Businesses and tax ID theft

Business, as well as individual, clients may need CPAs’ help in protecting against and remedying tax-related identity theft.
By Jennifer Primrose, CPA, and Amanda Ward, CPA, CGMA

While much attention has been paid to tax-related theft of the identity of individual taxpayers (see, e.g., "Resolving the Theft of Tax Clients' Identity," JofA, Sept. 2015, page 30), businesses can be victims of this form of fraud as well. What follows are common warning signs of business-related tax identity theft and tips on how practitioners can help their business clients prevent it and correct it when it occurs.


Business-related identity theft may be more difficult to detect than individual identity theft, as the signs that indicate business identity theft may also be the product of a simple processing or filing error. The following signs warrant additional investigation:

  • The business files an original tax return, but the IRS notifies the business that it has previously received a return for the business for that tax year.
  • The IRS issues a notice regarding purported employees who are not known to the business.
  • In monitoring its accounts and transcripts with the IRS, other business filings with state authorities, or credit reports, the client discovers activity related to a business that is inactive or that has already been closed, after all account balances pertaining to that entity have already been paid.


The actions recommended for businesses that are victims of identity theft are similar to those for individuals. They should always respond to IRS or state notices immediately. Businesses should file a report with their local police department, report the theft to the Federal Trade Commission, contact the major credit bureaus to place a fraud alert on their records, and close any accounts with fraudulent activity. The businesses should continue to monitor their credit reports, online business registration information, and business account activity with the IRS and state agencies (even for closed businesses). In addition, the businesses should review and update their computer security policies.


CPAs may offer clients the following suggestions:

  • Truncate Social Security numbers (SSNs) where possible or mask them on insurance cards.
  • Monitor credit reports at least annually.
  • Request that clients forward any IRS notices immediately.
  • Keep Social Security cards and financial information in a secure location and properly dispose of documents with SSNs or account numbers.
  • Give out an SSN, birthdate, or address only if required.
  • Buy and use a shredder.
  • Protect personal computers with firewalls, anti-spam, or anti-virus software; regularly change passwords; and password-secure wireless connections.
  • Be mindful of the personal information divulged on social media, as hackers are getting increasingly sophisticated.

In addition, CPAs can suggest the following for business clients:

  • Use anti-virus and other security software on all office computers and update data-security policies.
  • Educate employees about phishing (attempts by fraudsters to acquire information via electronic communications by posing as a legitimate entity).
  • Remind employees not to open links or attachments from emails they were not expecting to receive.
  • Update business filings with the IRS and with state business registries as soon as any contact information changes.
  • Monitor the business's credit profile at least annually.
  • If possible, consider filing business tax returns earlier in tax season.
  • Forward phishing emails purported to be from the IRS per the forwarding instructions on the IRS website.

The IRS and AICPA offer several resources for practitioners and taxpayers. The Tax Section of the AICPA website ( has a tax identity theft toolkit exclusively for Tax Section members that includes a sample letter to clients.

Tax-related identity theft is on the rise. CPAs and tax practitioners can be a valuable resource to both business and individual clients to help prevent and correct it. CPAs should continue to monitor the resources outlined above, especially as the IRS continues its efforts to combat tax return theft and refund fraud.

Editor's note: This column is adapted from "Tax Clinic: Assisting Clients With Tax-Related Identity Theft," in the December 2015 issue of The Tax Adviser.

Jennifer Primrose ( is a senior accountant, and Amanda Ward ( is a supervisor, tax, both at DMJ & Co. PLLC in Greensboro, N.C.

To comment on this article or to suggest an idea for another article, contact Paul Bonner, senior editor, at or 919-402-4434.


Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.


News quiz: Retirement planning, tax practice, and fraud risk

Recent reports focused on a survey that gauges the worries about retirement among CPA financial planners’ clients, a suit that affects tax practitioners, and a guide that offers advice on fraud risk. See how much you know with this short quiz.


Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.