Setting Up Firm Procedures to Fight Identity Theft

By Benson S. Goldstein, J.D.

The IRS provides much valuable information at its website about how taxpayers can take steps to counteract identity theft (see, e.g., the resources available here ). According to the IRS, identity thieves use a taxpayer’s identity information to file a false tax return to obtain a refund, or the thieves may use a taxpayer’s identity to obtain a job. Persons bent on fraud often choose the filing season as the perfect time to launch emails and make social media contacts with taxpayers. The IRS’s website, which states that the IRS never uses email or social media to contact taxpayers directly, provides numerous telephone numbers and other ways for taxpayers to inform the government about identity theft or cybercrimes.

While the government will continue to place its primary focus of stopping identity theft on the taxpayer, CPAs can implement a number of procedures within their accounting firms to prevent identity theft as well. According to a recent Tax Analysts article (Hoffman, “Practical Advice for Practitioners Combating Taxpayer Identity Theft,” 135 Tax Notes 1453 (June 18, 2012)), tax professionals should start by educating their clients about identity theft. Danny Snow, a Memphis CPA and immediate past chair of the AICPA IRS Practice and Procedures Committee, told Tax Analysts that a practitioner’s first step in counteracting identity theft problems is to maintain a clean office. His firm does not leave items in open view on desks, and it uses shredders to dispose of unneeded paper. Other tax professionals recommend locking drawers and prohibiting flash drives, which the article said are “easily concealed and stolen.”

The Tax Analysts article recommends that tax professionals use encryption when sending taxpayer information to banks, professionals, and other third parties. Further suggestions include using strong passwords for computers and other applications storing taxpayer information. Snow told Tax Analysts that his firm redacts Social Security numbers, employer identification numbers, and other personal information from tax organizers sent to clients. He also recommends using couriers and certified mail (return receipt requested) to ensure that the right person receives the letters and mail.

Other commentators quoted in the article suggest that tax professionals use the latest anti-virus and security software on their computers, as well as educate firm staff about how to avoid internet schemes.

Once a client becomes a victim of identity theft, it can take months to sort through the damage. If a client receives an identity theft notice from the IRS, the client should call the number on the notice. Otherwise, a potential victim of identity theft should call the IRS at 800-908-4490 and complete Form 14039, Identity Theft Affidavit . Tax Analysts states that the IRS will use the information on the form to “flag” the taxpayer’s accounts for “questionable activity.” Victims also should notify their banks, credit card companies, credit bureaus, and local police, according to the tax publication.



Benson Goldstein is senior technical manager (taxation) at the AICPA in Washington, D.C., and is staff liaison to the AICPA IRS Practice and Procedures Committee. For more information about this column, contact Mr. Goldstein at

Tax Insider Articles


Business meal deductions after the TCJA

This article discusses the history of the deduction of business meal expenses and the new rules under the TCJA and the regulations and provides a framework for documenting and substantiating the deduction.


Quirks spurred by COVID-19 tax relief

This article discusses some procedural and administrative quirks that have emerged with the new tax legislative, regulatory, and procedural guidance related to COVID-19.