By: William A. Raabe, Co-Editor of the South-Western Federal Taxation series
Issues involving identity theft have plagued citizens for over a decade. The most frequently encountered tax manifestations of identity theft include buying or stealing a taxpayer’s social security number and then filing a tax return claiming deductions, credits, or refunds that are sent to the perpetrator’s bank account. Often this involves an earned income credit, fuels credit, or other carryforward, typically producing a single large refund, or a series of refunds over time.
The taxpayer may never find out about the transaction, or he/she might discover it only after some time upon an unrelated IRS inquiry. “Unwinding” the effects of an identity theft can be cumbersome and time-consuming.
Identity thieves often target elderly taxpayers, who may be more likely to hand over a social security number to a stranger online in say a phishing or “prince of Nigeria” scheme, and who may not file their own Form 1040 due to low income, such that the perpetrator will not trigger a warning due to a return being filed twice.
The IRS has had in place some internal treatments once an identity theft is suspected, but these have not been well coordinated internally or with respect to a taxpayer with a related inquiry. A few warnings have been issued by the agency through general announcements and directives at irs.gov, but these appear to have been inadequate to reduce the frequency of improper tax payments of this sort.
In the Taxpayer First Act, Congress finally formalized a charge to the IRS to stem the lost revenues and taxpayer inconvenience brought about by identity theft. Very little in appropriations is allowed by the act itself to implement these measures, and the “due dates” for various IRS corrective actions can be amorphous or up to five years in the future. Here are some of the key Act provisions relating to identity theft.
- The agency should move away from the social security number as an identification marker. The GAO believes that SSNs are nearly useless as a secure form of identification, after massive commercial data breaches and black market activities. (Two-factor authentication and drivers’ licenses would be more secure and reliable.) So the IRS must allow taxpayers to adopt a new six-digit Identity Protection PIN to use in lieu of the SSN for tax returns and refunds. Several states already use such a system.
- A single point of contact must be provided by the IRS to interact with identity theft victims, in lieu of the decentralized offices now responsible for the issue. This would entail a team of specially trained IRS employees, across various taxes and functions.
- The IRS must notify a taxpayer if there is a suspicion that he/she is a victim of identity theft; previously, the taxpayer would need to initiate the contact, and often one does not know that the identity has been stolen. Such information should include directions on how to report a violation, and how to prevent such issues, including the use of an IP PIN. The Service must notify the taxpayer of the status and results of the case. This process also includes identity theft concerning the taxpayer’s dependents.
- The IRS must provide a telephone-based information resource for taxpayers, with descriptions of various tax scams, how to report such infractions, and how to prevent identity theft and avoid other tax scams. This is not required to be an interactive contact, though.
- Penalties for return preparers who improperly disclose taxpayer information are increased, as to both civil and criminal infractions.
Congress also allowed the IRS to hire advanced tech employees to work on various aspects of the Act, offering higher salaries than are available for most of the other agency employees. Encourage your students to consider a career with the IRS, or various consulting firms that work with the agency, that would combine tech skills with well-grounded technical tax knowledge.
- Identity theft often requires some participation by the offended taxpayer, e.g. in giving away a social security number or bank account information, or responding to fake IRS emails and websites. To what extent should Congress be required to “solve the taxpayer’s problems brought upon him/herself”?
- How could the IRS engage tax professionals, like you may soon become, in reducing identity theft occurrences? Offer at least three specific suggestions for the Commissioner, e.g. as to setting standards or sharing information.
- The Taxpayer First Act attempts to streamline the pre-Act disjointed approach that the IRS took in combating tax-related identity theft. Consult the technical explanation of the bill and summarize the various parts of the pre-Act IRS approach. Then describe the actions required of the IRS going forward to organize its anti-identity theft efforts.
- In the Taxpayer First Act, how much new funding did Congress provide to pay for identity theft prevention and reporting? How else will these provisions be paid for? Consult the technical explanation of the bill and summarize your findings.
- Congress traced some of the identity theft cases to improper actions by tax return preparers. New penalties are aimed at reducing these instances of return preparer issues. In addition, recommendation #7 of the 2019 report to Congress of the IRS Electronic Tax Administration Advisory Commission is: “Congress should grant the IRS the authority to establish and enforce security standards for our tax system.” Consult the language of the bill and its technical explanation, as well as the ETAAC report and summarize your findings about the concerns and new sanctions.
IT, Networking and Cyber Security Instructors—take a deep dive into the Live Virtual Machine Labs in MindTap by watching the recording of our recent webinar: Just in Time Training for Live Virtual Machine Labs.