Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  

Part 10. Security, Privacy and Assurance

Chapter 5. Privacy, Information Protection and Data Security (PIPDS)

Section 3. Identity Protection Program

10.5.3  Identity Protection Program

10.5.3.1  (12-10-2010)
Background of the Identity Protection Program

  1. Purpose. This manual defines the mission, objectives, and governance structure of the Identity Protection Program. It provides the organizational framework for carrying out specific policies and procedures aimed at preventing identity theft, protecting taxpayers and providing assistance to victims of identity theft.

  2. Scope. The provisions in this manual apply Servicewide.

  3. Accountability. Safeguarding and preventing the unauthorized disclosure of PII is a responsibility that is shared by all IRS employees and contractors. Lost or disclosed PII may be used to perpetrate identity theft or other forms of fraud if the information falls into unauthorized hands.

10.5.3.1.1  (12-10-2010)
Definitions of Key Identity Protection Terms

  1. Identity Theft. A fraud that is committed or attempted, using a person's identifying information without authority.

  2. Personally Identifiable Information (PII). The definition of personally identifiable information is provided by OMB 07-16. For further information about PII, see the PIPDS web page called PII - What is personally identifiable information?.

  3. For a full listing of Identity Protection terms, see Exhibit 10.5.3-1, Glossary of Identity Protection Terms and Definitions.

10.5.3.1.2  (12-10-2010)
Origins of the Identity Protection Program

  1. Federal agencies have been instructed by the Office of Management and Budget (OMB) and the Department of the Treasury to address the increasing occurrence of identity theft.

  2. The Identity Protection Program was created in response to these directives and recommendations and to ensure IRS compliance with the President's Identity Theft Task Force Report.

  3. Identity theft creates a heavy financial and emotional toll on its victims and severely burdens our economy. Because the IRS touches almost all Americans, we developed an Identity Protection Vision document to combat tax-related fraud and to assist taxpayers who are identity theft victims. See IRM 10.5.3.2.5(1)(b) #3 for more information about this document. The IRS is focused on prevention and assistance activities including a comprehensive approach to protecting taxpayer information. The IRS will enhance efforts through three primary goals:

    • victim assistance

    • outreach

    • prevention

10.5.3.1.3  (12-10-2010)
Identity Protection Program Responsibilities

  1. Identity Protection. This office in Privacy, Information Protection & Data Security (PIPDS) has the following specific responsibilities related to administering the Identity Protection Program in IRS:

    1. Building programs to reduce incidents of identity theft

    2. Defining, communicating, and assigning responsibility for the IRS' substantiated identity theft incident tracking program

    3. Raising taxpayer awareness of identity theft techniques through outreach

    4. Reducing taxpayer burden and improving service options while addressing and resolving identity theft cases

    5. Protecting Treasury revenue by identifying suspicious filings before the refunds are generated

    6. Increasing operational efficiency of the IRS by detecting and processing reported identity theft incidents as early and consistently as possible

    7. Carrying out activities as required by the Privacy and Information Protection Advisory Committee, which oversees the development and execution of the Identity Protection Program

    8. Identifying emerging trends and developing appropriate strategies and responses

    9. Developing, defining, monitoring, and executing identity theft policies and procedures

    10. Conducting risk assessments on IRS business processes

    11. Communicating and coordinating with both internal and external stakeholders (such as the Federal Trade Commission) to ensure consistency regarding identity theft issues

    12. Determining identity theft performance measures to assess the effectiveness of the program and identity theft initiatives throughout the IRS, and making recommendations for improvement as appropriate

    13. Overseeing the maintenance, publication, and conveyance of the Servicewide Identity Theft Guidance Internal Revenue Manual, ensuring that the information that it contains remains current

  2. Identity Protection Specialized Unit (IPSU). The Identity Protection Program will strive to provide a uniform and consistent approach to victim assistance as it relates to identity theft tax issues. Further, the Identity Protection Program supports the IPSU, to provide victim assistance to include taxpayers who have not experienced any problems with, or received communications from, the IRS concerning their taxes but may become victims in the future due to a data loss such as a lost or stolen purse/wallet, questionable credit card activity, etc. The Identity Protection Program also supports the Accounts Management Taxpayer Assurance Program (AM TAP), as they identify questionable returns and adjust the accounts of identity theft victims. See IRM 21.9.2, Accounts Management Identity Theft, for more information about the IPSU.

