CrossLink Tax Resource Center

Tax Resource Center



Identity Theft and Tax Returns

Identity theft has fast become the biggest type of tax refund fraud for both the IRS and States. As tax identity theft has rapidly grown over the past few years, the IRS and States are devoting more resources to combating it and in educating taxpayers about how to secure their personal information and what to do if they become a victim of identity theft.

This page is designed to give you the latest information on what tax identity theft is and how it can affect an individual’s federal and state return, the latest ways identity thieves are trying to obtain the personal information of individuals, what the IRS Identity Protection PIN is and how it is assigned to an individual, and links that will give you additional information on how to protect yourself from becoming a victim of identity theft.

The following topics are covered:

Ways Identity Thieves are Attempting to Obtain Personal Information
What the IRS is doing to Help Prevent Tax Identity Theft
What States are doing to Help Prevent Tax Identity Theft
IRS Security Summit – IRS, States and Industry Partners Collaborative Effort in Tax Related Identity Theft
What an Individual needs to do if they become a Victim of Identity Theft
Identity Protection PIN
Additional Links for More Information on Identity Theft

Ways Identity Thieves are attempting to Obtain Personal Information
Cybercriminals are getting more creative in their efforts to obtain an individual’s personal information in order to commit tax identity theft from the IRS. Be on the lookout for the following scams:

Steps IRS is Taking to Prevent Tax Identity Theft
Here are examples of some of the steps the IRS is taking to help fight tax identity theft:

  • Continually modifying and adding to their identity theft fraud filters
  • IRS is sending letters to taxpayers when they suspect a return they received may not be the taxpayer’s. The letter explains that the return will not be processed until the individuals verifies who they are with the IRS either by going to page on the IRS or by calling the IRS.
  • Assigning an Identity Protection PIN (IP PIN) to individuals who have been or may have been a victim of identity theft.
  • The IRS Taxes Security Together campaign that is designed to educate taxpayers and tax preparers on what they can do to prevent themselves from becoming a victim of identity theft and secure their personal information.
  • The IRS Protect Clients; Protect Yourself campaign that is designed to educate preparers on what they need to do to protect their computer systems and client tax information from identity thieves.

Steps States are taking to Prevent Tax Identity Theft
Identity thieves are also using an individual’s stolen personal information to file false state income tax returns in both the individual’s resident state and other states that have a state income tax.

Below are examples of some of the steps that States are taking to help fight tax identity theft:

  • States have put in place filters that are constantly modifying and adding to help identity returns that may be fraudulent.
  • State refunds are not being released as quickly as they have been in the past.
  • Verification letters are being sent to taxpayers by most States when they believe the return may not have been filed by the taxpayer. These letters request the individual to verify their identity on a verification page on the State’s website. Once the individual has done this their return will be processed and any refund sent to them.
  • A large number of States are now matching the W-2 information on the returns.
  • States are requesting Driver’s License or State ID information be included on the electronic return in order to help verify the identity of the taxpayer.

IRS Security Summit – IRS, States and Industry Partners Collaborative Effort to Fight Tax Identity Theft
IRS Commissioner John Koskinen convened a Security Summit in March 2015. The Summit’s goal is for representatives from the IRS, State, Tax Software Industry, and Financial Institutions to work together to discuss common challenges and methods to combat tax-related identity theft.

Some of the Security Summit initiatives that were used during the 2016 filing season were:

  • New protocols required all individual tax software customers to update their security credentials to a minimum eight-digit password and establish security questions.
  • Software providers shared approximately 20 data elements from tax returns with the IRS and states to help identify possible fraud.
  • Industry partners performed regular reviews to identify possible identity theft schemes and report them to the IRS and state partners to help stay on top of emerging scams.
  • Summit partners launched a “Taxes. Security. Together.” campaign to increase public awareness about the need for computer security and provide people with tips on how to protect their personal information.
  • Additional data was required to be provided with the e-filed federal and state return. An example of this is asking for information from the taxpayer’s driver’s license or State ID.
  • The Summit partners worked towards setting security guidelines for the tax software industry.

