Tax Related Identity Theft Jason B. Freeman, J.D., CPA Freeman Law, PLLC 2595 Dallas Pkwy., Suite 420 Frisco, Texas 75034 (214) 984 3410 Jason@FreemanLaw Pllc.com www.freemanlaw Pllc.com Copyright Freeman Law, PLLC. All rights reserved. 1 Jason B. Freeman, J.D., CPA Phone (214) 984-3410 Toll-free (855) 676-1040 Jason@FreemanLaw-Pllc.com Mr. Freeman is the managing member of Freeman Law, PLLC, a tax, white-collar, and litigation boutique law firm based in the Dallas-Fort Worth Metroplex with clients throughout the world. He is a tax attorney and adjunct professor at SMU s School of Law, as well as a licensed CPA. Mr. Freeman handles federal and state tax controversies and white-collar civil and criminal matters, as well as advises clients in tax planning and compliance matters. Mr. Freeman has been recognized multiple times by D Magazine as one of the Best Lawyers in Dallas for tax law, and by Super Lawyers and Texas Monthly magazine. He is the President of the North Texas chapter of the American Academy of Attorney-CPAs, serves on the Executive Board for the Texas Society of CPA's, and sits on the Board of Directors for the Dallas Society of CPAs. 2 1
What is Tax Related ID Theft? 3 The Scale of the Problem An new ID theft occurs every two seconds! The financial burden of identity theft costs more than all other property crimes combined ID theft is the No. 1 complaint filed with the FTC More than 1 billion personal records were stolen in 2014 Large scale data breaches netted more than 100 million SSNs in 2015 4 2
Recent SIRF Schemes Harassing Calls from IRS CI agents Fraudsters Posing as Company Executives Puerto Rico/Territorial Schemes Others 5 Loan Company Employee Steals Identities Used to File False Tax Returns July 21, 2016 DOJ Press Release. Defendant was sentenced to 48 months in prison for her role in a stolen identity refund fraud scheme. Defendant admitted that between January 2013 and August 2015, she worked at two loan companies in Montgomery, Alabama, and had access to the personal identifying information of customers. She agreed to steal information from her employers and provide it to her coconspirator who used that information to file over 335 returns claiming more than $400,000 in fraudulent refunds and directed the requested tax refunds to prepaid debit cards and U.S. Treasury checks, which were mailed to addresses in Montgomery, including her residence. 6 3
Former Healthcare Employee SIRF Conspiracy Using Patient Information July 20, 2016 DOJ Press Release. Defendant worked at a healthcare company where she had access to patient information protected from disclosure under the Health Insurance Portability and Accountability Act of 1996. She admitted that she stole the names, dates of birth and social security numbers of patients from her employer s database and provided these identities to a co conspirator who then provided the stolen personal identification information to another co conspirator who, along with others, used it to file fraudulent federal tax returns with the Internal Revenue Service (IRS) requesting tax refunds. Defendant and her co conspirator were prosecuted and sentenced to 74 months and 60 months in prison, respectively. 7 How Does it Happen? A Common Scenario 8 4
How do ID Thieves Obtain Identifying Information? 9 How Identity Theft Occurs Identity theft often occurs from the following sources: Dumpster diving Skimming Phishing Address changes Theft of records Pre texting Trojan Horses Spyware Data breaches 10 5
Data Breaches 11 The IRS Get Transcript Application Breach In 2015, IRS announced a breach of its Get Transcript System IRS CRISC identified irregularities Approximately 724,000 account affected Required breaching a multi step authentication 12 6
The IP PIN Data Breach March 2016 IRS announced suspension of IP PIN Services on IRS.gov Another breach of authentication process 13 What are the Current Trends? 14 7
What are the Current Trends? 15 The IRS Response: A Four Pronged Approach The IRS Strategic Approach is centered around the following objectives: Prevention Detection Victim Assistance Enforcement 16 8
How Does the IRS Detect ID Theft? 17 Prevention and Initiatives: Combatting IDT on the Front End The Security Summit IDT Filters Authentication Checks Information Return Matching Taxpayer Protection Program Identity Protection PIN Program 18 9
The Security Summit Initiative A collaborative effort to address tax related identity theft a partnership between the IRS, state tax administrators, and the tax industry, including tax return preparation firms, tax software vendors, and payroll and tax financial product processors. This public private partnership was launched in March 2015 to establish new safeguards to protect taxpayer information and the integrity of federal and state tax systems. 19 The IP PIN Program IP PIN Program began in the 2014 tax year The IP PIN is used as a supplement to the taxpayer s SSN to identify the taxpayer as the valid owner of the SSN and related tax account. Must be included on electronically filed income tax returns New number issued before each filing season via CP01A notice Currently, no opt out provision How to get an IP PIN: Residents of Florida, Georgia, and the District of Columbia can participate in the IRS IP PIN pilot program; Determination by IRS that taxpayer is a fraud victim; Taxpayer reports tax related identity theft on Form 14039 20 10
