0. Taxes & Identity Theft Jody Stamback Sr. Stakeholder Liaison
Revised February 1, 2015

1. What is tax-related identity theft?
Tax-related identity theft occurs when someone uses your Social Security Number (SSN) to file a tax return claiming a fraudulent refund.
Thank you for the invitation to speak today. This is such an important issue. Obviously, identity theft in general presents a burden to its victims. It also presents a challenge to businesses, organizations and governmental agencies, including the IRS.
Identity theft happens when someone steals your personal information and uses it without your permission. It’s a serious crime that can wreak havoc with your finances, credit history and reputation – and take time and money and patience to resolve.
As we begin today, it is important to understand the IRS definition of identity theft. (Read SLIDE). There are many types of identity theft and the Federal Trade Commission is the lead federal agency on the issue generally. The IRS focus is on identity theft involving fraudulent tax returns and assisting those victims of tax-related identity theft. Tax-related identity theft does NOT involve stolen credit card numbers or password or lost wallets unless you are carrying your Social Security Card.

2. IRS Strategy
The IRS combats identity theft with a multi-pronged strategy:
Prevention
Detection
Victim Assistance
IRS has a three-prong strategy: prevention, early detection and victim assistance.
Let me start with the prevention and detection strategy.
The IRS has a dual mission when it comes to issuing refunds. We must balance the need to issue refunds in a timely manner with a need to ensure that claims are proper and taxpayer rights are protected.
Years ago, taxpayers could expect to wait several weeks for a refund. Now, more than 80 percent of taxpayers file their tax returns electronically and, when coupled with direct deposit, most taxpayers receive their refunds in 21 days or less.
Typically, we receive third-party information – such as Forms W-2 that verifies information on returns – AFTER the tax return is filed. We address this lag time by using filters and compliance checks to identify potential identity theft and fraud. We hold these refunds and release them only after the third-party information is available or after the taxpayer authenticates their identity.
Presentation Name | W&I

3. Prevention and Detection
In recent years, the IRS has made numerous improvements to catch fraud before refunds are issued:
Deployed more than 100 filters
Limited direct deposit
Locked deceased taxpayers’ accounts
Improved cooperation with local law enforcement
In recent years, the IRS has made numerous improvements in our efforts to catch fraud before refunds are issued:
• We’ve improved identity theft screening filters to improve our ability to spot false returns before we issue refunds.
• Starting this January, direct deposit will be limited to three refunds into one account or pre-paid debt card. This will stop thieves from directing hundreds of fraudulent refunds into their accounts.
• We are working to stop the growing use by criminals of deceased individuals’ identity information. We routinely lock accounts of deceased taxpayers, and have locked more than 25 million accounts to date. Also, the Bipartisan Budget Act of 2013 limited public access to the Social Security Administrations’ Death Master File, which should further help to reduce identity-theft related tax fraud.
• We have developed better procedures to use information about identity theft victims received from law enforcement officials who discover this information in the course of investigating identity theft schemes or other criminal activity. We use the data to flag taxpayer accounts and block returns filed by identity thieves.
Presentation Name | W&I

4. Prevention and Detection
Improvements, continued:
Worked with state Departments of Corrections to curtail refund fraud by prisoners
Partnered with financial institutions and software developers
Worked with the pre-paid access card industry
We have developed procedures to better stop the processing of fraudulent returns from prisoners.
We are collaborating with software developers, banks, and others to determine how we can better address identity theft and prevent federal monies from reaching the hands of identity thieves.
To combat the fraudulent use of prepaid debit cards, the IRS has also established relationships with representatives of the prepaid access card industry.
Those are just some highlights on the prevention and detection front. Because of all these improvements we do stop the vast majority of fraudulent refunds. We are working hard, but we cannot stop it completely. Thieves are always coming up with new schemes that challenge our systems.
Presentation Name | W&I

