Unless you filed for an extension, it is unlikely you’re usually thinking much about your taxes this time of year. But this year, you should make an exception.
After the massive Equifax breach in September, many observers expect an increase in fraudulent tax returns in 2018. Having your Social Security number exposed in the hack does not necessarily mean your credit will be affected, but there are other ways for bad actors to take advantage of your leaked information. Steps to protect against fraudulent accounts, such as credit freezes, will do nothing to prevent someone from falsely filing a tax return under your name in hopes of stealing a refund.
Take it from a tax professional: Clearing up a fraudulent return is a time-consuming pain in the neck. On the principle that prevention is the best policy, many taxpayers may want to take steps to lower their risk of becoming a victim, especially if their personal data has been exposed.
Filing early is a relatively simple step that shrinks the window in which fraudsters can file a fake return in your name. While you certainly shouldn’t rush into any filing mistakes, you can start preparing now to save yourself time once January arrives. Review your most recent return, and make a list of materials you’ll need to file, such as W-2 and 1099 forms. If you switched jobs, got married or moved, prepare for the resulting changes to your return. If you plan to itemize your deductions, make sure your receipts are in good order. All of this assumes, of course, that your tax situation allows you to file early; not every taxpayer can.
Depending on your level of concern, you can try to sign up for online access to your personal tax account. However, the Internal Revenue Service does not make sign up easy. Reportedly fewer than half of the applicants for such access succeed, due to the IRS’ stringent process. If you are willing to put in the time and are lucky enough to gain approval, however, online access will let you see quickly if a fraudulent return has been filed in your name.
The IRS does offer a more robust solution than either of these options, however: an identity protecting personal identification number (IP PIN). Participants receive new numbers annually and must include the PIN with their return. Unfortunately for those worried about the Equifax breach, there’s a catch. IRS guidelines typically allow taxpayers to request a PIN only if they are victims of tax identity theft. (Larry Elkin wrote about requesting a PIN for himself and his wife, Linda, in this space a few years ago, after a fraudulent return was filed in Linda’s name.)
However, under a pilot program, the IRS allows all taxpayers who filed a federal return the prior year as residents of Florida, Georgia or the District of Columbia to request an IP PIN. The Service says it selected these three locations because they have the highest per-capita rate of tax identity theft. Some tax professionals have speculated that, in the wake of the Equifax breach, the IRS may extend the PIN program even further this year, though so far the Service has not officially announced any expansion.
Note that an IP PIN is not a cure-all. According to a March 2017 Treasury audit, the IRS mailed incorrect instructions to 2.7 million participants in the program for tax year 2016, and ignored repeated recommendations to shut down its online application system after a security breach was identified. And in February 2016, the IRS reported a cyberattack had targeted that online application system, though no personal taxpayer data was compromised.
That said, at this time a PIN appears to be the best protection against tax fraud currently on offer. If you have access to the program, either through your state of residence or because you were a fraud victim in the past, you should consider taking advantage of the IRS’ offer, since any time spent on securing a PIN will be much less aggravating than the time required to fix the aftermath of a fraudulent return. Because there may be new developments in the next few months, and because it is impossible to file a fraudulent return for tax year 2017 until January 2018, we recommend waiting until late 2017 or early 2018 before applying for an IP PIN.
The IRS says it is also working on behind-the-scenes practices to curtail tax identity theft. How effective these unspecified measures will be is anyone’s guess, though the IRS has said taxpayers’ reports of identity theft fell sharply between 2015 and 2016, and that suspect refunds stopped by banks also dropped. My colleagues and I have seen firsthand the measures the IRS takes to prove a taxpayer is who they say they are. As my colleague ReKeithen Miller observed, increased security measures can be positive overall, but combining them with decreased IRS funding can lead to major hassles for honest taxpayers.
For now, taxpayers eligible for an IP PIN should consider getting one later this year or in early 2018. Even if it is not a foolproof process, a PIN can offer increased peace of mind and prevent an even bigger headache down the road.
