Businesses Becoming Popular Victims of Identity Theft

Businesses Becoming Popul…

The increasing number of incidents of individual tax refund fraud and identity theft has resulted in the IRS developing better detection procedures and addressing incidents of individual identity theft. However, the tax fraud epidemic has another side that remains largely unaddressed – business identity theft.

The federal employer identification number (EIN) of a business is comparable to an individual’s Social Security number. An EIN is required to open business banking accounts, take out loans, establish credit accounts with vendors, initiate merchant credit card processing accounts, prepare state and federal tax filings, and facilitate other day-to-day business activities. An EIN, however, is not provided the same privacy protections as an individual’s SSN. In fact, some states, such as Florida, show a business’s EIN in their publicly-accessible corporations database.

Business EINs are used in tax fraud schemes by reporting fraudulent wages and tax withholding. An unsuspecting business will later receive a surprise notification from the IRS of a tax deficiency; in one instance, this was to the tune $800,000 in unpaid payroll taxes. A Captain D’s seafood restaurant franchise in Atlanta, Georgia, was the victim. Using the business’s EIN, the fraudsters created more than 100 phony W-2 forms to report over $4 million in salaries to state and federal agencies. The salaries were non-existent. By creating these phony salaries, the fraudsters could then seek tax refunds claiming the fictional salary earners had overpaid their federal income tax. Fraudulent returns are commonly filed early, when the IRS first begins accepting tax returns, because the IRS has not yet matched up individual wage and income information with the wage and income reported by the employer. The IRS typically compares W-2 information after January 31st.

For the criminals to successfully implement the tax fraud, the falsified wages and withholding amounts must originate from a real employer, thus requiring the use of an employer’s business name, address, and EIN. Consider that with e-filing tax returns and using electronic tax filing software, an actual W-2 document is not required. The W-2 information is simply entered in an online form.

While businesses can successfully dispute the notification of deficiency from the IRS and ultimately resolve the issue, it certainly takes time, resources, and professional fees to address the difficult and protracted investigation by tax agencies and the Social Security Administration. The business must prove to each of these agencies that it was the victim of a fraud.

Now that the U.S. is in the midst of tax filing season, businesses should re-visit their internal processes and protections to better protect their identity. The IRS provides a list of actions to take if a business’s identity has been compromised:

  • Respond immediately to any notices from the IRS, using the contact information on the notice or letter;
  • File a police report with the local police department;
  • Carefully review and reconcile account statements as soon as received;
  • Regularly review business registration information online (for all active and closed businesses);
  • Monitor credit reports for suspicious activity every 12 months;
  • Place a fraud alert on credit reports by contacting any one of the four nationwide credit reporting companies;
  • Close any accounts that have been tampered with or opened without permission;
  • File a complaint with the Federal Trade Commission;
  • Update virus, malware, and other security software programs on computers;
  • Remain vigilant and be alert for suspicious or unusual activity.

For more information, visit the IRS’s Tax Practitioner Guide to Business Identity Theft.

Recent Blog Posts

Under the Wing

CTA Paused… For Now

Happy Holly Days!