5. How identity theft occurs
Identity theft most often occurs from the following sources:
Dumpster diving
Skimming
Phishing
Address changes
Theft of records
Pre-texting
Trojan Horses
Spyware
Data breaches
Let me turn to IRS Victim Assistance. There are numerous ways that people can become identity theft victims.
Dumpster Diving
Looking through garbage for bills, papers, and financial statements with personal information
Skimming
Small electronic devices that read credit card information by “swiping” or “skimming over” the card - these devices can be easily concealed in a pocket, like an apron pocket maybe
Phishing
Electronic mails sent from what appear to be legitimate financial institutions, requesting account and password information
Address Changes
Diversion of mail to a new address or theft from a mailbox
Theft
Theft of a wallet, purse, or car, or even a burglary of home or doctors’ offices
Pre-Texting
The victim is contacted by phone, mail, text, or even in person by what appears to be a legitimate institution, business owner, charity solicitor, etc. attempting to obtain personal or account information – thief is acting on the “pre-text” of having a legitimate reason for obtaining your personal information.
Trojan Virus
A Trojan horse, or Trojan, is a non-self-replicating type of malware which purports to perform a desirable function but instead drops a malicious payload, often including a “backdoor” allowing unauthorized access to the target's computer. These backdoors tend to be invisible to average users. Trojans do not attempt to inject themselves into files like some other viruses. Trojan horses may steal information, or harm their host computer systems.
Spyware
Spyware is a software that aids in gathering information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge.
"Spyware" is mostly classified into four types: system monitors, Trojans, adware, and tracking cookies. Spyware is mostly used for purposes such as; tracking and storing internet users' movements on the web; serving up pop-up ads to internet users, etc.
Data Breach
When a company or educational or financial institution etc. database is compromised, and personal information is released or placed at risk. Large- scale data breaches are often in the news of late. Data theft at major companies often makes headlines, but data breaches at small companies, including tax preparation companies, also occur.
I want to stress again, the issue here for tax-related identity theft is the Social Security number. A stolen credit card will not effect tax administration. However, a stolen SSN may affect tax administration.

6. Victim Assistance Warning signs:
E-filed return rejected as a duplicate
IRS notice that more than one tax return was filed for taxpayer(s)
Individuals may owe additional tax, have a refund offset or have collection actions taken against them
IRS records indicate taxpayer(s) received wages from an employer unknown to them
Generally, identity thieves will file fraudulent tax returns very early in the filing season. The real taxpayer may be unaware that their SSN has been compromised until they file a tax return. They may not realize they are a victim until their electronically filed return is rejected as a duplicate.
They may also receive an IRS notice or letter that states:
• More than one tax return was filed for them,
• They owe additional tax, have a refund offset or have had collection actions taken against them for a year in which they did not file a tax return, or
• IRS records indicate they received wages from an employer unknown to them.
The taxpayer may self-report identity theft OR the IRS may discover that fraudulent returns are being filed with their SSN.
Presentation Name | W&I

7. Recommended steps for IDT victims
Steps recommended by FTC for all identity theft victims:
File a police report
File a complaint with the FTC
Contact one of the three credit bureaus to place a “fraud alert”
Close any account opened without your permission
The initial steps for taxpayers to follow are the same that the FTC recommends for all identity theft victims:
• File a police report
• File a complaint with the FTC through it’s Compliant Assistant available at
• Contact one of the three major credit bureaus to place a “fraud alert” on their account – and this is an important step because it also helps prevent criminals from opening bank accounts in their names and directing fraudulent refunds to those accounts.
Close any account opened without your permission.
Presentation Name | W&I

8. Recommended steps for IDT victims
Victims of tax-related identity theft should take these additional steps:
Submit IRS Form 14039, Identity Theft Affidavit
Respond immediately to IRS notices and letters
Continue to file and pay taxes even if by paper
Visit IRS.gov/identitytheft
If the person’s SSN has been compromised and they know or suspect they are victims of tax-related identity theft, they should take some additional steps:
• Complete and file IRS Form 14039, the Identity Theft Affidavit; it’s available on IRS.gov
• Respond immediately to any IRS letters or notices
• Continue to file and pay their taxes even if they have to file their return by paper instead of electronically.
Let me just note that we have improved information on our webpage and should you receive constituent inquiries, one place you may direct them is the main IDT page at
We also have a new publication – Publication 5027, Identity Theft Information for Taxpayers. This is a one-page publication that is easy to send electronically or to print if you are searching for a quick reference to help people in your districts.
We have a another new publication just for tax preparers, Publication 5199, Tax Preparer Guide to Identity Theft.
Both of these publications are available at IRS.gov/identitytheft (i-r-s dot g-o-v slash identitytheft – oneword)
All the recommended steps I’ve just given you are on our web site and in those two publications.
Presentation Name | W&I

