Posts Tagged ‘IdentityTheft’

A Better Idea on Identity Theft

Monday, May 5th, 2014

As I wrote yesterday, the IRS announced new rules on tax professionals regarding electronic filing. Based on my reading of these rules, the IRS should expect a significant increase in paper-filed returns. Why? Because the new rules likely violate state laws, they add costs to tax filing, and the simple (and cheapest) solution will be to just paper-file all remote returns. In my case, I may be required to do so as it appears to be illegal under Nevada law for me to run credit checks for the purpose of identifying my clients.

There is another major problem with the new rules: The scamsters will ignore them. Assume for the moment you’re an identity thief who is filing phony tax returns (or are an IRS Electronic Return Orginator who is sending phony returns to the IRS). That’s a crime, of course (probably several felonies). So if you’re such a person, are you going to make sure you follow IRS rules and check IDs of everyone who comes to your office and/or run credit checks on all clients, or are you just going to violate one more rule?

(A few years ago South Carolina passed a law that stated that any terrorist must register with the state. I am not making this up. I suspect that South Carolina has collected exactly $0 from this law. The new policy reminds me of this law. But I digress….)

The new IRS policy will have a minor impact, at best, on identity theft while increasing costs for tax professionals and their clients. It will increase the amount of returns that are paper-filed. Yet the IRS’s goal is laudable. Is there a better solution?

There is. It’s a combination of an idea I floated back in 2012 with a few minor tweaks.

Back in 2012 I wrote a post titled, “A Modest Proposal on Tax-Related Identity Theft.” It appeared to me to be a simple solution that would stop much of the problem of tax-related identity theft at a minimal cost to the IRS. That’s the first part of the plan.

(For those who have not read my initial idea, it’s fairly straightforward. The IRS should check each tax return’s address to verify it matches the address on file for the taxpayer. This should be simple to program into the IRS’s computers.)

The second part is to have a new box on Form 1040 (towards the top of the Form) titled “Change of Address.” If you changed your address from the last tax return you filed, you must check this box. (Many state returns have such a box.) There’s a catch: If you change your address, you must attach a copy of some third-party documentation noting the new address such as a utility bill, a HUD Settlement Statement, an apartment lease, etc. Since the IRS now accepts pdf’s of documents, these could be attached to efiled returns.

There’s a third part to this plan. There would be a second new box at the top of Form 1040 titled “First-Time Filer.” This box would be checked if this is the first tax return the individual has filed or the individual has not filed a tax return in (say) the last three years. The first tax return would need to be paper-filed. (This would be an additional exception to mandatory efiling and would be noted on Form 8948). With a taxpayer’s first return, the IRS computer systems would not be able to readily run identity theft checks; thus, such returns likely need to be paper-filed.

This plan, if implemented, would be a low cost method that should eliminate 90% of tax-related identity theft. It would cost taxpayers very little. Excluding the one-time programming costs for the IRS, this would not cost the IRS very much. (This really does appear to be a simple check. Does “Address” match “Address on File”?)

Let’s compare this to the costs involved with what the IRS announced in Publication 1345. This will directly cost tax professionals; we’ll have to subscribe to services to do this. This will increase the public’s cost; tax professionals will pass the additional costs on to the public. This will increase the IRS’s costs. A low-cost solution for tax professionals is to force clients to paper-file. Indeed, in some states that will be the only choice as the IRS’s new policy appears to violate state laws. Even if there’s a work-around for that, there appears to be no method for expatriates to now efile returns. They will be forced to paper-file.

The IRS’s policy is almost guaranteed to raise the ire of the tax-paying public. Under my proposal, it would be mostly seamless. More importantly, the IRS’s proposal will likely do nothing to stop the scamsters. These miscreants are not obeying numerous laws and are committing multiple felonies. Does anyone actually expect them to obey these new rules?

Had the IRS asked tax professionals who deal with remote clientele about the proposal, they would have heard about this prior to revising Publication 1345. Someone told me today that what has happened was unsurprising given how the IRS acts. That’s a shame, because there are better solutions.

Yes, Mom, I Need to See Your ID

Sunday, May 4th, 2014

UPDATE: The IRS released a new version of Publication 1345 on November 18th that clarified that a Form 8878 or 8879 signed in ink and hand delivered, faxed, mailed, emailed, or uploaded via a web portal is not an electronic signature.

OK, I’ve known my mother for all of my life. But as of now I must check her ID when I file her tax return.

The IRS released a new version of Publication 1345 this past week. This is the publication that guides electronic return originators (EROs) in how we accept electronic returns. The changes might be called good ideas, questionable implementation, bad results.

