IRS and Security Summit urge tax pros to protect clients and themselves

With a series of news releases in summer 2023, the IRS and its Security Summit partners again conducted a campaign urging tax professionals to remain diligent in countering tax-related identity theft (“Protect Your Clients; Protect Yourself ”). The campaign was at least the eighth such effort to raise awareness of this threat to the data security of tax practitioners and their clients.

The Security Summit is a group including the IRS, state agencies, and the nation’s tax profession and technology providers working together to quell identity theft.

This year’s campaign highlighted critical warning signs tax professionals may see in their practices:

• An IRS online account was created for a taxpayer without the taxpayer’s consent;
• The IRS has disabled a client’s online account;
• Clients receive a tax transcript they did not request;
• Clients receive IRS notices, including those with balances due, that do not match the tax return they filed;
• Clients receive refunds without filing a tax return; or
• Tax returns are rejected because the Social Security number was already used on another return.

As noted in prior campaigns, tax preparers need to protect their systems to deter access to private client information. Furthermore, if there is a theft, they should immediately notify the IRS, insurance companies, and cybersecurity experts to assist in determining the cause and extent of the theft.

If a client may have been harmed, tax professionals should advise them to consider obtaining an identity protection personal identification number (IP PIN) and filing Form 14039, Identity Theft Affidavit, if needed. The IP PIN is an additional authentication to validate taxpayers’ identity. The IRS automatically issues IP PINs to taxpayers who are confirmed identity theft victims. Taxpayers can also request an IP PIN to proactively protect themselves from tax-related identity theft. Taxpayers can request an IP PIN or retrieve their existing IP PIN by using the IRS’s online “Get an IP PIN” tool.

IRS publications that can provide tax preparers with guidance on security include:

• Publication 5293, Data Security Resource Guide for Tax Professionals;
• Publication 4557, Safeguarding Taxpayer Data; and
• Publication 5708, Creating a Written Information Security Plan for Your Tax & Accounting Practice. This publication includes a sample document to facilitate developing a written security plan to comply with the Standards for Safeguarding Customer Information under the Gramm-Leach-Bliley Act, P.L. 106-102 (see “Complying With the Safeguards Rule for Information Security,” The Tax Adviser (May 2023)).

A recent audit by the Treasury Inspector General for Tax Administration (TIGTA) indicates the IRS made strides in combating tax-related identity theft during the 2023 income tax return filing season (Interim Results of the 2023 Filing Season, No. 2023-40-029 (May 10, 2023)). TIGTA found that the IRS used 236 filters to identify potential identity theft tax returns and prevent fraudulent refunds. These filters incorporate criteria based on characteristics of confirmed identity theft tax returns. If the tax return is flagged because of one of these filters, the tax return is held from further processing until the IRS can verify the taxpayer’s identity. As a result of this, the IRS flagged 1.1 million tax returns with approximately $6.3 billion in refunds for additional review and confirmed 12,617 identity theft tax returns as a result. This saved $105.3 million in fraudulent refunds from being issued, TIGTA reported.

In contrast, in the 2022 filing season (as of March 3, 2022), the IRS confirmed 9,626 identity theft returns with 168 filters used.

■ IRS News Releases IR-2023-124, -129, -131, -134, -138, -143, and -147

— Sebastian B. Murolo, CPA, MBA, CMB, is an associate professor at CUNY Queensborough Community College in Bayside, N.Y. To comment on this column, contact Paul Bonner, the JofA’s tax editor.