9. Victim Assistance Process
Confirmed IDT victim files IRS Form 14039, Identity Theft Affidavit (with or without a return).
IRS codes taxpayer’s account to show we received identity theft documentation.
If necessary, IRS reconciles taxpayer’s account to reflect valid return information.
IRS places identity theft indicator on the taxpayer’s account.
The Form should be submitted only by taxpayers who are victims of tax-related identity theft. Only taxpayers whose SSNs have been compromised in some way should submit this form.
Bullet 1: The first step is the completion and submission of Form To avoid processing delays, it is critical that directions be read and followed exactly.
This means taxpayers must select the correct reason they are filing the form:
If they have been the victim of identity theft related to their tax administration they should check the appropriate box(es).
If they have been a victim outside of their tax administration they should check the appropriate box(es) for that.
Written content must be legible. To make it easier, Form on IRS.gov is a fillable form. It can be completed online and printed.
The form should be mailed or fax as appropriate if submitted separately from the tax return. Again, following the directions is key here to avoid delays. DO NOT submit as both mail and fax, that will only cause a delay. If the taxpayer is filing by paper because the e-file return was rejected as a duplicate, the should be filed along with the paper return.
Bullet 2: IRS will place a code on the taxpayer’s account that an identity theft claim has been received.
If the identity theft incident is related to a dependent’s SSN (Dependent’s SSN has been used as the primary or secondary SSN on another return), the Form will be removed from the tax return and worked as a separate case. I just can’t stress enough that it is critical that directions on the form itself be thoroughly read and followed.  
Bullet 3: The Form 14039, attached documentation, and tax return will be reviewed by an IRS employee who is specially trained in identity theft cases. If the information indicates that the return is from the valid taxpayer, the account is adjusted to reflect the correct return information, including address. These can be complex cases but we have been working hard to reduce the time it takes for resolution.
Bullet 4: Upon completion, an identity theft marker that reflects the type of identity theft reported is placed on the taxpayer’s account. At this point, any refund that is due is issued to the taxpayer.

10. Victim Assistance Process
IRS issues a CP01 notice
Before the next filing season, the IRS generally assigns the taxpayer a unique Identity Protection PIN to use when filing.
If the IRS identifies the taxpayer as deceased, the account is locked to prevent future filings from being processed.
Bullet 1: Once an identity theft case is completely resolved, and the identity theft marker has been placed on the account, a CP01 notice is issued to the taxpayer to let them know that the process has been completed and that a marker has been placed on their account. Again, as we continually strive to streamline and perfect this process, thorough understanding of and following instructions on forms, letters, and notices received by taxpayers is of the utmost importance.
Bullet 2: Prior to the next filing season, taxpayers who have received an identity theft marker on their account will receive a unique IP PIN to be used with the filing of their tax return. NOTE: Not all taxpayers who submit a may receive an IP PIN.
Bullet 3: If the taxpayer is identified as being deceased, after the posting of their "final return“, their account will be locked to prevent any future filing under the taxpayer’s SSN.