If you come into our office to file your tax return, we must check your identification. We also must record the identification we checked. From Publication 1345 on “In-Person Transaction[s]”:

The ERO must inspect a valid government picture identification; compare picture to applicant; and record the name, social security number, address and date of birth. Verify that the name, social security number, address, date of birth and other personal information on record are consistent with the information provided through record checks with the applicable agency or institution or through credit bureaus or similar databases. For in-person transactions, the record checks with the applicable agency or institution or through credit bureaus or similar databases are optional…If there is a multi-year business relationship, you should identify and authenticate the taxpayer.

Yes, it doesn’t matter how long I’ve known you, I must see your ID and record it.

Note also I’m supposed to do a record check with the applicable agency or credit bureaus on remote returns (it’s optional on in-person returns). There are major problems with this in some states. You need a valid reason in some states under state law to run a credit check. I will be checking with my attorney on the legality of my running such checks. (I don’t think it’s legal here in Nevada.) So do I violate state law, or federal rules?

There are other issues with remote transactions. I assume a faxed signature document or a scanned document is considered an electronic signature. Let’s see what the IRS says about this:

Electronic signatures appear in many forms, and may be created by many different technologies. No specific technology is required. Examples of currently acceptable electronic signature methods include:
– A handwritten signature input onto an electronic signature pad;
– A handwritten signature, mark or command input on a display screen by means of a stylus device;
– A digitized image of a handwritten signature that is attached to an electronic record;
– A typed name (e.g., typed at the end of an electronic record or typed into a signature block on a website form by a signer);
– A shared secret (e.g., a secret code, password or PIN) used by a person to sign the electronic record;
– A digital signature; or ,
– A mark captured as a scalable graphic.

The software must record the following data:
– Digital image of the signed form;
– Date and time of the signature;
– Taxpayer’s computer IP address (Remote transaction only);
– Taxpayer’s login identification — user name (Remote transaction only);
– Identity verification: taxpayer’s knowledge based authentication passed results and for in-person transactions, confirmation that government picture identification has been verified; and,
– Method used to sign the record, e.g., typed name; or a system log; or other audit trail that reflects the completion of the electronic signature process by the signer.

This will add to the cost of tax preparation. If I have to run credit checks, this cost will be passed on to the customer directly (I’ll call it exactly what it is: “Required IRS Credit Check”). There is no means for a private party to verify a driver’s license or other government issued identification today, so I have been told by the IRS I must run a credit check on every client. There’s the additional time to write this information down and scan it into each client’s record (1-2 minutes per client, but if you consider 500 clients, that’s 750 minutes, or another 18.75 hours of work–time I don’t have in the middle of tax season).

I have the following questions for the IRS:

1. What do you consider a faxed signature to be? Given that some fax machines have headers while others don’t, what information do I record when Mr. & Mrs. Smith fax their signature document to me? Do I need Mr. & Mrs. Smith to also fax me copies of their government issued IDs?

2. What do you consider a scanned signature to be? I assume that’s an electronic signature. Most scans do not record IP addresses and the other information that you are requesting. If I have the clients mail me a copy of the scanned signatures afterwards, is that sufficient? How do I explain to my older clients what an IP address is? (For my younger clients who are chuckling, ask your grandparents what an IP address is.)

3. What do I do to verify the signatures for my long-time clients Mark & Mary Smythe of London [United Kingdom]? They scan their signatures through our secure web portal. I can’t run a credit check (I have no means to run a credit check on non-US residents). I can have them scan copies of their passports, I suppose.

4. Is the IRS going to provide me a system where I can check government issued IDs such as driver’s licenses and passports? (See #5 below on why this might be necessary.)

5. Given that state law may not allow me to run credit checks (because the purpose of my running the credit check is not to issue/verify credit/credit-worthiness but to verify identification), must I paper-file all returns?

6. When a credit check is run on an individual, it generally causes that individual’s “credit score” to drop. I suspect consumer advocates are unaware of this new IRS policy. How are you (the IRS) going to respond to this? Additionally, there has been a hue and outcry among many about having identifications checked for various activities (such as voting). What will your response be to civil libertarians (e.g. ACLU) when they hear about this policy?

7. Buried in the publication is that we must implement a “Web site Challenge-Response Test” when we “…own or operate a Web site through which taxpayer information is collected, transmitted, processed or stored. These Providers shall implement an effective challenge-response protocol (e.g., CAPTCHA) to protect their Web site against malicious bots.” Is a password system (requiring a log-in) sufficient or is CAPTCHA required?

8. Given that this publication was issued on or about May 1st, is it effective for the remainder of the 2014 tax filing season or the 2015 tax filing season?

