Identity Theft - Problems and Prevention Steps

Similar documents
Today s Session. Identity Theft and the Tax Practice 12/7/15. Identity Theft in General. Size of the Problem. Working with an Affected Client

IRS & Partners Combat Tax-Related Identity Theft What s New for 2016

What s New Collection Fall 2015

Presented by Dave Olsen, CPA, President

Taxpayer Guide to Identity Theft Protect yourself. By Beatriz Landa-Sanchez, EA

Tax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud. Brian Wozniak IRS Stakeholder Liaison

June 2015 Newsletter

News Release Date: 11/23/15

National Cyber Security Month 2015: Daily Security Awareness Tips

Tax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud

Taxes & Identity Theft

WRITTEN TESTIMONY OF JOHN A

Tax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud

Tax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud. Anita Douglas, Senior Stakeholder Liaison May 27, 2015

Criminal Investigation

Cyber Self Assessment

A practical guide to IT security

Identity Theft and Online Security

Why you need. McAfee. Multi Acess PARTNER SERVICES

Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s

Certified Secure Computer User

Cyber Security Best Practices

TYPES OF POSSIBLE IDENTITY THEFT

Helping the Identity Theft Victim

Intercepting your mail. They can complete change of address forms and receive mail that s intended for you.

Data Access Request Service

Identity Theft: How the IRS Protects Taxpayers and Helps Victims. Combating Identity Theft and Online Fraud

What are the common online dangers?

How the IRS Helps Taxpayers and Assist Victims

How the IRS Helps Taxpayers and Assists Victims

Why Encryption is Essential to the Safety of Your Business

Fraud Prevention Tips

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

Tax Fraud and Identity Theft Frequently Asked Questions [Updated February 10, 2015] 4. WHAT CAN I DO TO PROTECT MYSELF FROM TAX FRAUD IN THE FUTURE?

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Identity Theft. Protecting Yourself and Your Identity. Course objectives learn about:

Identity Theft and Online Fraud IRS Efforts to Protect Taxpayers. Privacy, Governmental Liaison and Disclosure May 9, 2012

IRS Resources for Payroll Professionals

Perception and knowledge of IT threats: the consumer s point of view

ID Theft & Impact on Florida

Tax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud. Maggie Romaniello SL Field Area Manger

Computer Security at Columbia College. Barak Zahavy April 2010

Internet threats: steps to security for your small business

INTRODUCTION. Identity Theft Crime Victim Assistance Kit

IRS Payroll Topics. Alan Gregerson. VOH to Hires Act of Qualified Veteran WOTC. March 15, 2012

Certified Secure Computer User

Identity Theft. What it is and How to Protect Yourself

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

Section 5 Identify Theft Red Flags and Address Discrepancy Procedures Index

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

Learn to protect yourself from Identity Theft. First National Bank can help.

Preventing and Detecting Identity Theft: Partnering with the IRS to Meet the Challenge. (edited transcript)

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution.

From Data Breaches and Information Hacks, to Unsecure Computing - Know Your Defense

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Security Breaches. There are unscrupulous individuals, like identity thieves, who want your information to commit fraud.

PROPOSED PROCEDURES FOR AN IDENTITY THEFT PROTECTION PROGRAM Setoff Debt Collection and GEAR Collection Programs

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

Privacy Rights Clearing House

Online Fraud and Identity Theft Guide. A Guide to Protecting Your Identity and Accounts

Advising Victims of Tax Identity Theft

IIABSC Spring Conference

Information Security It s Everyone s Responsibility

IRS Criminal Investigation. Special Agent Christine Shanley Supervisory Special Agent Michael Rivera

November 2014 Seminar IRS UPDATES. Oklahoma City Chapter OSCPA. Miscellaneous Topics. Anita Douglas Senior Stakeholder Liaison November 13, 2014

Adams County, Colorado

Online Banking Customer Awareness and Education Program

Navigating the New MA Data Security Regulations

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

Cyber Security. John Leek Chief Strategist

Cyber Security for Businesses

THE UNIVERSITY OF NORTH CAROLINA AT GREENSBORO IDENTITY THEFT PREVENTION PROGRAM

Network Security & Privacy Landscape

Protecting Yourself from Identity Theft

Infrastructure Our Tax Securing Presented by:

LIGC-ACC Presentation November 9, 2015

New IRS Tax Payments Online!

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

Top tips for improved network security

Information Security It s Everyone s Responsibility

Identity Theft Protection

The University of North Carolina at Charlotte Identity Theft Prevention Program

Arkansas Small Business Forum. IRS Identity Theft Prevention Efforts

Data Security in a Mobile, Cloud-Based World

Cybercrime and Identity Theft: Awareness and Protection 2015 HLC Conference

Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually.

