Tax identity theft is on the rise. In fact, it makes up almost half—45 percent—of all identity theft, which increased 50 percent in 2015, according to the US Federal Trade Commission (FTC).

While tax identity theft affects individuals, businesses also need to be aware that they’re at risk. Criminals aren’t just pursuing Social Security numbers (SSNs)—they’re also going after employer ID numbers (EINs) assigned by the IRS. This is a startling development for the many businesses that put far more effort into protecting SSNs than their EINs.

The IRS paid out $5.8 billion dollars in fraudulent refunds for the 2013 tax year, according to the US Government Accountability Office. With the continued increase in complaints, the IRS has taken some measures to combat the epidemic that has implications for employers, too.

IRS Response Plan

Tax identity theft is a top concern for the IRS and is on its annual Dirty Dozen Tax Scams list. The agency plans to implement new provisions while working with states and the payroll industry to put new safeguards in practice.

Earlier W-2, W-3, 1099 Deadline

Most notably for employers, the Protecting Americans from Tax Hikes (PATH) Act signed in late 2015 now requires employers to file W-2, W-3, and 1099 forms by January 31 of the year following the tax year. The idea is it will be easier for the IRS to catch discrepancies between legitimate forms filed by employers and those filed by fraudsters seeking refunds based on false forms—before the agency sends out refund checks.

The earlier deadline takes effect for statements filed in 2017 for the 2016 tax year. (W-2s and 1099s still must be furnished to employees and payees by January 31.) With these forms now due to be filed with the IRS a month earlier than in the past (or two months earlier for electronic filers), employers will need to pull together the necessary information more promptly.

Tax Identity Theft Recap

Individual

SSN thefts can often be traced back to the victim’s place of employment. Insiders at a company may steal the numbers as well as other employee or customer information. Perpetrators also might wait until staff members let their guards down and leave SSNs readily accessible on computers or in waste receptacles. And, of course, individuals may simply be careless with their SSNs and other sensitive information.

While large companies like banks and hospitals are favorite targets, the improper lifting of just a single SSN can wreak havoc for employees and customers. That means smaller companies are at risk, too.

Regardless of the size of an organization, there are many ways tax identify theft can occur. Among them:

• Someone uses a stolen SSN to file a tax return claiming a fraudulent refund. The victim learns that a return was already filed when he or she attempts to file a return or after receiving a letter from the IRS saying it identified a suspicious return with the taxpayer’s SSN.
• A fraudster obtains a job with another’s SSN. The employer then reports that person’s income to the IRS under the stolen SSN. The victim obviously won’t include those earnings when filing his or her tax return, so IRS records will indicate the victim’s underreported income.

Businesses

The IRS could issue an estimated $2.3 billion in potentially fraudulent tax refunds based on EINs annually, according to the Treasury inspector general for tax administration.

Here’s how: A fraudster could use a stolen EIN to report false income and withholding and file for a refund. Moreover, legitimate business could find the IRS coming after it for payroll taxes that were reported as withheld but not remitted.

As with SSN theft, EIN theft victims may not discover something’s amiss until they file their tax returns and receive IRS notification that they had already filed for that tax year. They also might be tipped off by receipt of an IRS notice regarding nonexistent employees.

Top 10 Tax Identity Theft Prevention Tips

There are ways you can reduce the risk of theft of SSNs and EINs. These steps include:

1. Using antivirus and other security software on all computers
2. Protecting transmitted information by using private client portals, email encryption, and virtual private networks
3. Updating data security plans regularly to address new risks
4. Being aware of phishing schemes, particularly email links to fraudulent sites that look official and ask users to divulge personal information
5. Truncating or redacting SSNs and EINs where possible
6. Keeping sensitive information in a secure location and restricting access on a need-to-know basis
7. Updating business filings with the IRS and the secretary of state for your state when contact information changes
8. Monitoring your credit reports, IRS and state tax authority accounts, and other business filings
9. Filing tax returns, W-2s, W-3s, and 1099s as early as possible
10. Developing an action strategy for dealing with tax identity theft, including identifying whom to notify in the event of theft

Reminder

The IRS doesn’t initiate contact with taxpayers by email, text messages, social media, or over the phone to request personal or financial information. Fraudulent callers will often pose as IRS agents and use fear tactics to either solicit payment for a fabricated tax debt or gather personal information under the guise of processing a taxpayer’s return.

We’re Here to Help

The risk of tax identity theft, whether of SSNs or EINs, is real. For more information or in the event of tax identify theft, contact your Moss Adams professional.