Posted by Paul Jacobs, CFP®, EA
photo courtesy seniorguidance.org at Flickr
Unless you filed for an extension, it is unlikely you’re usually thinking much about your taxes this time of year. But this year, you should make an exception.
After the massive Equifax breach in September, many observers expect an increase in fraudulent tax returns in 2018. Having your Social Security number exposed in the hack does not necessarily mean your credit will be affected, but there are other ways for bad actors to take advantage of your leaked information. Steps to protect against fraudulent accounts, such as credit freezes, will do nothing to prevent someone from falsely filing a tax return under your name in hopes of stealing a refund.
Take it from a tax professional: Clearing up a fraudulent return is a time-consuming pain in the neck. On the principle that prevention is the best policy, many taxpayers may want to take steps to lower their risk of becoming a victim, especially if their personal data has been exposed.
Filing early is a relatively simple step that shrinks the window in which fraudsters can file a fake return in your name. While you certainly shouldn’t rush into any filing mistakes, you can start preparing now to save yourself time once January arrives. Review your most recent return, and make a list of materials you’ll need to file, such as W-2 and 1099 forms. If you switched jobs, got married or moved, prepare for the resulting changes to your return. If you plan to itemize your deductions, make sure your receipts are in good order. All of this assumes, of course, that your tax situation allows you to file early; not every taxpayer can.
Depending on your level of concern, you can try to sign up for online access to your personal tax account. However, the Internal Revenue Service does not make sign up easy. Reportedly fewer than half of the applicants for such access succeed, due to the IRS’ stringent process. If you are willing to put in the time and are lucky enough to gain approval, however, online access will let you see quickly if a fraudulent return has been filed in your name.
The IRS does offer a more robust solution than either of these options, however: an identity protecting personal identification number (IP PIN). Participants receive new numbers annually and must include the PIN with their return. Unfortunately for those worried about the Equifax breach, there’s a catch. IRS guidelines typically allow taxpayers to request a PIN only if they are victims of tax identity theft. (Larry Elkin wrote about requesting a PIN for himself and his wife, Linda, in this space a few years ago, after a fraudulent return was filed in Linda’s name.)
However, under a pilot program, the IRS allows all taxpayers who filed a federal return the prior year as residents of Florida, Georgia or the District of Columbia to request an IP PIN. The Service says it selected these three locations because they have the highest per-capita rate of tax identity theft. Some tax professionals have speculated that, in the wake of the Equifax breach, the IRS may extend the PIN program even further this year, though so far the Service has not officially announced any expansion.
Note that an IP PIN is not a cure-all. According to a March 2017 Treasury audit, the IRS mailed incorrect instructions to 2.7 million participants in the program for tax year 2016, and ignored repeated recommendations to shut down its online application system after a security breach was identified. And in February 2016, the IRS reported a cyberattack had targeted that online application system, though no personal taxpayer data was compromised.
That said, at this time a PIN appears to be the best protection against tax fraud currently on offer. If you have access to the program, either through your state of residence or because you were a fraud victim in the past, you should consider taking advantage of the IRS’ offer, since any time spent on securing a PIN will be much less aggravating than the time required to fix the aftermath of a fraudulent return. Because there may be new developments in the next few months, and because it is impossible to file a fraudulent return for tax year 2017 until January 2018, we recommend waiting until late 2017 or early 2018 before applying for an IP PIN.
The IRS says it is also working on behind-the-scenes practices to curtail tax identity theft. How effective these unspecified measures will be is anyone’s guess, though the IRS has said taxpayers’ reports of identity theft fell sharply between 2015 and 2016, and that suspect refunds stopped by banks also dropped. My colleagues and I have seen firsthand the measures the IRS takes to prove a taxpayer is who they say they are. As my colleague ReKeithen Miller observed, increased security measures can be positive overall, but combining them with decreased IRS funding can lead to major hassles for honest taxpayers.
For now, taxpayers eligible for an IP PIN should consider getting one later this year or in early 2018. Even if it is not a foolproof process, a PIN can offer increased peace of mind and prevent an even bigger headache down the road.
Related posts: