Businesses and tax ID theft

Business, as well as individual, clients may need CPAs’ help in protecting against and remedying tax-related identity theft.
By Jennifer Primrose, CPA, and Amanda Ward, CPA, CGMA

While much attention has been paid to tax-related theft of the identity of individual taxpayers (see, e.g., "Resolving the Theft of Tax Clients' Identity," JofA, Sept. 2015, page 30), businesses can be victims of this form of fraud as well. What follows are common warning signs of business-related tax identity theft and tips on how practitioners can help their business clients prevent it and correct it when it occurs.

WARNING SIGNS

Business-related identity theft may be more difficult to detect than individual identity theft, as the signs that indicate business identity theft may also be the product of a simple processing or filing error. The following signs warrant additional investigation:

  • The business files an original tax return, but the IRS notifies the business that it has previously received a return for the business for that tax year.
  • The IRS issues a notice regarding purported employees who are not known to the business.
  • In monitoring its accounts and transcripts with the IRS, other business filings with state authorities, or credit reports, the client discovers activity related to a business that is inactive or that has already been closed, after all account balances pertaining to that entity have already been paid.

ACTIONS BUSINESS ID THEFT VICTIMS CAN TAKE

The actions recommended for businesses that are victims of identity theft are similar to those for individuals. They should always respond to IRS or state notices immediately. Businesses should file a report with their local police department, report the theft to the Federal Trade Commission, contact the major credit bureaus to place a fraud alert on their records, and close any accounts with fraudulent activity. The businesses should continue to monitor their credit reports, online business registration information, and business account activity with the IRS and state agencies (even for closed businesses). In addition, the businesses should review and update their computer security policies.

PREVENTIVE MEASURES

CPAs may offer clients the following suggestions:

  • Truncate Social Security numbers (SSNs) where possible or mask them on insurance cards.
  • Monitor credit reports at least annually.
  • Request that clients forward any IRS notices immediately.
  • Keep Social Security cards and financial information in a secure location and properly dispose of documents with SSNs or account numbers.
  • Give out an SSN, birthdate, or address only if required.
  • Buy and use a shredder.
  • Protect personal computers with firewalls, anti-spam, or anti-virus software; regularly change passwords; and password-secure wireless connections.
  • Be mindful of the personal information divulged on social media, as hackers are getting increasingly sophisticated.

In addition, CPAs can suggest the following for business clients:

  • Use anti-virus and other security software on all office computers and update data-security policies.
  • Educate employees about phishing (attempts by fraudsters to acquire information via electronic communications by posing as a legitimate entity).
  • Remind employees not to open links or attachments from emails they were not expecting to receive.
  • Update business filings with the IRS and with state business registries as soon as any contact information changes.
  • Monitor the business's credit profile at least annually.
  • If possible, consider filing business tax returns earlier in tax season.
  • Forward phishing emails purported to be from the IRS per the forwarding instructions on the IRS website.

The IRS and AICPA offer several resources for practitioners and taxpayers. The Tax Section of the AICPA website (aicpa.org/tax) has a tax identity theft toolkit exclusively for Tax Section members that includes a sample letter to clients.

Tax-related identity theft is on the rise. CPAs and tax practitioners can be a valuable resource to both business and individual clients to help prevent and correct it. CPAs should continue to monitor the resources outlined above, especially as the IRS continues its efforts to combat tax return theft and refund fraud.

Editor's note: This column is adapted from "Tax Clinic: Assisting Clients With Tax-Related Identity Theft," in the December 2015 issue of The Tax Adviser.

Jennifer Primrose (jprimrose@dmj.com) is a senior accountant, and Amanda Ward (mward@dmj.com) is a supervisor, tax, both at DMJ & Co. PLLC in Greensboro, N.C.

To comment on this article or to suggest an idea for another article, contact Paul Bonner, senior editor, at pbonner@aicpa.org or 919-402-4434.

SPONSORED REPORT

How to make the most of a negotiation

Negotiators are made, not born. In this sponsored report, we cover strategies and tactics to help you head into 2017 ready to take on business deals, salary discussions and more.

VIDEO

Will the Affordable Care Act be repealed?

The results of the 2016 presidential election are likely to have a big impact on federal tax policy in the coming years. Eddie Adkins, CPA, a partner in the Washington National Tax Office at Grant Thornton, discusses what parts of the ACA might survive the repeal of most of the law.

COLUMN

Deflecting clients’ requests for defense and indemnity

Client requests for defense and indemnity by the CPA firm are on the rise. Requests for such clauses are unnecessary and unfair, and, in some cases, are unenforceable.