Whitepaper on AuthShield Two Factor Authentication with ERP Applications

DESCRIPTION OF H.R. 3832, THE STOLEN IDENTITY REFUND FRAUD PREVENTION ACT OF 2015

suntrust.com 800.SUNTRUST

National Credit Union Administration. Tips to Safely Conduct Financial Transactions Over the Internet

Encryption Made Simple for Lawyers

Security Awareness. ITS Security Training. Fall 2015

Identity Theft Protection

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO p f

Identity Theft and Tax Fraud

Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00)

Transcript Tax Fraud & Identity Theft - Protecting your clients and yourself Webinar

Presented By: Corporate Security Information Security Treasury Management

DSHS CA Security For Providers

Transcription:

Identity Theft and the Tax Practice Edward K. Zollars, CPA www.cperesources.com www.currentfederaltaxdevelopments.com New Mexico Tax Conference Today s Session Identity Theft in General Size of the Problem Working with an Affected Client Avoiding Being Part of the Problem 2 1

Identity Theft Size of the Problem 3 It s a Growth Industry for Tax ID Theft Easy to monetize Electronic filing used fast refunds as a selling point Criminals dump fake returns into the system early in the process By design the system cannot easily catch this Information reporting (including withholding) not required to be filed until long after return processing begins Only a single factor generally used for system to identify the taxpayer (social security number) Problem is growing each year Treasury Inspector General (TIGTA) issued two reports in 2013 4 2

12/4/15 #PSTECH 5 #PSTECH 6 TIGTA has reason t o believe a much larger number escaped detection the real numbers may be twice as high 3

12/4/15 #PSTECH 7 #PSTECH 8 4

#PSTECH 9 IRS Criminal Prosecutions Number is rising But clearly the vast majority of criminals get away with their crime Statistics through April 10, 2014 reported by IRS Criminal Investigation Division 10 5

First Lady of Tax Fraud Used prepaid debit cards loaded with refunds from falsified returns from 2009 through 2012 Filed from Perpetrator s home Various hotels around Tampa, Florida (the capital of tax refund fraud) Scheme netted her and her partner nearly $4.5 million 11 Identity Theft Working with the Affected Client 12 6

IRS Advice to Reduce Chance of ID Theft Don t carry documents with SSNs on them with you Limit giving out SSN Protect financial information Check credit report at least annually Secure all personal information at home Computer safety Firewalls Anti-spam/virus software Password security Ed s tip DON T BE AN IDIOT Don t give out personal information You did not initiate contact Not verified ID 13 The One Thing Clients Need to Be Told: The IRS does not initiate contact with taxpayers by email or social media tools to request personal or financial information. The IRS does not send emails stating you are being electronically audited or that you are getting a refund. This includes any type of electronic communication, such as text messages and social media channels. - IRS FAQ on Identity Protection Tips 14 7

The One Thing Clients Need to Be Told: The IRS does not initiate contact with taxpayers by email or social media tools to request personal or financial information. The Note IRS does Neither not send do emails stating you are being electronically banks, brokers, audited or that etc. you are getting a refund. This includes any type of electronic communication, such as text messages and social media channels. - IRS FAQ on Identity Protection Tips 15 IRS Procedures 16 8

IRS Indicators of Tax ID Theft Notice more than return has been filed for taxpayer s identification number Collections for year in which no tax was due IRS shows more wages than taxpayer received Taxpayer has state or federal benefit cancelled due to reported income change 17 What to Do Next? IRS Notice Received Contact IRS to stop the computer s autopilot functions Get Power of Attorney Document all communications with IRS Consider use of taxpayers advocate office if process threatens to roll over client Reach out to IRS ID Theft Unit (800-908-4490) No IRS Notice (Yet) Contact IRS ID Theft Unit (800-980-4490, x245) Explain why taxpayer believes at risk Lost or stolen wallet/purse Home robbery Questionable credit activity Ask IRS to secure account and flag as potential ID theft victim 18 9

IRS Form 14039 IRS Form 14039 Used to document issues related to identity theft Also provides a cover sheet for information needed to document client s identity Remember IRS needs to conclude your client is who they say they are 19 Form 14039 20 10

Form 14039 21 Hurry Up and Wait Client needs to understand this is going to take time Refunds are likely going to be delayed (significantly) Executor may have issues closing an estate Mortgages/refinancings will be difficult to obtain Other taxing agencies may be involved May have other, nontax, ID theft issues IRS unlikely to be able to speed this up much without creating a bigger problem 22 11

IRS Identity Protection PIN (IP PIN) Six digit number issued by IRS Originally limited to prior victims of identity theft IRS testing expansion in 3 highest risk markets (Florida, Georgia, DC) Submitted with return Electronic returns will be rejected without it Paper returns will take much longer to process 23 IRS Identity Protection PIN (IP PIN) 24 12

IRS Identity Protection PIN (IP PIN) What if find out: Taxpayer never noticed he/she was assigned one? Taxpayer loses the document? Recovery of IP PIN Originally had to call IRS, have new IP PIN issued after IRS confirmed identity Online option started this year to use taxpayer must have Social security number Date of birth Email address and Filing status and mailing address from most recently filed tax return 25 Identity Theft Avoiding Being Part of the Problem 26 13