IP PIN IRS Notices CP01 Notifies the taxpayer that the IRS has resolved IDT issues and that an identity theft indicator has been placed on their account. CP01A An annual notice that contains the latest IP PIN. CP01F A one time notice for 2015 giving certain taxpayers option of obtaining an IP PIN through www.irs.gov/getanippin. 21 IDT Filters Improved ID theft models and filters In 2012, the IRS had 12 filters; returns currently pass through more than 200 Return Review Program ( RRP ) Dependent Database (DDB) Electronic Fraud Detection System (EFDS) 22 11
The Return Review Program In February 2009, the IRS began development of the Return Review Program (RRP) to replace its existing fraud detection system. The IRS conducted a pilot test of the RRP to assess its effectiveness in identifying potential identity theft tax returns during Processing Year 2014, and based on the positive pilot results, expanded the use of the RRP s identity theft detection for Processing Year 2015. The RRP uses predictive analytics, models, i.e., filters, clustering, a scoring system, business rules, and selection groups to identify suspected identity theft and fraudulent tax returns. 23 The Taxpayer Protection Program Filters and modeling identify suspicious returns Suspicious returns pulled for Taxpayer Protection Program verification and treatment stream Correspondence sent to address on the return asking for identity verification 24 12
The Taxpayer Protection Program 25 Victim Assistance 26 13
Enforcement: CID and ID Theft Prosecution Efforts Fighting ID theft related tax fraud is CI s TOP priority Over the past three years, IRS CID has helped convict approximately 2,000 identity thieves During fiscal year 2015, the average prison term was 38 months the longest sentence was over 27 years. The Law Enforcement Assistance Program ( LEAP ) ID Theft Clearing House ( ITC ) Multi region task forces Questionable Refund Program Return Preparer Program 27 Questionable Refund Program Investigation Example IRS Press Release Bulgarian Citizen Sentenced for Role in $6 Million Tax Refund Scheme On June 2, 2016, in Newark, New Jersey, Vanyo Minkov, a citizen of the Republic of Bulgaria, was sentenced to 46 months in prison, two years of supervised release and ordered to pay restitution of $2,702,555. In late 2012, Minkov and his conspirators hacked into the networks of at least four accounting firms and stole the 2011 tax filings for over 1,000 of the firms clients. Minkov and others then used the stolen information to file fraudulent tax returns in the clients names for the 2012 tax year or sold the information to others for the same purpose. To date, the IRS has identified over $6 million in fraudulent claims made in connection with the scheme 28 14
Common Charges in SIRF Cases 18U.S.C. 286/287(False Claims) 18 U.S.C. 641 (Theft of gov t funds) 18 U.S.C. 1029 (Access device fraud) 18 U.S.C. 1343 (Wire fraud) 18 U.S.C. 1028 (ID theft) 18 U.S.C. 1028A (Aggravated ID theft) 18 U.S.C. 371 (Conspiracy) 29 Legislation The Consolidated Appropriations Act of 2016 The PATH Act What s On the Horizon? 30 15
The Warning Signs More than one tax return was prepared for taxpayer Receipt of notice from IRS Rejected E File Notice regarding an unknown employer 31 What to Do if A Client is Victimized File a police report File a complaint with the FTC Contact the IRS to report the theft and file IRS Form 14039, Identify Theft Affidavit. Contact credit bureau to place fraud alert, request a credit report Close any financial accounts opened without authorization Contact State tax agency Contact Debt Collectors Other Steps 32 16
The IRS Process The taxpayer attempts to file a return or experiences a loss of PII. IRS Form 14039, Identity Theft Affidavit, is filed. IRS codes taxpayer s account to show identity theft documentation was submitted. IRS reconciles taxpayer s account to reflect valid return information. Identity protection indicator is placed on the taxpayer s account. IRS issues a CP01 notice to let the taxpayer know an identity theft marker has been placed on his/her account. Before the next filing season, the IRS generally assigns the taxpayer a unique Identity Protection PIN to verify his/her return. If the taxpayer is identified as being deceased, the IRS locks the account to prevent future filing. 33 Best Practices Implement a security plan Educate clients Urge them to protect IP PINs, E File PINs, etc. Use security software with firewall and anti virus protections. Use strong passwords. Learn to recognize and avoid phishing emails, threatening calls and texts from thieves posing as legitimate organizations such as your bank, credit card companies and even the IRS. Don t respond to suspicious IRS emails, texts, or faxes Do not click on links or download attachments from unknown or suspicious emails. Encrypt sensitive Other 34 17
Concluding Remarks and Questions 35 Disclaimer The information included in these slides is for discussion purposes only and should not be relied on without seeking individual legal advice. 36 18