Banking and Financial Services Sections

The Steal Industry

The Growing Problem of Tax-return Identity Theft

One of the great scams being perpetrated today is what’s known as tax-return identity theft. Unscrupulous thieves are using stolen identities to prepare tax returns on behalf of unsuspecting individuals, and reaping thousands of dollars per false return filed.

How big of a problem is it? Treasury Inspector General Russell George said back in May that criminals who file fraudulent tax returns by stealing people’s identities could rake in an estimated $26 billion over the next five years because the IRS cannot keep up with the volume of the fraud. That’s a sobering figure.

How do you know if you have been subject to tax-return identity theft? Basically, after you file your actual tax return, you will get a letter from the IRS that says something like, “thank you for filing your tax return. However, we already received your tax return back in February.” That should trigger a big alert that something is seriously wrong. Residents of Puerto Rico have it even worse, since they don’t need to file a U.S. tax return unless they have U.S. activity. As such, when their identities are stolen for tax-return purposes, they don’t even get a warning letter, because they may not have had to file a U.S. tax return. Thus they don’t even know their identities were stolen in the first place. As a result, Puerto Rico has become a priority for the IRS.

The identity thieves basically make up everything on the tax return and prepare the return in such a way that a huge refund is expected. The refund is sent electronically, and the thieves now have loaded-up debit cards. The average theft appears to be in area of $5,000, and the aggregate problem is in the billions of dollars.

It is absolutely imperative that people be more diligent with respect to whom they provide their private and financial information. Further, it is more important than ever for businesses to be extra diligent in the safeguarding of that information. Massachusetts General Law CMR 17 mandates that organizations maintaining private information do so with strict accordance to the law. Therefore, ask how your lawyer, accountant, tax preparer, medical center, new or used car dealer, mortgage lender, bank, etc., safeguards your personal information.

I don’t believe it is unreasonable to predict that random, educational ‘spot testing’ by taxing authorities, in the form of actual physical visits, is in the future to help alleviate the hemorrhaging of personal information. As such, the best advice I can offer to everyone is to prepare to be able to explain to clients, customers, and the IRS, for that matter, exactly how you safeguard private information.

Here’s an example. Our office is on the top floor of our building, and there is no elevator access after working hours or weekends and holidays without an access key. Besides the small fortune we invested in electronic security, our office is equipped with motion alarms and continuously recording cameras. We have a camera in our file room. With the permission of our building owner, we even have cameras outside of our leased office space. That’s how serious we have become with security.

Although this whole issue is due to unscrupulous individuals, I believe both the IRS and the Commonwealth of Massachusetts bear some responsibility here. The rush to mandate e-filing for everyone obviously happened faster than the IRS and the Commonwealth’s ability to monitor it, as we can see from the epidemic of tax-return identity theft. At least with paper returns, W-2s were attached, and the returns were signed by taxpayers and preparers. Presently, none of these safeguards are required by thieves, and the proverbial rooster is in the electronic hen house.

Tax returns can be filed electronically from anywhere; interestingly, one of the great tax-return identity-theft operations originated out of the Dominican Republic. The only reason this operation was discovered was because several New York City postal employees were contracted by the thieves to deliver tax refunds to certain P.O. boxes. The only ones captured were the postal employees, because the organizers of the fraud were never caught.

Even the IRS inadvertently discloses personal information. I am personally aware of a very recent situation where an IRS letter was inadvertently sent to the wrong address. As a safeguard, the IRS letter indicated only the last four digits of the taxpayer’s Social Security number. The recipient wanted to do the right thing and wrote a letter to the IRS with a copy of the original letter, in the hopes that the IRS would understand that they had the wrong address. The IRS responded with a “thank you, we’ll get back to you” and, as an added bonus, provided the entire Social Security number of the taxpayer to this complete stranger. Now that is a very serious breach of security. We have notified the IRS Commissioner in Washington of this particular situation, and we hope we are able to help prevent an unfortunate security breach from occurring again.

Exempt organizations need to be more careful also. Lois Lerner, the IRS director of Exempt Organizations (and a Western New England University graduate), in a speech this past April at Georgetown University, warned about “an important issue of the day.” Between 2001 and 2006, more than 132,000 charities included at least one Social Security number on their tax returns. Those were the Social Security numbers of donors, trustees, employees, directors, scholarship winners, and the tax preparers themselves (the last of which is inexcusable, given the availability of preparer tax-identification numbers). Thus, make sure that any not-for-profit organizations that you are involved with aren’t revealing anyone’s private information, because once it’s on Guidestar, it’s public.

In summary, tax-return identity theft is real, and it’s going to be with us for a while. In the interim, it is imperative to be more diligent with your private information than ever before, ask more questions of those who maintain your private information, file your tax returns as early as possible (thus circumventing a theft), and, for business owners and professionals, treat your customers’ and clients’ private information as though it were currency, because, frankly, it now is.

Paul L. Mancinone is a principal with Paul Mancinone Co., P.C. in Springfield. His practice is primarily focused on taxpayer representation before federal and state agencies, and also has a recurring client base of individuals and business entities; [email protected]