marked with an
indicator
Presentation Title | BOD 18
Victim Assistance
For returns rejected because of
duplicate SSN:
• File Form 14039, Identity Theft
Affidavit
• File return by paper
• Pay any tax owed
• Respond to IRS notices or letters
• Resolution time approx. 120 days
Presentation Title | BOD 19
Victim Assistance
• Confirmed identity theft victims
generally eligible for an Identity
Protect PIN
• 2.7 million IP PINs issued for 2016
• IP Pin – additional layer of protection
for the SSN
• New six-digit PIN issued each year
Types of IRS notices
• CP01 – Notifies the taxpayer that the IRS
has resolved IDT issues and that an
identity theft indicator has been placed on
their account.
• CP01A – An annual notice that contains
the latest IP PIN.
• CP01F – A one-time notice for 2015 giving
certain taxpayers option of obtaining an IP
PIN through www.irs.gov/getanippin.
Presentation Name | W&I 20
• Six-digit number that adds an additional layer
of protection along with the SSN or ITIN
• Victims notified once tax-related IDT case
resolved
• Taxpayer will receive a CP01A notice
containing a new IP PIN each year
• Some taxpayers have the option of getting an
IP PIN from IRS.gov
• Enter numbers for all IP PIN holders
About the Identity Protection PIN
(IP PIN)
22
The IP PIN Pilot
• There is an ongoing pilot program for
taxpayers who filed 2013 returns from Florida,
Georgia or District of Columbia.
• Taxpayers from these states did not have to
be victims of identity theft to qualify for this
program.
• Taxpayers could opt-in to get an IP PIN by
using online application at
www.IRS.gov/getanippin.
23
Insert Get Transcript here
“Get Transcript” IRS Notices
• 4281G
• 4281B
• 4281F
25
Instructions for Requesting Copy
of Fraudulent Returnshttps://www.irs.gov/Individuals/Instructions-for-
Requesting-Copy-of-Fraudulent-Returns
A victim of identity theft or a person
authorized to obtain the identity theft victim’s
tax information may request a redacted copy
(one with some information blacked-out) of a
fraudulent return that was filed and accepted
by the IRS using the identity theft victim’s
name and SSN.26
Business-related identity theft
• An identity thief files a business tax return
(Form 1120, 720 etc.) using the Employer
Identification Number of an active or inactive
business to obtain a fraudulent refund.
• An identity thief, using the EIN of an active or
inactive business, files fraudulent Forms 941
and W-2 to support a bogus Form 1040
claiming a fraudulent refund.
27
Data Theft and Securing
Client Tax Information
• The risk is real; preparers are prime targets for
identity thieves
• Cybercriminal tactics constantly evolve
• Data loss can occur so many ways:
–Burglar steals office computers
–Cybercriminal breaches your systems using
phishing and malware schemes
–Disgruntled employees steals client info
–Dispose of old devices without erasing data
Data Theft
• Read Publication 4557, Safeguarding
Taxpayer Data
• Review current security measures
• Create a security plan
–Use top-notch software security
–Educate all employees
–Use strong passwords
–Secure Wi-Fi
–Encrypt PII emails
–Backup files
Steps to Protect Client Data
• Create a reaction plan for data theft
–Call IRS Stakeholder Liaison (found on
IRS.gov)
• Review Federal Trade Commission’s
“Business Center” to assist businesses with
data losses
–Notify police
–Notify businesses
–Notify clients
Plan Ahead for Data Loss
Presentation Title | BOD 34
Steady Progress Made
• 2,000 people convicted of stolen
identity refund fraud in recent years;
• 1,700 open investigations
• Improved and increased identity theft
filters
• Limited direct deposit refunds into
single accounts
• Worked with financial institutions
Presentation Title | BOD 35
Steady Progress Made
• Stopped 1.4 million IDT returns in
2015
• Protected $8.7 billion in refunds
• Closed 700,000 IDT cases in 2015
• Resolution time reduced to 120 days
• IRS, state tax administrators and tax industry
working together to increase public awareness
about security protections online and at home.
• Review Publication 4524, Security Awareness
for Taxpayers
• Consider printing and sharing this one-page
guide with your clients
Help Educate Clients
• The risk is real
• Make a security plan
• Make a data loss plan
• Contact Stakeholder Liaison if you experience
a data compromise
Summary