CPAs contend with tax ID theft

Tax-related identity theft fraud remains a widespread problem that is often difficult for victims and their tax preparers to correct, CPAs affirmed in a recent survey. For a second year, the annual tax preparation software survey conducted by the JofA and The Tax Adviser included questions about practitioners’ experiences with tax identity theft (for other results, see “2016 Tax Software Survey“). For the 2016 tax preparation season, 59% of CPA tax practitioners said one or more of their clients were victims of tax identity theft during the year. That percentage is down slightly from the 63% of respondents who answered the question the same way in 2015 (see “2015 Tax Software Survey,” Sept. 2015).

EXTENT OF THE PROBLEM

While most practitioners encountered identity theft, for the vast majority of respondents, the number of clients affected was relatively small. Of the 2,184 respondents who provided a percentage of clients, 2,085, or 95%, said less than 5% of their clients were victims of tax ID theft, with 83 reporting it was between 5% and 10%, and only 16 respondents putting the percentage higher (see the chart “Percentage of Clients Who Were Victims of Tax ID Theft”). However, while the percentages were small, in most instances, practitioners said identity theft affected multiple clients. Only 272 respondents said just one client was victimized, while 1,258 put the number at two to five clients (see the chart “Number of Clients Who Were Victims of Tax ID Theft”).

Asked if clients were aware of the theft before attempting to file a 2015 tax return, almost half the respondents (1,083, or 49%) said some were and others were not. Respondents with only clients who did not previously know they had been victimized (29%) outnumbered those with only clients who did know (22%) (see the chart “Were Clients Aware of the Theft Before Attempting to File?”). This question showed a marked difference from 2015, when 44% of respondents said their clients were not aware of the theft beforehand.

Often, victims or their tax preparers discover the theft only when an attempt to file an income tax return fails because a return has already been filed for the tax year using that Social Security number (SSN). One of a CPA’s first tasks then is delivering the unwelcome news to the client, who may then need to take additional measures to secure other financial accounts besides those needed to clear the taxpayer account. In the process, besides having to meet IRS administrative hurdles, CPAs often must manage clients’ understandably distraught reactions in ways that may test their own relational skills (see “Breaking Bad News to Victims of Identity Theft: Lessons From Medical Doctors,” page 30).

DIFFICULTY RESOLVING THE PROBLEM

In percentages little changed from last year, the 2016 survey found most CPAs had some difficulty resolving clients’ tax identity theft issues with the IRS. Given a five-point scale, with 1 being very difficult and 5 being very easy, the average was 2.7. Forty percent called the process difficult or very difficult, while more than one-third of respondents rated the effort a 3. Twenty-five percent rated it easy or very easy (see the chart “Difficulty Resolving Tax ID Fraud With the IRS”).

IRS CHANGES

The IRS identified tax-related identity theft as No. 1 this year on its annual list of “dirty dozen” tax scams (see IRS News Release IR-2016-28), but stopping fraudulent refunds based on identity theft is a problem the Service has long struggled with, and last year it suffered a major breach when criminals hacked its Get Transcript service. The IRS has implemented various screening programs to identify tax returns that involve identity theft and has implemented a process to limit the number of deposits it will make to a single bank account, but the Treasury Inspector General for Tax Administration (TIGTA) reported in December 2015 that the Service continues to struggle with identifying fraudulent returns (see Continued Refinement of the Return Review Program Identity Theft Detection Models Is Needed to Increase Detection, TIGTA Rep’t No. 2016-40-008). In her 2015 report to Congress, Nina Olson, the national taxpayer advocate, reported that the IRS had 600,000 tax identity theft cases in its inventory at the end of September 2015, a 150% increase from September 2014 (National Taxpayer Advocate, 2015 Annual Report to Congress, page 182). She has been raising concerns about the IRS’s ability to resolve tax identity theft cases since 2004.

In 2012, the IRS created 20 specialized identity theft units within the agency (National Taxpayer Advocate, 2012 Annual Report to Congress, pages 45—46); then in 2015 it centralized its tax identity theft victim assistance units within its Wage and Investment division (National Taxpayer Advocate, 2015 Annual Report to Congress, page 180). The agency has also been participating in a “Security Summit” initiative with state tax administrators and tax software companies to try to improve security for taxpayers. The coalition is focusing on authentication, information sharing, and cybersecurity.

In June, the Service announced it had deployed a new, more secure version of its online Get Transcript service, employing a so-called double-authentication process that it said will be a template for taxpayer access to additional services in the future. Access to Get Transcript, which provides copies of taxpayers’ tax transcripts, formerly required submission of an SSN and other personally identifiable information in a single-step “knowledge-based” authentication of the taxpayer’s identity. That level of security was breached by criminals, the IRS announced in May 2015 as it shut down the service and investigated. The IRS ultimately identified approximately 724,000 taxpayer accounts that had been hacked. In its own investigation, TIGTA criticized the IRS’s handling of the breach, saying, among other things, that the IRS had originally undercounted potential victims by nearly 621,000.

In its new incarnation, Get Transcript requires users to first register by providing an email address, a financial account number, and the number of a mobile phone with their name on the account. Along with a confirmation code users then receive by email, they can enter their taxpayer personal information and the filing status from their most recent tax return to obtain a transcript.

About the author

Paul Bonner is a JofA senior editor. To comment on this article or to suggest an idea for another article, contact him at pbonner@aicpa.org or 919-402-4434.