Resolving the theft of tax clients’ identity

By Stephen Hammel, J.D., and Sebastian Murolo, CPA

CPAs in tax practice have seen an increase in identity theft, so electronic security is now a top issue. Besides causing untold misery to any taxpayer whose identity has been stolen for use on a fraudulent return, identity-theft fraud requires correcting the taxpayer's account, costing practitioners unanticipated additional time and expense at the worst possible time, when they are in the busiest time of their tax preparation cycle. Here are some tips for dealing with this vexing problem:


Upon completion of a client's tax return, preparers must receive e-file authorizations to electronically file the return. At that point, they might receive a rejection code 902 with the statement, "Taxpayer TIN [taxpayer identification number] in the return header must not be the same TIN of a previously accepted electronic return for the return type and tax period indicated in the tax return." After double-checking the Social Security number or TIN, the preparer has to contact the client, who often then indicates that he or she has not filed any paperwork with the IRS at all since last year's return. Then it becomes clear that the client may be a victim of identity-theft fraud.

The e-file acknowledgment provides the e-file help desk telephone number (866-255-0654), which the preparer should call to confirm the rejection notice is accurate and determine how to proceed. The good news is the IRS allows additional time in some cases to perfect the return for electronic resubmission or paper filing. For any return required to be filed electronically but that the IRS cannot accept, the filer must submit a paper return to the service center where it would normally be filed. For the paper return to be considered timely, it must be postmarked by the later of the due date of the return or 10 calendar days after the date the IRS gives notification that it has rejected the return or that it cannot accept the return electronically for processing. So, for example, if the rejection happens on April 14, the paper return does not have to be filed before the normal tax due date.

Along with the Form 1040, U.S. Individual Income Tax Return, and other required forms, the preparer must also include Form 8948, Preparer Explanation for Not Filing Electronically, with box 4 checked, indicating the return was rejected by IRS e-file and the rejection condition could not be resolved, and including the rejection code.

In addition, the preparer must attach Form 14039, Identity Theft Affidavit, for each taxpayer. Since, in the case of married taxpayers, the spouse may have been a victim as well, the preparer may want to file affidavits for both spouses.

Preparers may also consider filing an identity-theft declaration with any state and/or local return. Some states have mandatory e-filing requirements that the preparer may not otherwise be able to comply with.


The IRS will then provide the client with an identity protection personal identification number (IP PIN) that must be used on all future electronic communications.

Because the taxpayer's identity may be compromised for other purposes as well, CPAs can offer advice and help notifying other relevant parties, such as filing a police report and reporting the identity theft to the Federal Trade Commission at Clients should also notify their banks and credit card companies and place a fraud alert with credit reporting agencies and monitor their credit report.

Stephen Hammel and Sebastian Murolo are both assistant professors at Queensborough Community College in Bayside, N.Y.


Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.


News quiz: Retirement planning, tax practice, and fraud risk

Recent reports focused on a survey that gauges the worries about retirement among CPA financial planners’ clients, a suit that affects tax practitioners, and a guide that offers advice on fraud risk. See how much you know with this short quiz.


Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.