11. Victim Assistance Process
The IP PIN is a six-digit number assigned annually to:
A validated identity theft victim or
A taxpayer who voluntarily opt in to an ongoing pilot project
The IP PIN is used as a supplement to the taxpayer’s SSN to identify the taxpayer as the valid owner of the SSN and related tax account.
Bullet 1: Once the taxpayer’s identity theft case has been resolved, the taxpayer will be issued a randomly generated 6 digit number that is assigned only to their account.  Here’s the caveat: Once taxpayers are part of the IP PIN program, they may not, at this time, opt out. Each year they will be assigned a new IP PIN and it must be used on the return. Currently the IP PIN is issued to the taxpayer via CP01A prior to the start of filing season.
Not every taxpayer who files a Form will receive an IP PIN.
The account must have been completely resolved by the date that the IP PIN is generated (usually in early December).
The taxpayer was not deceased in the current year.
There are several other factors that determine when an IP PIN is not appropriate.
IRS is currently looking at several options to increase the efficiency of the process by which the IP PIN is issued to the taxpayer. If there are any changes to the current process, we will issue program updates via quick alerts, e-news for tax practitioners, professional organizations and other methods. 
Bullet 2: The primary purpose of the IP PIN is to validate the identity of the taxpayer who is filing the return. The IP PIN does not take the place of the SSN.
The 6 digit IP PIN should not be confused with the 5 digit self-select or IRS provided "Electronic Signature PIN". The IP PIN acts as an identity authenticator and the Electronic Signature PIN signs the return digitally. If you are not familiar with where the IP PIN is placed within your tax preparation software, contact your software provider.

12. Types of IRS notices
CP01 – Notifies the taxpayer that the IRS has resolved IDT issues and that an identity theft indicator has been placed on their account.
CP01A – An annual notice that contains the latest IP PIN.
CP01F – A one-time notice for 2015 giving certain taxpayers option of obtaining an IP PIN through
I want to just take minute to review the notices issued around identity theft.
The CP01 –notification to the taxpayer to let them know that the process has been completed and that a marker has been placed on their account.
The CP01A is issued annually. It includes the new assigned IP PIN that must be used for the upcoming filing season. If this IP PIN is lost, the taxpayer must go to the online application – irs.gov slash GET AN IP PIN. We issued approximately million CP01A notices in December 2014 for the 2015 filing season.
The CP01F is a new notice that is just for We identified approximately 1.7 million taxpayers who had some indication of identity theft related to their tax accounts. This notice provides those taxpayers with the OPTION of obtaining an IP PIN. They must use the online application – – to get their IP PIN for Again, the caveat is if they opt for an IP PIN, they may not, as of now, opt out.

13. Retrieving lost or misplaced IP PINs
Use online application to retrieve original at or
Contact IPSU at for a “replacement” IP PIN.
A replacement IP PIN will result in processing and refund delays because of validation requirements
Taxpayers who misplaced or did not receive their IP PINs could get their original IP PIN using an online application on IRS.gov at
Taxpayers will be asked to set up an account on IRS.gov (must have an address to do this)
IRS will send an authentication to that address supplied during the registration process.
The taxpayer must then input the authentication code into the area provided during the registration process.
Taxpayers will need to respond to a series of tax and non-tax related questions that would have been difficult for someone else to answer.
After successfully validating their identity, taxpayers will get their original IP PIN through the website.
There will be some taxpayers who are unable or reluctant to use an online application to obtain their original IP PIN
If a taxpayer:
does not have access to the online application or
is unable to obtain their original IP PIN using the application or
does not wish to use the application
They should contact the IPSU at ext. 245 to receive a replacement* IP PIN
* Replacement IP PINs allow returns to be “accepted” but will subject the return to additional validation. This will cause a delay in processing their return and refund.

14. The IP PIN Pilot
There is an ongoing pilot program for taxpayers who filed 2013 returns from Florida, Georgia or District of Columbia.
Taxpayers from these states did not have to be victims of identity theft to qualify for this program.
Taxpayers could opt-in to get an IP PIN by using online application at
The IRS offered a limited pilot program to some taxpayers who filed their TY2013 returns from:
Florida
Georgia or
The District of Columbia
Taxpayers from these locations were selected because these three areas had the highest per-capita rates of Identity Theft in the country.
Taxpayers from these states do not have to be victims of identity theft to qualify for this program. These taxpayers also can opt-in by using the online application at irs.gov/getanippin.