CPA Firms and Data CPA Firm Clients are High Worth Targets Professionals Just Want to Work in Their Area Look at Protecting Your Clients 27 IRS Publication on Protecting Data FS-2015-24, Publication 4557 Outlines steps preparers should take Reminds us of our responsibilities Remember New Mexico has its own law in this area as well Most likely to be cited as standard of care if breech occurs 28 14

IRS Recommended Steps Top-notch security software that includes a firewall, antimalware and anti-virus programs; make sure they are set to automatically update so that the software can stay current against the latest threats; and consider having firewalls for both hardware and software. 29 IRS Recommended Steps An education program for all employees to ensure they understand the dangers of phishing emails and other threats to taxpayer data. Publication 4557 has several items related to employees such as halting their access to the preparer s computer systems if they leave employment. 30 15

IRS Recommended Steps Strong passwords that are changed periodically; consider having different levels of password protection. For example, have one password to access the computer system and a separate password to access tax software or client files. That way, if the computer system is breached, perhaps not all of the information will be exposed. 31 IRS Recommended Steps Secure wireless connection. If Wi-Fi is used, protect taxpayer data by making sure it is password protected and encrypted email programs to exchange PII information with taxpayers. 32 16

IRS Recommended Steps Back up taxpayer data frequently, perhaps on an external hard drive, and ensure that the hard-drive is kept in a secure location with limited access by others 33 IRS Recommended Steps Store any paper files in a secure location. 34 17

IRS Recommended Steps Access IRS e-services weekly during the filing season and periodically throughout the year to see the number of returns filed using the preparer s EFIN. If the number is excessive, contact the e-help Desk for e-services immediately. 35 Full Disk Encryption Microsoft Windows BitLocker In Windows Professional for Windows 7 and later Not obvious how to install if computer lacks TPM module Inexpensive non-enterprise laptops often lack it Can be installed http://www.howtogeek.com/howto/6229/how-to-use-bitlocker-ondrives-without-tpm/ Apple OSX Filevault 2 Third Party Options Veracrypt Symantec PGP Full Disk Encryption Can be used on removable drives as well 36 18

Small is Convenient and Easy to Lose Content of the drive Users copy all kinds of data onto thumbdrives Often only delete data when the drive fills up A thumbdrive used by a CPA could contain Client personal information Firm detailed information Security information (passwords, etc.) Data files that contain personal information clients obtained from their customers, employees, vendors, etc. (think payroll) Generally no record is kept of data that has been transferred to a drive 37 Phones, Tablets, Etc. ios Device Locking options Erase if fail 10 times option Long password option Remote device management Fingerprint reader (iphone 5S only) Android Devices Locking options Additional options (though likely less secure if use them) Can use long passwords Remote device management Fingerprint reader (currently Galaxy S5) 38 19

Organizations and Identity Theft 39 Organizations and Identity Theft We have met the enemy and he is us. -Walt Kelly, Pogo 40 20

End User Behavior Problems Far more important than all the security hardware software you have installed Cannot delegate or outsource this issue Issues Targeted phishing attacks The disaster that is Outlook (or any mail client) Every user (even rainmakers, managing partners, senior tax partners, etc.) must understand risks of what they do with their computers and devices 41 Issue Most employees are exposed to their firm's IT and computer policies on the day they are hired, but seldom are reminded after that. Firms should review their policies annually and incorporate new IT considerations, such as tablet device and smartphone usage and social media concerns, and then provide annual training on any updated policies. Employees should also be educated on current cyber security threats and social engineering scams impacting them and their clients, to further minimize the possibility of becoming a victim. PPC Auditing and Accounting Update, May 2014 42 21

SANS Recommended Program Perform gap analysis (find the weak links) Provide training to address the weak link problems Security program implemented to Common attacks directed against the individual user (phishing, attachments, etc.) Make delivery short and convenient for users Continually update for current attacks (watch for notices of phishing attacks from organizations like AICPA, IRS, etc.) Mandate annual completion for every employee ENFORCE THE POLICY (ESPECIALLY AT THE TOP) Test employees from time to time to see if they are following the policy 43 Risk to the Firm Requirement to maintain confidentiality Ethics Rule 301/New ET Sec. 1.700.001 Note upcoming codification s use of terms safeguards and threats as key concepts State data breach laws In all U.S. states, territories and District of Columbia except for Alabama, New Mexico and South Dakota See links in material to state(s) of interest to you 44 22

Additional Issues Definition of personal information under statute Basically name Along with any of the following Social security number Driver s license Account number, etc. that grants access to financial account Nature of notification defined by statute Realize NOT JUST LIMITED TO CLIENTS 45 Contact Information Edward K. Zollars, CPA edzollars@thomaszollarslynch.com www.cperesources.com Twitter: @edzollars 46 23

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information