Over the last year, I’ve replaced my debit card three times because someone got the number. Video games in London? No, that wasn’t me – and I wasn’t the one buying Android games for my iPhone. Fortunately, my bank has a quick-responding fraud detection system, and except for the inconvenience of replacing my card, I didn’t lose anything.
I’ve been lucky, but according to a summary by the Insurance Information Institute, during 2016, $16 billion was stolen from 15.4 million U.S. consumers through identity theft. Nearly a third of identity theft involves fraudulent tax returns. On a global scale, losses from cybercrime – which includes identity theft – were estimated to be between $375 billion and $575 billion during 2014.
What can accounting professionals do to help our clients prevent, or recover from, identity theft? Here are four areas to think about:
#1: Keep secret info secret
By now, everyone should know the importance of safeguarding their Social Security Number, and most know that when a phone call or email from the IRS comes, it’s most likely not really the IRS. The best response to a suspicious phone call is to hang up. Suspicious or spammy looking emails should be deleted immediately.
Last summer, the IRS publicized a new scam aimed at the payroll or human resources divisions of companies. A fraudster poses as an executive or owner of the company, and after a few friendly email exchanges, asks for a list of all employees and their W-2s as part of an audit or survey. They may also request a wire transfer of funds to an outside account.
Look around your office and see where files containing confidential information are stored. In secure file cabinets or locked file rooms? Good job!
At a firm I once worked, thieves tried to break in by forcing open an outside door. Fortunately, the building alarm frightened them away. After that, when staff left for the night, all client documents were moved to a locked file room. More information on keeping your clients’ information safe is in IRS Publication 4557, Safeguarding Taxpayer Data.
#2: Clean up the loose ends
If your clients are victims of identity theft, make sure they contact the Federal Trade Commission (FTC) and file an Identity Theft Complaint. The FTC has an excellent guide for creating a recovery plan. Another excellent resource with clear instructions on what individuals should do is at bankrate.com.
Your client may need to close accounts opened in their name and alert banks, credit card companies and investment advisors of the theft. Passwords will need to be changed.
#3: Don’t ignore odd letters in the mail
Notices from credit card companies or the gas company about past due amounts — when your client knows they paid in full — can be signs that someone has opened an account using stolen information.
Likewise, if your clients receive a notice from the IRS or another taxing authority that doesn’t make sense, that could be a sign of fraudulent activity in their account. Usually, the first sign of tax return fraud is an e-filed return that gets rejected because someone has already filed using that Social Security Number. A letter requesting additional payments when the tax liability should have been paid in full can be another sign of trouble.
If your client is the victim of tax return fraud, you’ll need to paper file returns and attach Form 14039, Identity Theft Affidavit, until the situation is resolved.
#4: Watch for business identity theft
While most publicity around identity theft focuses on individuals, businesses can also have their identities stolen. You can find out more about business identity theft here. Fraudsters who obtain a business’ employer identification number (EIN) can create fictitious W-2s and use those to file fraudulent tax returns.
With the EIN in hand and other publicly available information, such as the business address and names of officers, a fraudster can open a line of credit with a bank or retailer, or open a business credit card. Sadly, commercial credit cards don’t always have the same liability protections for businesses that individuals enjoy, leaving the owner on the hook for the whole amount.
Business owners should get in the habit of checking the credit reports for their businesses annually. Under no circumstances should their EIN be visible on their website.
With vigilance and quick action, losses due to identity theft can be minimized. It may be a pain, but it’s worth it to take a few extra precautions.