For the upcoming 2017 filing season, the Security Summit initiatives that will be put in place, like those before it, generally will be invisible to taxpayers. These initiatives will include:

  • Expanding a W-2 Verification Code test to cover approximately 50 million 2016 Form W-2s. The selected forms will contain a 16-digit code that taxpayers and tax preparers will enter in their tax software. The code will help validate not only the taxpayer’s identity but also the information on the form. This pilot is among the most visible Summit action for 2017.
  • Identifying additional data elements from tax returns to help improve authentication of the taxpayer and identify possible identity theft scams and sharing data elements from corporate tax returns.
  • Launching the Identity Theft Tax Refund Fraud Information Sharing & Analysis Center (IDTTRF-ISAC) in 2017. This will serve as the early warning system for partners, collecting and analyzing tax-related identity theft schemes.
  • Expanding the Security Summit’s “Taxes. Security. Together.” awareness campaign to tax return preparers to ensure they have the information they need to protect themselves from cyberattacks and to safeguard taxpayer data.
  • Creating a process for financial institutions to identify questionable state tax refunds and return them to states for validation. Twenty-three states have signed on.

For more information on the Security Summit and what changes were put in place for the 2016 filing season and what additional changes will be implemented for the 2017 filing season, see the following webpages:

What Procedures Should Individuals Follow Who Have Been Victims of Identity Theft to Protect their Federal Tax Return
If a taxpayer informs a tax preparer that they have been a victim of identity theft and they have not contacted the IRS about it, the tax preparer should have the taxpayer contact the IRS Identity Protection Specialized Unit at 1-800-908-4490. Once the taxpayer has contacted the unit, they will be asked to complete Form 14039 and mail it to the address provided on the form. This will start the process of the IRS marking their account and issuing an Identity Protection PIN.

Identity Protection PIN (IP PIN) and how it is used on the Federal Tax Return
The IP PIN is a six-digit number that is assigned to taxpayers that have confirmed with the IRS that they are victims of identity theft. The individual will then include the IP PIN on their federal income tax return which will verify to the IRS the taxpayer’s identity and allow their return to be processed in a normal manner. The IP PIN will also prevent someone else from filing a return with their Social Security Number as the primary or secondary taxpayer.

Things to Know about the IRS IP PIN program:

  • Beginning with the upcoming filing season, the IRS will be requiring that an IP PIN for a dependent be entered on the 2015 tax return.
  • Affected taxpayers will receive the IP PIN each December via IRS Notice CP01A. It is valid for use on filing any federal return during that calendar year.
  • The IRS will send an individual a letter which gives them the option of being assigned an IP PIN. This occurs when the IRS believes the individual may have been the victim of identity theft based on their identity theft fraud filters.
  • If the taxpayer, spouse, or a dependent receives an IP PIN from the IRS, they must include it on their electronically filed federal return. If it is not included or is entered incorrectly, the return will not be accepted by the IRS.
  • Once the taxpayer, spouse, or a dependent are assigned an IP PIN, they will continue to receive a new one before each filing season until they request the IRS take the identity protection indicator off of their account.
  • If the taxpayer, spouse, or a dependent lose or misplace their IP PIN, they can retrieve their original IP PIN by going to the online Get an IP PIN page on the IRS website.

For more information on the IP PIN see the following pages on the IRS website:

Additional Links for More Information on Identity Theft

Recent Tax Updates

Warning to Tax Preparers of New Phishing Scam that is Attempt to Steal Passwords
Aug 8, 2017

IRS Security Summit Launches “Don’t Take the Bait” Education Campaign Aimed at Tax Preparers
Aug 1, 2017

IRS Announces Which ITINs Will Be Expiring at End of 2017 and That They Are Now Accepting Renewal Applications
July 27, 2017

IRS Use of Private Debt Collection Agencies
June 20, 2017

Expired Individual Federal Tax Provisions
May 10, 2017

Reminder to Watch for Phishing Email Schemes
March 22, 2017

IRS Identity Verification Letters
March 1, 2017

Additional Reminders for this Filing Season
February 16, 2017

Additional Updates
© 2016 Petz Enterprises, LLC