10.5.3.2  (12-10-2010)
Identity Protection Program Servicewide Identity Theft Guidance

  1. Identity Theft Guidance is organized into the following subsections:

    1. Identity Theft and Substantiation Documentation

    2. Identity Theft Incident Tracking Indicators

    3. Identity Theft Frequently Asked Questions

    4. Identity Theft Issues/Responses

    5. Identity Theft Information Links

    6. Technical Working Group for Identity Theft Victim Assistance

10.5.3.2.1  (12-10-2010)
Identity Theft and Substantiation Documentation

  1. Identity theft occurs when someone uses an individual’s personal information, such as name, Social Security number (SSN), or other identifying information without permission, to commit fraud or other crimes.

  2. Taxpayers may notify the IRS when they believe they may have experienced an identity theft incident. In these instances, taxpayers must provide documentation to establish that they are identity theft victims.

    Note:

    If taxpayers do not provide substantiation documentation when requested, proceed with case resolution assuming the taxpayer is not an identity theft victim.

  3. The procedures for collecting documentation to substantiate identity theft incidents identified by the taxpayer/victim are detailed in the paragraphs below.

  4. The following documentation is required for a victim to substantiate identity theft:

    1. Authentication of Identity – a copy of a valid U.S. federal or state government issued form of identification (examples include a driver’s license, state identification card, social security card, or passport)

    2. Evidence of Identity Theft – a copy of a police report or completed Form 14039, IRS Identity Theft Affidavit

      Note:

      The IRS affidavit, Form 14039, is accepted from taxpayers as an additional form for substantiation of identity theft. This abbreviated form has been developed to reduce taxpayer burden and collect only the information necessary for taxpayers to attest to the IRS that they either have experienced or are at risk of harm from identity theft. IRS only accepts the IRS affidavit or a police report for substantiation purposes. IRS no longer accepts the FTC affidavit for substantiation purposes. The IRS affidavit is also available in Spanish, Form 14039SP.

      Note:

      When taxpayers contact the IRS indicating they have lost their wallet, experienced suspicious activity on their credit report, or have a tax account administration issue, Customer Service Representatives (CSRs) should direct them to fill out the IRS affidavit. As a reminder, this is not necessary if they have already obtained a police report. The police report is, and will remain, a valid form of identity theft substantiation. Taxpayers who submit police reports should not be directed to complete an IRS affidavit. Requirements for proof of identity (in addition to documentation substantiating identity theft) remain the same.

  5. The business unit function that is assigned the identity theft case (relevant open control) or issued the notice/letter relating to the identity theft (CP 2000, Audit Notice, Letter 239c, etc.) is responsible for collecting substantiation documentation in a timely, accurate, and secure manner.

    1. Refer to function-specific IRM sections for guidance on collecting and handling substantiation documentation. The chart below identifies and provides links to applicable IRM sections.

      Function/Program Reference IRM
      Automated Collection System/Compliance Services Collection Operations IRM 5.19.1.9.2, Identity Theft Documentation, and IRM 5.19.2.7, Identity Theft Procedures
      Accounts Management IRM 21.9.2.1, Identity Theft - General Information
      Appeals IRM 8.1.6.4, Identity Theft Cases
      Automated Substitute for Return IRM 5.18.1.10.2.3.13.5, Identity Theft
      Automated Underreporter IRM 4.19.3.20.1.23, Stolen Identity
      Collection IRM 5.1.12.2.1.1, Substantiation Documentation
      Correspondence Exam IRM 4.19.13.25, Identity Theft
      e-Help Desk IRM 3.42.8.3.1.2, Identity Theft
      Examination IRM 4.10.2.8.6, Taxpayer Identity Stolen
      Field Assistance IRM 21.3.4.32, Identity Theft Overview
      Identity Protection Specialized Unit (IPSU) IRM 21.9.2.2, Identity Theft - Expanded Procedures
      Withholding Compliance IRM 5.19.11.10.13, Identity Theft

  6. Substantiation documentation:

    1. Must be legible

    2. Must be secured and handled in the same manner as other sensitive taxpayer information

    3. Can be accepted from the taxpayer or someone who has power of attorney for the taxpayer (e.g., Form 2848, Power of Attorney and Declaration of Representative)

  7. A taxpayer is required to provide substantiation documentation to the IRS only once per incident. This documentation should be used by any business unit that requires substantiation documentation for an identity theft incident.

    Example:

    A taxpayer provides substantiation documentation to Automated Underreporter (AUR). The next year, Automated Collection System (ACS) receives a call from the taxpayer about a balance due notice and indicates he or she does not owe because of identity theft related to the same incident reported to AUR. The taxpayer does not need to submit substantiation documentation again.