15. Prevention and Detection
IRS filters stop the vast majority of invalid refunds
FY 11-14: stopped 19 million suspicious returns; protected more than $63 billion in fraudulent refunds
Greatly reduced the time it takes to resolve a taxpayer’s identity theft case.
As Commissioner John Koskinen testified before Congress last year, we believe we have turned a corner in combating identity theft. We are making progress and we are achieving results.
Our system filters stop the vast majority of fraudulent returns. As I mentioned earlier, we have greatly improved our filters – both in quality and quantity – in recent years.
Between Fiscal Years 2011 and 2014, the IRS stopped approximately 19 million suspicious tax returns and protected $63 billion from fraudulent refunds – which includes identity theft.
We also have greatly reduced the time it takes to resolve a taxpayer’s account issues. Again, these can be complex cases. Initially, it was taking more than 300 days to resolve a case; in 2014, our average was around 120 days. And we are working hard to continue that progress.
Presentation Name | W&I

16. Enforcement FY 2014 Criminal Investigation efforts:
Initiated 1,063 identity theft related investigations.
Resulted in 748 sentencings as compared to 438 in FY 2013 and incarceration rate rose 7.1 percent to 87.7 percent.
Jail time average at 43 months as compared to 38 months in FY 2013 — the longest sentencing being 27 years.
In additional to prevention, detection and victim assistance, we also work hard to put the criminals out of business for good. Our Criminal Investigation division is working with local, state and federal law enforcement to make a permanent dent in this crime.
CI initiated more than 1,000 investigations last year. There also were 748 sentencings, compared to 438 in FY 13. That’s an increase of 75 percent. The incarceration rate is nearly 88 percent.
Jail time imposed by the courts, also is increasing. The average jail time for FY 14 was 43 months.
Presentation Name | W&I

17. Maintaining a well-trained workforce
IRS has trained 37,000 employees who work with taxpayers over the phone, in person or through case work.
The training emphasizes:
How to recognize signs of identity theft
How to help victims of identity theft
The importance of empathy when dealing with taxpayers who face this frustrating situation.
This progress has occurred because of the priority the IRS has placed on identity theft.
IRS has trained 37,000 employees in prevention of refund fraud, identification and investigation of identity theft-related crimes, resolution of the accounts, and assistance to taxpayers who have been victimized by identity thieves.

18. Preventing online identity theft
Don’t respond to suspicious IRS s, texts, or faxes
Secure your computers (i.e., firewalls, anti-virus/anti-phishing/anti-spam, etc.)
Use strong passwords
Back up critical personal information
Limit the personal information you provide on social media
Never answer ‘yes’ to pop-up screens
Visit onguardonline.gov
Bullet 1: Don’t respond to s that ask for your personal or financial information or click on links within these s.
Bullet 2: You and your clients should always use reputable and up-to-date antivirus or antispyware software and use the latest version web browser.
.   
Bullet 3: Change your passwords often and keep them safe -- select tough security questions to verify accounts.
Bullet 5: Limit the amount of personal information you make available when using social networks. Nothing is more enticing to a thief than knowing that you will be going on vacation out of state with your family for a few weeks. Ensure the appropriate privacy settings to help prevent social engineering.
Bullet 6: Don’t click or say "yes" to pop-up screens that may occur when you visit a website, asking if you want them to save your password. 
Bullet 7: If you have any questions regarding preventing or reporting identity theft, visit onguardonline.gov

19. Suspicious IRS-related communication
If you or a client receive a suspicious communication claiming to be the IRS:
Go to IRS.gov, scroll to the bottom of the homepage and click on ‘Report Phishing’
Report all unsolicited claiming to be from the IRS to
BEWARE – Phone scam is ongoing
You and your clients should never respond to s that ask for your personal or financial information or click on links within these s.
Instruct your clients to send any suspicious IRS-related to
To get more information regarding phishing, Go to IRS.gov and click on “Reporting Phishing.”
Our Phishing page also provides an easy to follow If/Then table to help determine how to route all forms of suspicious communications claiming to be from the IRS, such as faxes or phone calls.
One of the most persistent scams in recent years has been the phone impersonation scam. The caller claims to be from the IRS and threatened to jail the taxpayer unless payment is made immediately. Please make your clients aware that this is a scam. It should be reported to the inspector general at TIGTA.gov.
Remember, The IRS doesn't initiate contact with taxpayers by to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels.