9. What about corporate, partnership, and fiduciary returns? I assume I need to check IDs for the officers of those returns. Do I also need to verify their positions? For corporations, do I need to see a copy of the minutes so that I know that John Doe is authorized to sign the return? Do I need to see paperwork that identifies John Doe as the Tax Matters Partner for a partnership? What do I do when these returns are signed remotely?


There are likely many more questions that need to be answered by the IRS. While I understand the reasoning behind this new policy (to cut down on identity theft), as of today I am unsure on whether I can efile any returns except for clients who come into my office. Our practice has many remote clients, including clients who live on other continents (where it is impossible for me to check their credit or verify their identifications). Some of my clients are young individuals who don’t yet have credit. How do I verify Joe in Maine’s ID when this is the first tax return he’s ever filed? From my vantage point these new rules look like good intentions, questionable implementation with much in the way of unintended consequences.

I happen to be heading to Washington, DC this week for a meeting with the National Association of Enrolled Agents. I will definitely be letting them know of this situation.

Speaking of Transcripts…

Sunday, January 26th, 2014

Last week I wrote about the possible elimination of the ability for tax professionals to request transcripts through the Practitioner Priority Service beginning tomorrow (Monday, January 27th). I have not received confirmation of this, nor have I received any official denial of this. I guess we’ll find out about this in the next few days. However, the IRS does have a new “Get Transcript” program that has at least one tax attorney worried that it will be yet another godsend for identity thieves.

Kenneth Ryesky, a former IRS attorney who now teaches business law and taxation at Queens College of CUNY has written a piece for American Thinker wondering if the new program has identity theft countermeasures.

So I tried out the program. You have to give your name, address, tax filing status, and then wait for a confirmation code. You then have to answer some questions that are used by a third-party to verify you are who you say you are. Unfortunately, at least three of the four questions asked of me were public information; the fourth wasn’t public but the IRS should not have had access to the information it wanted verified. I don’t know if the information asked for varies randomly, and I do not want to compromise the program, so I’m not going to post specifics on the questions asked. Once my answers were verified, I was able to immediately download a transcript. (You can download Tax Return, Tax Account, Record of Account, and Wage and Income Transcripts; you can also obtain a Verification of Nonfiling Letter.) So individuals can absolutely obtain a transcript (as long as they have recently filed tax returns) through the program.

However, I am suspicious that the security on this program is not stringent enough. All the questions were multiple choice, so a lucky guesser combined with publicly available information could make this an identity thief’s new best friend since the Death Master File. If you’re a tax professional and have five free minutes, try the program out. I’ll update this post tomorrow after I have my partner run through the same exercise. For the moment, I’ll close by stating that I suspect this program could be abused by identity thieves.

The Death of the Death Master File (Sort of)

Thursday, December 19th, 2013

I’ve been complaining about the Death Master File for some time. This is a wonderful tool for identity thieves, allowing them to get all the details for an individual who has gone to the great beyond. As Jason Dinesen noted, it’s almost certainly the way one of his clients was a victim of identity theft. It’s also the method used in an attempted identity theft of my partner’s deceased stepfather.

But no more. Congress, as part of passing a budget (the first budget passed in years) inserted language requiring the Commerce Department to set up a process to verify users of the Death Master File; for “normal” users, it will take three years (after a person dies) before information is released.

What does this mean? First, file a final tax return for anyone who has passed on. That will tell the IRS that there should be no more tax returns for that social security number.

Second, while the Commerce Department has 90 days to set this program up, expect them to take longer. There’s no penalty on the government if it doesn’t act expeditiously, so I’d estimate it will be sometime in April at the earliest before this is set up. That means we have one more tax season of identity theft from the death master file.

Still, as Jason said, “All I can say is — thank you Congress (how often do we say that anymore?), and it’s about time.”

Bank Notice on IRS Tax Refund Fraud

Monday, December 9th, 2013

The IRS has been making noises that they are more aggressively pursuing identity theft and tax refund fraud. My bank (Bank of the West) sent me a notice on these issues. (I assume it was sent to all Bank of the West customers who were identified as tax preparation firms.)

The letter notes,

The American Bankers Association (ABA) and Internal Revenue Service (IRS) have issued bulletins regarding a significant increase in the number of fraudulent tax refunds filed using stolen Social Security or Tax Identification Numbers. Tax refund fraud involves identity theft, fraudulent W-2 forms and the online filing of fraudulent tax returns for the purpose of receiving a tax refund deposit into the account of a fraudster or an accomplice acting on behalf of the fraudster. Variations of this fraud scheme also include using an unwitting tax preparation firm.

I have not heard about the “unwitting tax preparation firm” issue prior to this letter. Indeed, I suspect that unwitting tax preparation firms are a drop in the bucket of the problem. The 80-20 rule is almost certainly applicable here: At least 80% of tax fraud is committed by 20% of the fraudsters.

