ID Theft/Data Security

Stopping the Damage from ID Theft

With so many stories about identity theft in the news these days, it’s clear that we need to do more to prevent the misuse of people’s personal information and assist the victims. Government documents or benefits fraud, the most common type of identity theft problem reported to the Federal Trade Commission (FTC) last year, is particularly worrisome because it’s very difficult for victims to detect and resolve it. For example, the Internal Revenue Service’s (IRS) Inspector General found that it takes the agency nearly a year on average to resolve cases involving scammers who impersonate legitimate taxpayers. That’s a long wait for people whose tax refunds have been stolen or who are experiencing other tax-related problems due to identity theft.

Compromised Social Security numbers are the keys to committing tax and other types of government documents and benefits fraud. This sensitive personal information is vulnerable to both high-tech hacking and low-tech theft from health care providers, tax preparers and others who collect and retain it. To fight tax identity theft, Representative Bill Pascrell, Jr. (D-9th NJ) recently introduced H.R. 3981, the Identity Theft and Tax Fraud Prevention Act of 2015. Modeled on S. 676, which was introduced earlier this year by Senator Bill Nelson (D-FL), the bill would help prevent this crime and assist victims by:

  • Requiring the IRS to resolve these cases within 90 days;
  • Mandating that victims have a single point of contact at the IRS from the start of their cases to the end;
  • Enabling identity theft victims to ask the IRS for PIN numbers to use when filing their tax returns even if they haven’t yet become victims of tax-related fraud;
  • Allowing individuals to opt-out of being able to file tax returns electronically, the predominant means that identity thieves use to file fraudulent returns; and
  • Requiring the IRS to notify individuals if their information has been used in a tax fraud scheme and provide them with the identity of the criminal if someone has been charged.

The legislation, which Consumer Federation of America (CFA) supports, would also make it harder for identity thieves to have fraudulent tax refunds deposited to prepaid cards, limit the number of tax refunds that can be sent to the same account or address, phase out the use of patients’ Social Security numbers by health care providers, allow for truncated  Social Security numbers on W-2 forms, impose new penalties for buying, selling or displaying people’s Social Security numbers without their consent, and increase the penalties for tax identity theft. In addition, it would enable the IRS to regulate paid tax preparers, require those businesses to verify the identities of their clients, and deter them from abusing the IRS’s electronic services to perpetrate tax refund fraud.

When identity theft strikes, free advice for victims is available from the FTC’s www.idtheft.gov website and nonprofit organizations such as the Identity Theft Resource Center. For-profit companies also provide identity theft advice and assistance, for a fee. Consumers can buy these services from many of those companies directly, though they usually only cover identity theft that happens after you subscribe to the service, not “preexisting” identity theft. But increasingly businesses, government agencies, and organizations are purchasing these services to help their customers, clients or members whose personal information they hold in case that information is breached.

CFA has just updated its Best Practices for Identity Theft Services to include, among other changes and additions, a new section on breach services. It calls for identity theft service providers that seek to sell breach services to clearly explain the benefits and limitations of their programs and how the features may help breach victims. It’s crucial for anyone who is considering buying identity theft services, for themselves or others, to understand exactly what the programs offer in order to choose the one that best meets their needs. The Best Practices 2.0 also limit collecting, sharing and using of victims’ personal information to what’s necessary to provide the breach services and address how identity theft service providers should approach soliciting those individuals to buy services after the breach services end.

As I said in a previous blog, consumers can take proactive steps to prevent some fraudulent uses of their personal information – for instance, they can place security freezes on their credit reports to stop identity thieves from opening new credit or other financial accounts in their names. I’d like consumers to be able to place security freezes for free, regardless if they are identity theft victims or not – and in a similar vein, why not allow consumers to request PIN numbers from the IRS to use for filing their tax returns even if they aren’t identity theft victims? Mopping up the damage that identity theft causes is time-consuming and expensive, so doesn’t it make sense to try to prevent the damage in the first place?