20. Business-related identity theft
Business Master File, or BMF, identity theft is defined as creating, using or attempting to use a business’ identifying information, without authority, to obtain tax benefits.
The following examples represent situations that may be due to identity theft related to the fraudulent use of business information.
Business ID theft is an emerging issue.
The IRS is working with other federal and state agencies to fully understand the issue and how it affects tax administration.
Business ID Theft is harder to spot than individual ID theft
At first blush, these accounts have many of the characteristics of delinquent or balance due accounts.
Extensive research is needed to make a determination.
While individual ID theft usually only affects the Form 1040, Business ID theft can affect multiple forms, several IRS functions, and can also be used to perpetuate individual ID theft.
The examples on the following slides represent situations that may be due to identity theft related to the fraudulent use of business information.

21. Business-related identity theft
An identity thief files a business tax return (Form 1120, 720 etc.) using the Employer Identification Number of an active or inactive business to obtain a fraudulent refund.
An identity thief, using the EIN of an active or inactive business, files fraudulent Forms 941 and W-2 to support a bogus Form 1040 claiming a fraudulent refund.
Example one highlights how an identity thief might use the EIN of an active business to make false claims for refunds (refundable credits)
Without the knowledge or consent of the business owner
Can occur on multiple business forms – For example, Form 1120, 720, etc.
It’s important to contact the IRS immediately in response to any notices received.
Example two shows how an identity thief uses the EIN of an active or inactive (closed) business to file fraudulent 941 tax returns and W-2s.
Generally, the SSNs on these Forms W-2 are also stolen
The thief does this to make it harder for the IRS to spot fraudulent 1040 tax returns and stop the refunds from being issued.
The filed Forms W-2 and 941 provide a mask of authenticity to the 1040 return

22. More Business-related identity theft
An identity thief obtains an EIN using the name and Social Security Number of another individual as the responsible party, then files fraudulent tax returns (Form 941, 1120, 1041 etc.) to obtain a refund, avoid paying taxes, or further perpetuate individual identity theft or fraud.
Example three is a good example of how business ID theft affects multiple IRS functions, other government agencies (in this instance SSA), and how it crosses over into individual ID theft.
This highlights how someone takes the valid EIN of another business and uses that EIN to run a valid business and file Forms W-2, but to avoid paying employment taxes.
Again, it’s important to respond to all IRS notices as soon as they are received.

23. Business-related identity theft
In January, 2014, IRS released BMF identity theft program guidance, policy and procedures. The new BMF procedures included:
Form B, an electronic form designed for employees to use when they require taxpayers to provide supporting BMF identity theft documentation.
BMF identity theft tracking indicators used to mark EINs affected by identity theft.
Mandatory research requirements needed in support of a BMF identity theft determination.
The IRS has begun to analyze data and has developed initial guidance for victim assistance.
Guidance has been developed to assist IRS employees in researching and making determinations on business ID theft cases.
IRS has begun marking business ID theft cases using the BMF ID theft tracking indicators that went into effect in January 2014.
Although analysis is taking place, it’s too early to have any preliminary data.
It’s important to remember that Business ID Theft is hard to recognize because the characteristics often mimic those of non-compliant taxpayers.

24. Protecting Businesses from identity theft
Businesses can take practical measures to reduce the risk of tax-related identity theft:  
Protect the organization’s federal employer identification number as you would a personal identification number.
Only provide your organization’s federal employer identification number and other sensitive information when necessary.
Protecting business data is very similar to protecting personal information, with additional responsibilities.
Many companies keep sensitive personal information about customers or employees in their files or on their network. Having a sound security plan in place to collect only what you need, keep it safe, and dispose of it securely can help you meet your legal obligations to protect that sensitive data.
Failure to do so could lead to data breaches.
It’s important to protect both paper documents and electronic data.
Train everyone with access to the business and client/customer information on how to protect the information and why it’s important.

