Subscribe and download our eBook, "100+ Tax Deductions for Small Business A to Z."
Get the:

Tax ID thieves Targetng Businesses

Tax ID Thieves Targeting Businesses

Tax ID thieves Targetng BusinessesYou’re probably familiar with the problems that individuals face with identity theft. You file your return electronically and it’s rejected because an ID thief has already filed using your Social Security number. Or you seek a refund which is denied because one has already been paid out to a thief.

The good news is that tax ID theft for individuals is down dramatically (a 46% reduction last year). The bad news is that ID thieves have turned their focus on business tax returns.

Business tax ID theft

Once an ID thief obtains key information about a business, it can then commit tax ID thief, such as:

  • Using an business’s employer identification number (EIN) to file fake fuel tax credits
  • Using an business’s employer identification number (EIN) to file fake corporate returns in order to obtain tax refunds
  • Finding Schedule K-1s of S corporations to file fake tax returns under shareholder names

The IRS said on July 25, 2017: “So far for 2017, the IRS has identified approximately 10,000 business returns as potential identity theft through June 1, compared to about 4,000 for calendar year 2016 and 350 for calendar year 2015. While the number of businesses affected was relatively low, the potential dollar amounts were significant: $137 million for 2017, $268 million for 2016 and $122 million for 2015.”

Signs of business ID thief

The IRS has provided guidance for businesses on what to look for in detecting ID theft; find it in an IRS Fact Sheet.

  • You request a filing extension for your business return, but it’s rejected because a return with your Employer Identification Number (EIN) has already been filed
  • Your e-filed return is rejected because of a duplicate EIN is already on file with the IRS
  • You unexpectedly receive a tax transcript or IRS notice that doesn’t correspond to anything you submitted
  • You don’t receive expected and routine correspondence from the IRS because the thief has changed your address.

Heightened security actions by the IRS

The IRS’s Security Summit, which is comprised not only of IRS, but also state tax administrators, software industry representatives, tax preparation firms, and tax financial product processors, has already increased measures to protect C corporations filing Form 1120. And starting in 2018, new measures will be used to protect all business filers. The IRS and states will be watching more data elements to better identify suspicious returns so that legitimate ones can be processed as usual. Also, CPAs and other tax return preparers will have additional procedures included in their tax preparation software to “know your customers.” These include asking the following questions:

  • The name and Social Security numbers of the company executive authorized to sign the corporate tax return and whether this person is authorized to sign the return.
  • The payment history for the corporation, including whether estimated tax payments made (when, how they were made, and how much was paid)
  • Information about a parent company, if any.
  • Additional information as it relates to deductions claimed on the return.
  • The filing history of the corporation as it relates to other types of business returns (e.g., Form(s) 940, 941, etc.)

Heightened security by businesses

Despite IRS efforts to ensure that only legitimate returns are being filed, it’s up to you to protect your company data and block ID thief attempts. Here are some ideas:

  • Increase computer security. Take measures to keep ID thieves from getting into your data. This includes running the most up-to-date versions of your operating system, web browser, and software.
  • Limit access to company data. While ID thieves usually are outside (and often overseas) individuals, employees have been known to steal sensitive information
  • Encrypt data. This prevents data that might be hacked from being usable by an ID thief. For example, BitLocker Drive Encryption is a Microsoft data protection feature (your computer must have certain hardware in order to use it).
  • Use the cloud. Store data in the cloud, with permission for data access limited.


Taxes are always a burden for small businesses. Now, with ID theft, there’s another level of concern. Be sure to address the security issues for your company. Don’t be afraid to ask your CPA or other tax preparer what security measures the tax person has been taken to protect your data.