  8. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    Example:

    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

10.5.3.2.2  (12-10-2010)
Identity Theft Incident Tracking Indicators

  1. The Identity Protection Program developed and implemented identity theft indicator codes to centrally mark and track identity theft incidents. Each indicator is input as a Transaction Code (TC) with Action Code (AC) and displayed on Integrated Data Retrieval System (IDRS) command code ENMOD of the affected taxpayer's account. Below is a chart listing each indicator and its description.

    Note:

    When the identity theft victim is the secondary SSN on a joint account, the identity theft indicator is input on the secondary SSN. Identity theft indicators are not input on the primary SSN in these instances. If both primary and secondary taxpayers are victims, place the indicator on both SSNs. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    Indicator Description Tax Administration Impact Required: Substantiation Documentation Required: Input by:
    TC 971 AC 501 The taxpayer identifies himself or herself as a victim of identity theft.

    Example: The taxpayer receives an IRS notice of underreported income.     		Yes Yes Any Business Unit or Function
    TC 971 AC 504 The taxpayer identifies himself or herself as a victim of identity theft.

    Example: The taxpayer loses his or her wallet.     		No Yes Limited and reserved for use by the Identity Protection Specialized Unit (IPSU)
    TC 971 AC 505

    Note:

    For information about this indicator, see IRM 10.5.4.5.1.1, Applying Tracking Indicators to IRS Data Loss Incidents.

    		 IRS identifies a taxpayer whose PII was lost or disclosed because of an IRS data loss incident.

    Example: IRS loses a paper case file that contains taxpayer PII.     		No No Limited and reserved for use by Privacy, Information Protection & Data Security
    TC 971 AC 506 IRS identifies and confirms a taxpayer who is an identity theft victim.

    Example: CI identifies a taxpayer affected by a refund scheme.     		Yes No Limited and reserved for use by Criminal Investigation, Accounts Management, Accounts Management Taxpayer Assurance Program (AM TAP) and Submission Processing
    TC 971 AC 522 This indicator is input by IRS when the identity theft documentation has been received from the taxpayer. This indicator will indicate only that the substantiation documentation was received. No Yes Any Business Unit or Function

  2. For further detail about each of these indicators, see IRM sections 10.5.3.2.2.1 through 10.5.3.2.2.4.

10.5.3.2.2.1  (12-10-2010)
Taxpayer-Identified Identity Theft Affecting Tax Administration

  1. TC 971 AC 501 is applied to a taxpayer's account when all of the following occurs:

    1. The taxpayer contacts the IRS claiming that he or she is a victim of identity theft.

    2. The taxpayer's identity theft affects tax administration.

    3. The taxpayer provides substantiation documentation.

      Note:

      There may be instances where the identity thief, who assumes another taxpayer's SSN, contacts the IRS. In these instances, TC 971 AC 501 is not applied to the taxpayer's account. Additionally, IRS employees should not notify the taxpayer in these situations. Instead, these incidents should be reported to the Fraud Detection Center (FDC) or local Criminal Investigation field office. The IRS currently only notifies taxpayers whose SSNs are fraudulently used by another individual through its systemic refund fraud process, TIN-related problem procedures, and certain unpostable notification processes. See IRM 10.5.3.2.2.4 for information on this type of victim notification.


    4. TC 971 AC 501 will only be input when the account is adjusted (if applicable) and closed. This indicator indicates that the account has been adjusted to reflect corrected taxpayer account information. Currently, in many cases, the account has not been adjusted when the substantiation documentation is received and the TC 971 AC 501 is input. Consequently, if the account is not adjusted prior to the input of the indicator, the victim notification letter could be issued to an incorrect address, and/or the business rules intended to protect the taxpayer's account could potentially allow an identity thief's return to post and the legitimate taxpayer's return to unpost.

  2. Identity theft can affect tax administration in two primary ways:

    1. Employment-related or Income-related – This occurs when the identity thief uses the victim’s SSN to obtain employment, resulting in what may appear as unreported income under the victim's account.

    2. Refund-related – This occurs when the identity thief uses the victim’s SSN to file a false federal income tax return to obtain funds. If the thief files before the victim, the victim may not timely receive his or her refund.

  3. Identity theft may affect a taxpayer's account based on any of the following tax administration source criteria:

    1. Multiple filings (two or more tax returns filed for one taxpayer)

    2. Underreporting of income

    3. No filing requirement

    4. Other tax administration source

    Note:

    For an explanation of these criteria, See Exhibit 10.5.3-3(3).

