Tax Pros and ID Theft

Identity theft has become so rampant that the IRS has a new publication that details how tax professionals and tax preparation companies should act to properly protect taxpayer information.  The publication, in case you like to read this kind of stuff as much as I do (have I mentioned in any of my recent posts that I really do enjoy reading IRS publications?) is Pub 4557 and you can find it by simply Googling (or Bing-ing/Yahooing/whatever search engine you like the most) “pub 4557” without the quotes – it should be the first result – at least it was when I did it.  It will open in your browser’s PDF viewer, or you can download it and read it at your leisure.  It is 20 pages of riveting IRS speak, and contains invaluable information on ID Theft and tax professionals’ responsibilities.  As I went through the list I was happy to see that I am already doing all of the items on each of the 7 checklists, with the exception of the last item on checklist 6, which says: Shred or burn paper documents before discarding them.

As all of my clients already know, I don’t keep any of their paper documents, or even any of my own notes about their taxes on paper – EVERYTHING gets returned to the taxpayer – if you’re a victim of ID Theft from your tax information, and I’m doing your taxes, it is because YOU didn’t protect your information.  Having been a victim of ID Theft myself, I am quite paranoid about my personal information (including those fake credit cards they send out trying to get you to apply for one) and shred every piece, and then, on a random basis, dump a portion of the shredded paper into my compost pile.  Someone trying to steal my ID has about a 2 day window from the time i dump the cross-cut shreds until they are well into their decomposition.

Compare this very healthy paranoia regarding ID Theft with the national preparation companies, who have a lot of ‘first year’ preparers that know they are only going to work about 6 weeks , and have access to every tax return done, not only in the office they work in, but in every office in the district.  When the entire office is busy during those first 6 weeks, who is watching those ‘first year’ associates?  Preparers with more experience are busy with returns which make them money, managers are busy putting out signs, balloons, handling customer complaints or dressing up in a statue costume, standing on the corner flipping a sign to draw in new customers with a promise of a $50 bill.  The ‘first year’ preparer is sitting at a computer terminal thinking about how they are getting paid $9 an hour and averaging 20 hours a week and will only be working 6 weeks or so, wondering how they are going to buy enough gas to go on job interviews the week after they are let go.  Does that sound like a potential ID Theft situation?  Does to me, but then, I’m paranoid.

Another one that made me laugh was on checklist 5 – number 10:

Protect electronic taxpayer information systems connected to the Internet with a barrier device (e.g., firewall, router or gateway).

And for our office the answers are: yes, yes and yes.  Further, our computers are locked and turned off when we go home at night (or should I say ‘IF’ we go home at night) so anyone attempting to hack our server will have to do so while we are there monitoring it.  In my mind (and that of some computer guru’s I’ve talked to) that practice is much more likely to stop a breach and subsequent ID theft than letting the server on 24/7 (like some other tax offices do – not to mention any names, but I know a certain company utilizing green Block lettering to spell out their name, mandates that all offices keep their servers on at all times) even if there are software protections like firewalls, etc.  Just remember all those ‘hacked’ places (Target, the IRS, Wal*Mart and Turbo Tax) that most likely have entire teams dedicated to keeping their systems secure, were hacked nonetheless.  So you have to ask yourself “just how safe is a network that is always on and always connected to the internet?”  In my mind, this is particularly true if those trying to hack the system believe there to be a large cache of identities just waiting to be stolen and then sold, or whatever.  Things to consider: largest national company, servers on all the time, access to one server grants access to all servers and information, and first year associates with access to server passwords knowing they are not going to work after March 10th.  Sorry ‘green BLOCK letters company’ but I’m not trusting you with MY identity information.

I promise you this – I do more to protect your information from ID theft than anyone else I have ever talked to in the tax preparation business.  I most likely protect your information from ID theft more than you do.  But isn’t that the way it should be?  You pay me to do a job for you. Part of that job is protecting you from ID theft.  Anyone, or any company that fails in that does not deserve your business.