Main Street businesses might consider themselves too small to be the target of a business identity theft scam, but the Security Summit says that identity thieves are more than happy to steal their personally identifiable information (PII) in today’s National Tax Security Awareness Week topic.
Just like individual identity theft, criminals use stolen PII to fraudulently apply for business-related financial services and file business tax returns. The latter has become increasingly frequent, leading the Security Summit to increase its educational outreach efforts to business-owning taxpayers.
What businesses are targeted by identity thieves?
Reports of international retail chains suffering data theft incidents might give the impression that large brands with millions of customers are the only targets that interest cybercriminals, but the Security Summit says that simply isn’t the case.
The reality is that all businesses are a ripe target for identity thieves. Despite not having as much customer information as an international corporation, a smaller business is unlikely to have robust data security systems in place.
Another thing to consider is that an identity theft incident might be part of a full-blown data breach. Any business that maintains customer information—like a retailer with an online storefront—is a ripe target for identity theft scams.
Tax practices in particular can be home to thousands of taxpayers’ PII. Making matters worse, that data is formatted in such a way that successfully impersonating victims on credit card applications is much easier.
What are the signs that my business has been a victim of identity theft?
The first step in mitigating the damage caused by identity theft is confirming that your company’s identity has been stolen.
As the IRS notes in today’s press release, the signs of business identity theft are similar to individual identity theft. Unfortunately, they only tend to pop up when victims try to file a tax return.
The Summit urges businesses that experience any of the following issues to immediately reach out to the IRS:
- Extension to file requests are rejected because a tax return with the Employer Identification Number (EIN) or Social Security number (SSN) is already on file.
- An e-filed return is rejected because of a duplicate EIN or SSN is already on file with the IRS.
- An unexpected receipt of a tax transcript or IRS notice that doesn’t correspond to anything submitted by the filer.
- Failure to receive expected and routine correspondence from the IRS because the thief has changed the address.
Business identity theft victims will also want to take the same steps as individuals whose identity has been stolen: contact credit bureaus and apply for credit-monitoring services.
How do tax professionals spot business identity theft?
Tax professionals will immediately spot the reject codes outlined above, but the Security Summit stresses that they should also “step up the ‘trusted customer’ procedures” by asking the following questions:
- Is this person authorized to sign the return?
- Were estimated tax payments made?
- [What is the] total income amount from prior-year filings?
- Is there a parent company? If yes, the name?
- [Is there any] additional information based on deductions claimed?
- [What is your] filing history?
According to the release, the programs tax professionals use to file returns also helps in the fight against identity thieves: “Tax software products now share many data elements with the IRS and state tax agencies. These data elements assist the IRS and states to identify suspicious tax returns and to reduce the impact to legitimate filers … [and] allow legitimate returns to be processed as usual.”
What is the final National Tax Security Awareness Week topic?
On Friday, the Security Summit will address data security plans for financial institutions. As every tax professional knows, having a written data security plan in place is required by law. Tomorrow’s blog will include resources to help tax professionals create and improve those plans.
Source: IR-2019-198