  4. TC 971 AC 501 is input and displayed on IDRS command code ENMOD, and contains all of the following data elements:

    • Business Operating Division (BOD)/Function

    • Program Name

    • Tax Administration Source

    • Tax Year affected by the identity theft incident

    Note:

    For acronyms and descriptions of these data elements, see Exhibit 10.5.3-3.

  5. TC 971 AC 501 can be input by any business unit when identity theft issues are encountered during the course of taxpayer case resolution.

    Example:

    A victim’s SSN is used to file a fabricated return to wrongfully obtain a refund, resulting in the duplicate filing of returns. The victim contacts Accounts Management and provides them with identity theft substantiation documentation.

  6. There can be more than one TC 971 AC 501 input or present for different functions in the same year.

    Example:

    A taxpayer provides substantiation documentation for identity theft after Accounts Management (AM) determined there was a case of identity theft for this taxpayer based on a duplicate filing. AM inputs TC 971 AC 501. This will appear on the taxpayer's account as TC 971 AC 501 WI AMADJ MULTFL 12312008. Later that year, an Automated Underreporter (AUR) notice is created for the taxpayer due to the identity theft-related case. AUR inputs TC 971 AC 501 for the underreporter issue, which will appear on the taxpayer's account as TC 971 AC 501 WI AUR INCOME 12312008, resulting in two TC 971 AC 501s for different functions during the same year.

  7. There can be more than one TC 971 AC 501 input or present for different tax years by the same business function.

    Example:

    A taxpayer provides substantiation documentation for identity theft after his or her tax year 2005 electronic return was rejected due to a duplicate filing. A TC 971 AC 501 would then be placed on the account. The following tax year (2006), there is another duplicate filing on this SSN. Another TC 971 AC 501 would be placed on the taxpayer’s account for tax year 2006, resulting in two indicators being present on the account.

  8. Before requesting substantiation documentation or inputting TC 971 AC 501, review the taxpayer's account (ENMOD) to determine if a TC 971 (AC 501, 504, 505, or 506) identity theft indicator already exists. If any of these indicators exists, follow the chart below:

    IF THEN
    TC 971 AC 501 is present

    1. Do not collect substantiation documentation.

    2. Only input TC 971 AC 501 for a different tax administration source and/or tax period than the existing TC 971 AC 501(s).
    TC 971 AC 504 is present

    1. Do not collect substantiation documentation.

    2. Input TC 971 AC 501.
    TC 971 AC 505 is present

    Note:

    For more information about this indicator, see IRM 10.5.4.5.1.1, Applying Tracking Indicators to IRS Data Loss Incidents

    1. Collect substantiation documentation.

    2. Input TC 971 AC 501.

    3. Notify the Identity Protection office immediately at Outlook directory mailbox *PIPDS Identity Protection Program. Send an encrypted E-mail to the Identity Protection office with the following information: taxpayer name, SSN, substantiation documentation used to substantiate theft and identity, and any other information available based on your contact with the taxpayer.

    Caution:

    Do NOT show any PII information of the taxpayer on the subject line of the E-mail. Show the subject line as, "AC 501 with AC 505 on taxpayer account."

    TC 971 AC 506 is present

    1. Do not collect substantiation documentation.

    2. Input TC 971 AC 501.

    Exception:

    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    TC 971 AC 522 is present

    1. Do not collect substantiation documentation.

    2. Input TC 971 AC 501 after the identity theft issue has been resolved.

  9. Reviewing ENMOD is necessary to help prevent duplicative (identical) TC 971 AC 501 entries. While there may be multiple TC 971 AC 501s on an account, none should be identical, e.g., they will pertain to different tax years, arise from different tax administration sources.

  10. To input TC 971 AC 501, collect substantiation documentation (if needed) as referenced in IRM 10.5.3.2.1(4) and follow instructions in Exhibit 10.5.3-4.

10.5.3.2.2.1.1  (12-10-2010)
Actions Taken after TC 971 AC 501 Placed on Account

  1. Notice CP 01,TC 971 AC 501 Acknowledgement Notification, is used for victim notification. CP 01 systemically generates between 2 and 12 posting cycles after the TC 971 AC 501 is input, depending upon when the taxpayer's account adjustment is completed. CP 01 contains the following information:

    1. Confirmation that the substantiation documentation was received and accepted

    2. Information about how the IRS will monitor the taxpayer's account and income tax returns

    3. Information about identity theft prevention and available identity theft-related resources

    Note:

    Letter 4445c, Acknowledgement Notification, was previously used for victim notification for TC 971 AC 501s input through June 30, 2009. Letter 4445c may be used in those instances where taxpayers indicate they never received Notice CP 01.