That said, the letter and notice are important in how they’ll likely be used in the upcoming tax season. I suspect that banks will match names with the name that the IRS has on file. In most cases these will match. Trouble could ensue, though, for individuals who have recently changed their names. Consider Jane Doe who recently married and became Jane Smith. She’s changed her name with the bank (and the Social Security Administration). However, the IRS doesn’t have the updated records from Social Security, so she’s still Jane Doe. When her refund is issued, it bounces because of the name issue. Individuals who recently changed their names may want to get paper check refunds from the IRS this year.

While I salute the IRS (and the banks) for doing something, this effort is equivalent to patching one hole in a roof that has over a hundred leaks. Hopefully, other efforts are underway. Unfortunately, until I see otherwise I suspect the IRS remains reactive instead of being proactive on the issue of identity theft.

The Wrong Kind of Education Leads to ClubFed

Monday, November 4th, 2013

A California tax preparer decided he wanted to increase refunds for his clients. There’s absolutely nothing wrong with that–I want my clients to get the maximum possible refund allowed under the law. It appears that Kenyon Williams forgot those last three words; he was found guilty of two counts of wire fraud and two counts of aggravated identity theft earlier today.

Mr. Williams prepared tax returns in San Diego and opened his own practice in 2011. In early 2012 he called a friend in Tampa, Alesia Spivey. Here’s what the Department of Justice press release says:

Williams called his friend and fellow tax return preparer, Alesia Spivey, who lived in Tampa, Florida, and discussed the 2012 tax season and Williams’ desire to maximize refund amounts for his clients. During this conversation, Williams solicited information from Spivey regarding methods used, in Tampa, to increase tax refunds.

There’s nothing wrong with this at all–in fact, it’s a good idea to learn from others. However, there was an issue. Continuing with the DOJ press release:

Spivey and Carlista Hawls explained to Williams that individuals in Tampa were using a particular interest income scheme to file bogus tax returns with the IRS. Spivey instructed Williams on how to fill out the tax returns by employing this interest income scheme.

This is where Mr. Williams should have said ‘Thanks, but no thanks,’ and hung up the phone. Because I’m writing this I’m sure you’re several steps ahead of me: Mr. Williams implemented the interest income scheme, and filed 168 fraudulent returns. This resulted in $517,744 of bogus refunds being issued.

But it didn’t end here:

In addition, on March 2, 2012, Spivey and Hawls flew to San Diego, California to meet with Williams. During that trip, Williams provided Spivey and Hawls with a list of names, dates of birth, and social security numbers, including a stack of Navy blood donor records, to be used in preparing fraudulent tax returns in Tampa.

Thus, the identity theft charges. Mr. Williams is looking at up to 49 years at ClubFed. Both Spivey and Hawls pleaded guilty earlier this year.

Thanksgiving Evasion

Sunday, November 29th, 2009

While I had a great Thanksgiving, the individuals I’m highlighting below had a bit less to be thankful for. The first story highlights an indirect result of a traffic ticket while the second spotlights recurrent attempts at defrauding the IRS through identity theft.

First, let’s head to Hartford where Willie McKay was apparently speeding along or, in some other manner, violating Connecticut’s traffic laws. He was pulled over for a routine traffic stop. Well, it was routine until the officers checked to see if Mr. McKay had any warrants outstanding. He had thirty: 21 for filing false state tax returns, seven for failing to file state withholding returns for his church (Mr. McKay is a pastor), one for larceny, and one for computer crimes. Mr. McKay is accused of attempting to bilk Connecticut out of $150,000 in phony income tax returns. Clearly, if you’re wanted on thirty felony counts it pays to obey the traffic laws.

Next, from New Jersey comes word of four Nigerians who succeeded in obtaining $3.2 million in tax refunds they allegedly shouldn’t have. Adeyemisi Toyusini, Adebowale Sheba, Taiwo Daisi, and Adedeni Adenni were arrested and charged with conspiracy to defraud the United States. The defendants allegedly used names garnered from identity theft to file tax returns claiming $11.5 million in refunds. They allegedly used 41 addresses they controlled, and had received $3.2 million in refunds (of which, $2.7 million were deposited). Two of the defendants are allegedly in the United States illegally. All of the defendants are being held without bail and are looking at lengthy terms at ClubFed and large fines if found guilty.

If you are a victim of identity theft you should contact the IRS. The IRS has an information page on identity theft, a form (Form 14039), and a telephone hotline (1-800-908-4490; Note: This number is solely for identity theft). Notifying the IRS may not be on top of your list if this happens to you, but it’s important.