Business identity theft poses continuing challenges.

• Author: Brady, Whitney

Business identity theft patterns are constantly evolving, and the IRS has been expanding its efforts to combat the problem. The IRS broadly defines business identity theft as creating, using, or attempting to use a business's identifying information, without authority, to obtain tax benefits. The Treasury Inspector General for Tax Administration (TIGTA) said in a 2015 report that the IRS needed to improve its procedures for detecting and preventing business identity theft (see TIGTA Rep't No. 2015-40-082). In response, the IRS increased the number of identity theft detection filters it uses and updated Internal Revenue Manual (IRM) Section 25.23, Identity Protection and Victim Assistance.

Although the IRS's detection results improved for calendar year 2017, TIGTA concluded in a follow-up audit of the IRS's business identity theft procedures that a significant number of returns should have been screened for business identity fheft but were not and that 23% of cases were not accurately processed (see TIGTA Rep't No. 2018-40-061). Since then, the IRS has further revised its procedures for detecting and preventing business identity fheft. TIGTA continues to view identity theft as a threat to tax administration.

Individual versus business identity theft

Reporting business identity theft differs from initiating an individual identity theft report. Individuals who suspect identity theft can complete a Form 14039, Identity Theft Affidavit, and send it to the address or fax number provided at the bottom of the form. They also can call a dedicated IRS phone line, 800-908-4490, if they have previously contacted the IRS about identity theft and have not achieved a resolution (more information is available at the IRS's "Taxpayer Guide to Identity Theft" webpage at tinyurl.com/vacsuo7).

On the other hand, a business that suspects identity theft does not initially report the matter using a Form 14039 (or even a Form 14039-B, Business Identity Theft Affidavit, which is used for a different purpose). Business taxpayers are often "unaware their identities have been compromised until a notice or bill from the IRS is received," the IRS says (IRM [section]25.23.9.2(4)). Thus, a business taxpayer is frequently reacting to such a notice or bill by contacting the Service to ask to have the event considered as a possible identity theft.

Reporting business identity theft to the IRS

A common type of tax-related identity theft is a fraudulent business return filed to receive refundable credits or to help perpetuate individual identity theft. The scheme may involve Form 1120, U.S. Corporation Income Tax Return; Form 1120S, U.S. Income Tax Return for an S Corporation; Form 1041, U.S. Income Tax Return for Estates and Trusts; and Form 1065, U.S. Return of Partnership Income, as well as Schedule K-1. As the IRS states, a business taxpayer may not even be aware that its identity has been compromised. The Service's "Tax Practitioner Guide to Business Identity Theft" (available at tinyurl.com/y45ah647) tells practitioners to have the business respond to any notices immediately and contact the IRS "using the contact information on the notice or letter" if the business believes its employer identification number (EIN) has been used fraudulendy. Some notice-related indicators include:

* The...