What you need to know to combat tax identity theft

Earlier this year, the U.S. Federal Trade Commission (FTC) reported there was an almost 50% jump in identity theft complaints in 2015. The primary driver of that spike, by far, was tax identity theft. The FTC received 490,220 complaints about identity theft last year, with tax identity theft accounting for 221,854 of the complaints.

It’s obvious that individuals can’t afford to ignore the threat of tax identity theft, but the IRS has taken some measures to combat the epidemic that has implications for employers, too. Businesses also need to be aware of the risk of tax identity theft they face. Criminals aren’t just pursuing Social Security numbers (SSNs) — they’re also going after employer ID numbers (EINs) assigned by the IRS.

Individual tax identity theft

To date, most of the attention has been paid to individual victims of tax identity theft. According to the IRS, it occurs when someone uses a stolen SSN to file a tax return claiming a fraudulent refund. The victim may be unaware of this until he or she attempts to file a return and learns that one has already been filed. Alternatively, the IRS might send a taxpayer a letter saying it has identified a suspicious return with the taxpayer’s SSN. The U.S. Government Accountability Office found that the IRS paid out $5.8 billion dollars in fraudulent refunds for the 2013 tax year.

In addition, a fraudster might use another’s SSN to obtain a job. The employer then reports that person’s income to the IRS under the stolen SSN. The victim, obviously, won’t include those earnings when filing his or her tax return, so IRS records will indicate that the victim underreported income.

How does a fraudster obtain an SSN? These thefts can often be traced back to the victim’s place of employment. Insiders at a company may steal the numbers and other employee or customer information. Perpetrators also might wait until staff members let their guards down and leave SSNs readily accessible on computers or in waste receptacles. And, of course, individuals may simply be careless with their SSNs and other sensitive information.

While large companies like banks and hospitals are favorite targets, the improper lifting of just a single SSN can wreak havoc for one of your employees or customers. That means smaller companies are at risk, too.

IRS actions

Tax identity theft is a top concern for the IRS, which has again placed it on its annual “Dirty Dozen Tax Scams” list. The agency will be implementing new provisions and is working with states and the payroll industry to put new safeguards in practice.

Most notably for employers, the Protecting Americans from Tax Hikes (PATH) Act signed in late 2015 now requires employers to file W-2, W-3 and 1099 forms by January 31 of the year following the tax year. The idea is that it will be easier for the IRS to catch discrepancies between legitimate forms filed by employers and those filed by fraudsters seeking refunds based on false forms — before the agency sends out refund checks.

The earlier deadline takes effect for statements filed in 2017 for the 2016 tax year. (W-2s and 1099s still must be furnished to employees and payees by January 31.) With these forms now due to be filed with the IRS a month earlier than in the past (or, for electronic filers, two months earlier), employers will need to pull together the necessary information more promptly.

The IRS is also expected to expand a pilot program it launched this year to verify the authenticity of W-2 data submitted by taxpayers on electronically filed tax returns. For the pilot program, the IRS partnered with several major payroll service providers to provide a 16-digit code and a new Verification Code field on a limited number of W-2 copies provided to employees. Each unique number is derived from data on the form itself and therefore is known only to the IRS, the payroll service provider and the employee. The IRS plans to broaden the scope of the program for the 2017 filing season by increasing the number and types of W-2 issuers involved.

Risks for businesses

Thieves are going after EINs, which is a startling proposition for the many businesses that put far more effort into protecting SSNs than their EINs. A fraudster could use a stolen EIN to report false income and withholding and file for a refund. The Treasury Inspector General for Tax Administration has estimated that the IRS could issue almost $2.3 billion in potentially fraudulent tax refunds based on EINs annually. Moreover, the legitimate business could find the IRS coming after it for payroll taxes that were reported as withheld but not remitted.

As with SSN theft, EIN theft victims may not discover something’s amiss until they file their tax returns and receive IRS notification that they had already filed for that tax year. They also might be tipped off by receipt of an IRS notice regarding nonexistent employees.

Tips for preventing tax identity theft

You can take several steps to help reduce the risk of theft of SSNs and EINs, including:

Use antivirus and other security software on all workplace and personal computers,
Update your data security plans regularly to reflect new risks,
Educate employees about phishing schemes,
Truncate or redacte identifying numbers where possible,
Keep identifying numbers and other sensitive information in a secure location and restrict access on a need-to-know basis,
Update business filings with the IRS and the secretary of state for your state when contact information changes,
Monitor your credit reports, IRS and state tax authority accounts, and other business filings,
File W-2s, W-3s and 1099s as early as possible, and
Develop an action strategy for dealing with tax identity theft, including identifying whom to notify in the event of theft.

Businesses should bear in mind — and remind their employees and customers — that the IRS doesn’t initiate contact with taxpayers by email, text messages or social media to request personal or financial information.

Don’t put your head in the sand

The risk of tax identity theft, whether of SSNs or EINs, is real. We can help you take the necessary steps to avoid the morass of negative consequences that can result for a business and its employees and customers.

Side Note:

Some tax refunds delayed next year to help combat tax identity theft
In efforts to combat target areas of identity theft, no credit or refund will be issued before February 15 on returns processed in early 2017 with the Earned Income Credit and/or the Additional Child Tax Credit, due to a mandate enacted December 18, 2015 by the PATH Act. Since many of the fraudulent returns contain refundable credits, the delay in processing refunds will allow the IRS more time to analyze returns for validity.

Some tax refunds delayed next year to help combat tax identity theft

In efforts to combat target areas of identity theft, no credit or refund will be issued before February 15 on returns processed in early 2017 with the Earned Income Credit and/or the Additional Child Tax Credit, due to a mandate enacted December 18, 2015 by the PATH Act. Since many of the fraudulent returns contain refundable credits, the delay in processing refunds will allow the IRS more time to analyze returns for validity.

SKR+Co Not-for-Profit Newsletter

June 2014

Footnotes tell a story — What constituents can glean from your financial statements

When reviewing financial statements, nonprofit board members and managers sometimes make the mistake of focusing solely on bottom-line figures, but these statements also may include a wealth of information in their disclosures. Savvy constituents and potential supporters know this, so nonprofit executives need to be familiar with the common types of disclosures and the information they make available for scrutiny. This article notes the information that statements provide regarding accounting policies, related party transactions, contingencies and other matters. A sidebar describes a particular Form 990 disclosure that has gotten renewed attention.

Read the Full Article Here.

Tips for preventing fraud in your organization

Fraud doesn’t just hurt a nonprofit’s bottom line — it also could do devastating damage to its reputation. However, this article discusses how, by implementing some simple controls, an organization can help protect itself from these risks. These controls involve segregation of accounting duties, fraud awareness training for all employees, establishment of a fraud hotline, and risk assessment.

Read the Full Article Here.

Not all funds are created equal

Types of funding vary greatly in how they can — or cannot — be used. This article discusses the differences between permanently restricted funds, temporarily restricted funds and unrestricted funds, and how to beef up donations of the latter.

Read the Full Article Here.

Newsbits — A-133 audit threshold change, online fundraising failures, and new open data tool

In this issue, “Newsbits” takes a look at Office of Management and Budget rules that reduce the burden on smaller nonprofits by increasing the threshold that triggers compliance audits. It also discusses a study showing that most organizations have room for improvement with online fundraising, and notes an online tool that provides free and open access to data on nearly 82,000 independent, corporate, community and grantmaking operating foundations.