25. Protecting Businesses from identity theft cont.
Verify the security of any website through which your organization transmits sensitive data.
Properly dispose of sensitive company documents (for example using a micro-cut shredder).
Increase identity theft awareness within your organization to ensure everyone is protecting sensitive data.
Warning signs or red flags to potential patterns -- practices, or specific activities indicating the possibility of identity theft:
Alerts, Notifications, and Warnings from a Credit Reporting Company. Changes in a credit report or a consumer’s credit activity might signal identity theft.
Suspicious Documents such as notices or letters from unknown companies or entities.
Incorrect Personally Identifying Information such as incorrect addresses or phone numbers on accounts, notices, etc.
Account Activity -- How the account is being used can be a tip-off to identity theft.
Notice from Other Sources. A customer, a victim of identity theft, a law enforcement authority, or someone else may be trying to tell you that an account has been opened or used fraudulently.

26. Dealing with tax-related identity theft
If you suspect your organization has been compromised by business identity theft, take the following steps:
File a report with local law enforcement.
Contact the major business credit agencies, including Equifax, Experian, TransUnion and Dunn and Bradstreet, to report the fraudulent activity and obtain a credit report to check for additional fraudulent activity.
Follow steps on slide if business ID theft is evident or suspected.
More information specific to business ID theft can be found on the Federal Trade Commission web site -

27. Dealing with tax-related identity theft cont.
Contact all credit card companies, financial institutions and creditors to alert them to the possibility of fraudulent activity.
Respond to any IRS notices you receive and provide a detailed explanation of how you believe your organization has been affected by identity theft.
Presentation Name | W&I

28. Protecting your business and clients
Physical safeguards
Lock rooms and cabinets.
Store records in secured area.
Protect against destruction and damage.
Inventory hardware.
Dispose of information and hardware securely.
The first step in safeguarding taxpayer information is to safeguard your physical surroundings.
Bullet 1: Make sure that all of the rooms and cabinets that contain personal information or equipment to obtain or store personal information are securely locked when not in use. Know where the keys are and make sure that when employees leave the company, their keys are collected and locks changed accordingly.
Bullet 2: Client records should be stored in a secure area with separate keys. Limit access to those areas to employees who are required to have access based on their job descriptions
Bullet 3: Check equipment regularly for damage. Replace damaged equipment to avoid the loss of data (See 5 below)
Bullet 4: Keep a current inventory of all hardware used to obtain and store personal information. This includes computers, external hard drives, flash drives, printers, and other devices. Know who has access to which equipment. If hardware is missing, report this immediately.
Bullet 5: When information or equipment is no longer needed, dispose of the information properly.
For paper products, use a cross cut shredder or use a shredding service that is bonded and certified for the disposal of secure information.
For electronic records, delete the records and then use a wiping program to wipe the storage device to remove any remaining data.

29. Protecting your business and clients
System safeguards:
Use strong passwords: Minimum of eight alphanumeric characters
Change passwords periodically
Use timed, password-activated screen savers
Don’t post or share passwords
Encrypt sensitive data when:
Transmitting over networks
Storing on servers or media
Encrypt entire computers, media
The next step to securing taxpayer data is to protect the systems that you use to input and store personal information. Your computers and servers can hold a vast amount of taxpayer information and unfortunately, due to the “electronic age”, locking doors and bolting windows is not sufficient anymore. You must secure your systems as or more securely than you do your physical structures. Computer hackers can attack your unprotected system from anywhere in the world with the click of a few buttons
Bullet 1: System safeguards refer to the ability to access that data through the use of passwords. Passwords should be strong and extremely difficult to access. Passwords should include alphanumeric and special characters. Current standards suggest a minimum of 8 characters in any password.
Bullet 2. System passwords should be changed periodically and not on a standardized time table. They should also be changed every time an employee leaves the company. Disgruntled employees are a major source of data breaches.
Bullet 3. Desktop computers and laptops should contain a time sensitive locking program that will bring up a screen saver or other screen shot after a pre-determined number of seconds during which time the computer is not touched.
Bullet 4. System passwords should only be provided to employees who "need to know" and should not be posted - even in a secure place.
Bullet 5: All data that is stored or transmitted from your system should be encrypted when it is stored on your computers, hard drives, servers or other devices. Information containing personal information should NEVER be transmitted without being encrypted even if it’s only from one computer to another. Identity thieves look for system vulnerabilities and will exploit them as a regular practice of their trade. Sending unencrypted PII is like handing a thief your clients’ information on a silver platter.
Bullet 6: Every device that inputs, stores or transmits personal information should be encrypted.

