Taxable Talk

One of my favorite quotes is from President Ronald Reagan:

The most terrifying words in the English language are: I’m from the government and I’m here to help.

Yet another instance of this appears to be striking with the IRS.

Kristy Maitre of the Iowa Center for Agricultural Law and Taxation (at Iowa State University) reports tonight that scammers have apparently been able to crash the IRS’s online IP PIN system. This shouldn’t be a shock; as Kristy notes a TIGTA report released in December (though not on their website) and a Tax Analysts analysis highlighted this vulnerability.

This new vulnerability hits taxpayers whose lives have already been thrown in disarray by one identity theft case. Now they may have a second identity theft case. (If they’re lucky, the first case has been resolved by now.)

The only solution is for the IRS to shut down this vulnerability immediately. I’m not holding my breath, though, on that happening soon.

It’s apparent that the IRS needs to go back to square one in regards to their information technology. After all, “I’m from the government and I’m here to help.”

I was so, so tempted to write, “Math Is Hard, IRS Addition,” but I held off. Why? Because it turns out that it wasn’t 104,000 people who were victimized in last year’s “Get Transcript” hack, nor was it 334,000 taxpayers.

The actual number was more than 700,000. And the unsuccessful attempts didn’t total 10,000; they totaled 500,000!

That’s a total of 1.2 million taxpayers impacted by this. There are around 320 million people living in the United States, so we’re talking around 1 of every 266 people being impacted. And given that this is the second upward revision of these numbers, who is to know if this is really the final total?

Before the data breach was first announced, I noted that the information that was asked for was publicly available; I felt the system wasn’t secure. It turns out I wasn’t the only one to warn about this. Krebs on Security (written by Brian Krebs) warned about this in March 2015.

Unfortunately, the politicized atmosphere in Washington won’t allow anything meaningful to happen here. What the IRS should do is emulate the online system that California’s Franchise Tax Board has. That system combines web based applications with mailing to a taxpayer’s most recent address (which must match the address in the application). Or perhaps the IRS might look at my modest proposal on identity theft. I wrote that nearly four years ago and the IRS has only made the problem worse.

One would think that the IRS proofed important letters and notices before they’re finalized. That didn’t happen with IRS Notice CP 01A, the notice used when sending out an Identity Theft PIN (personal identification number).

The IRS announcement is reproduced in full below:

Due to an error, taxpayers are receiving Identity Protection PIN letters with an incorrect year listed. Taxpayers and tax professionals should be advised the IP PIN listed on the CP 01A Notice dated Jan. 4, 2016, is valid for use on all individual tax returns filed in 2016.

The notice incorrectly indicates the IP PIN issued is to be used for filing the 2014 tax return when the number is actually to be used for the 2015 tax return. The IRS emphasizes the IP PIN listed on the CP 01A notice is valid for the 2015 returns. Taxpayers and their tax professionals should use this PIN number for 2015 tax returns, which the IRS will begin accepting from taxpayers starting Jan. 19, 2016.

The IRS apologizes for the confusion and any inconvenience.

For more information, see the questions and answers below.

Q. When were the CP01A notices mailed?

A. The notices are all dated Jan. 4, 2016, but were mailed in late December. Taxpayers are receiving these now through mid-January.

Q. What does an IP PIN do?

A. An IP PIN helps the IRS verify a taxpayer’s identity and accept their electronic or paper tax return. When you have an IP PIN, it prevents someone else from filing a tax return with your SSN.

If a return is e-filed with your SSN and an incorrect or missing IP PIN, our system will reject it until you submit it with the correct IP PIN or you file on paper. If the same conditions occur on a paper-filed return, we will delay its processing and any refund you may be due for your protection while we determine if it’s yours.

Q. Does this issue affect anything else involving the IP PIN process?

A. No

The IRS will not be sending out replacement letters. Somehow, this all seems apropos when dealing with the IRS.

I must commend CPA Tony Nitti on his “Request for Urgent Business Relationship.” It’s hilarious…but horribly sad.

Why? TIGTA–the Treasury Inspector General for Tax Administration–came out with what is (for me) a scathing report on identity theft and phony tax refunds. Somehow, 655 tax refunds went to a single address in Kaunas, Lithuania. Don’t feel left out if you live in Orlando: 871 went to two separate addresses in that Florida city. There’s a preparer who is apparently responsible for 5,506 bad returns with a social security number and 1,590 with an ITIN (I’m hopeful that TIGTA forwarded information about that preparer to IRS criminal investigation) .

Yet I came up with a simple proposal on identity theft in September 2012 that would, if implemented, stop a lot of identity theft. (Yes, I forwarded my idea to the IRS.) Supposedly the IRS will have some new measures on identity theft for 2013 returns. We shall see….

Most business entities have an Employer Identification Number (EIN) that they use. An EIN is for a business what a social security number is for an individual: It’s their taxpayer identification number. Some sole proprietors must have EINs (if they have employees, have withholding, or certain other situations). The IRS’s official position is that most sole proprietors do not need an EIN.

I beg to differ.

The problem today is identity theft. It’s rampant, and sometimes involves actual theft of your personal information from files. There’s a story out of Miami of a police officer stealing identities; there have been cases where hospital employees and others steal social security numbers. What’s to stop an employee of a business from stealing social security numbers? Nothing but most individuals’ inherent honesty. Unfortunately, I don’t think that’s enough today.

If you are a sole proprietor and you will have to complete a Form W-9 (giving your social security number to someone) or you issue Form 1099s, you should be using an EIN instead of your social security number. There is no cost to obtain an EIN (except about ten minutes of time). You can do so online at the IRS’s website.