30. Protecting your business and clients
More system safeguards -
Don’t store sensitive data on a machine with an internet connection
Back up system(s) periodically on secure media
Maintain updated firewalls, anti-virus, software updates, security patches, anti- spyware and anti-adware
Provide central management security tools and passwords/security protections
Bullet 1: Some smaller businesses input the tax return data into their desktop or laptop computers and transmit the returns directly from the computer at the end of the day. Larger companies will utilize a separate server to house and transmit their return information.
Return information can be transmitted directly from a computer or server. Any tax information along with any associated PII should be removed from any computer or server with an internet connection and stored on a separate device that does not have a connection to the internet. This keeps your library of tax files internal by storing them in a fashion that does not supply a "doorway" to any outside hacker or system attack. This is the modern equivalent to leaving the files laying on your desk or locking them in a safe in another room.
Bullet 2: Many companies have gone out of business because they "lost" their clients files. Losing a file does not have to be an act of thievery or anything notorious. Loss of taxpayer files can occur due to a power loss or spike, flood, fire or other "non criminal" actions. Tens of thousands of files can be lost in an instant, and you will not have the ability to go through the paper files to see if you can salvage anything.
Back up your system periodically onto secure media and store this information is a separate place. Once lost, electronic data can be lost forever..
Bullet 3: Your business should maintain updated firewalls that are sufficient to repel the current level of attacks. Make sure that your system security patches, anti-spyware and anti-adware are up to date. Depending on the size of your business an occasional penetration test should be done to see if your system has vulnerabilities that can be exploited. There are numerous companies available who can conduct these tests without interrupting your business flow.
Bullet 4: Put somebody in charge of security tools, passwords and protection. This person should be skilled in your network and systems and should be easily identifiable to report problems.

31. Protecting your business and clients
If you have a security breach:
Notify law enforcement
Notify the Federal Trade Commission (
Notify customers and business partners
Take corrective actions
Prevent other breaches
It's important to know what to do when you are notified of a security breach. Write down everything that happened. Take statements from employees and systems personnel and paint as clear a picture as possible both from a timeline, system information and data loss perspective. Unexpected results from the breach may occur very quickly, and you will need to make sure that you have as much information as possible.
Bullet 1: Notify your local police department and file an incident report.
Bullet 2: Notify the FTC. Information such as addresses and phone numbers are available on the FTC website.
Bullet 3: Notify your company office as stated in your internal policy. If you don't have one, take the time to write up procedures for a data breach situation. Notify your customers so that they can take actions to protect their identities.
Bullet 4: Take corrective actions to stop the current breach or remove the vulnerability that allowed the breach. It may be as simple as taking everything off line while you sort out the problem so that no further information can leave the company.
Bullet 5: Use the information identified to prevent future breaches. Conduct a "lessons learned" session with your employees and systems security personnel.

32. Additional information
Identity theft information
Individual identity theft
Business identity theft
Additional Resources
Taxpayer Guide to Identity Theft
Publication 5027 for taxpayers
Publication 5199 for tax preparers

33. Additional information
IP PIN Program
General information:
FAQs:

34. Summary
Identity theft presents a burden to individuals and a challenge to many businesses, organizations and governmental agencies, including the IRS. But, we are making progress.
Fighting identity theft is an ongoing battle that requires a collaborative effort among the IRS, practitioners, and taxpayers.
The information contained in this presentation is accurate as of February 18, 2015.
When new information regarding the IRS ID theft program is available, updates will be shared through outreach efforts.