  2. The taxpayer should continue to file tax returns each tax year, as appropriate.

  3. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    1. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    2. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  4. The presence and date of the TC 971 AC 501 on an account should be used as a data point, along with other key information, to make case-related decisions. The existence of the identity theft indicator should not supersede or replace existing procedures for case resolution. Reference function-specific IRM procedures when working cases with identity theft issues. See IRM 10.5.3.2.5(1)(c) for a listing of these IRM sections.

  5. Certain functions will use the TC 971 AC 501 for reference and tracking purposes. For example, Automated Underreporter uses the indicator as a factor in selecting and prioritizing inventory.

10.5.3.2.2.1.2  (05-15-2009)
Manually Reversing TC 971 AC 501

  1. In some instances, it may be necessary to manually reverse TC 971 AC 501. Reversal may be necessary because of any of the following reasons:

    1. The taxpayer requests reversal.

    2. There was a keying or internal error in the input of the TC 971 AC 501.

    3. The original identity theft claim was fraudulent.

    4. The TC 971 AC 501 has an internally identified negative affect on the taxpayer.

    5. There are other reasonable circumstances not listed above.

  2. If reversal is required, see Exhibit 10.5.3-5 for TC 972 AC 501 reversal input instructions.

10.5.3.2.2.1.3  (12-10-2010)
The Identity Protection Specialized Unit (IPSU) and Referrals to other Functions

  1. The Identity Protection Specialized Unit (IPSU) in Wage & Investment, Accounts Management, was established on October 1, 2008, to assist taxpayers who are, or may become, victims of identity theft. Part of IPSU's responsibilities include monitoring and controlling cases where taxpayers call in or write to the unit and open controls in other functions are already on the case. The IPSU will refer those types of cases via Form 14027-B,Identity Theft Case Referral, to other functions when an individual with a tax-related identity theft issue has called the IPSU. The form is used to notify functions that an IPSU caseworker will be monitoring case activity and following up on a regular basis. Form 14027-B will be routed through designated Identity Theft Liaisons (see SERP/Who/Where - Identity Theft Liaisons - Functional) and forwarded to functional employees within two business days of receipt.

    1. IPSU case workers will maintain a control in "B" (background) status only and will use case history information recorded by the functional employees to provide callers with the status of their account and progress toward resolution of their specific issues. IPSU case workers will not take adjustment action or otherwise disrupt the normal processing of the case in question.

    2. IPSU will fax Form 14027-B to the functional liaison. The functional liaison will assign it to an employee within two business days, and the employee will acknowledge receipt within two business days. Every 60 days, the function will update IDRS and/or Account Management Services(AMS), even if the status has not changed, such as WTTPREPLY (waiting for taxpayer reply). If 60 days pass with no updates, IPSU will contact the functional liaison for follow-up.

  2. Cases where taxpayers are victims of identity theft, and NO open controls exist on their cases, are considered another work stream coming into the IPSU directly from the taxpayer, which need to be addressed.

    Example:

    ACS issues a collection notice to a taxpayer showing a balance due. The taxpayer submits documentation and/or a copy of the IRS notice directly to the IPSU P.O. Box or fax number and indicates that the additional assessed tax is not his or hers. The taxpayer also indicates that someone is using his or her SSN for employment purposes. If no open control is showing on IDRS, this will enter the IPSU work stream.

    1. IPSU case workers will open a control "B" (background) status and initiate a Form 14027-B to the function that initiated the correspondence to the taxpayer, or where the tax issue is normally worked or addressed. Functional employees will work the case similar to those cases with open controls.

  3. See IRM 21.9.2.2, Identity Theft-Expanded Procedures, for additional information regarding the duties and responsibilities of the IPSU, including the monitoring of identity theft cases with open controls referred from the IPSU to other functions.

10.5.3.2.2.1.4  (12-10-2010)
Functional Responsibilities Regarding Referrals from the IPSU

  1. When functional employees receive a Form 14027-B from their functional liaison, they are responsible for the following:

    1. Acknowledging receipt of the form (within two business days of receipt) by filling out Section V on page 2 of the form and notating receipt of Form 14027-B on IDRS or AMS

    2. Recording periodic history entries (every 60 days) on IDRS or AMS

    3. Returning the form to the IPSU caseworker upon resolution of the case

      Note:

      If the case received in the unit is forwarded to another function for action, functional employees will return Form 14027-B, with section VI completed, to the IPSU identity theft caseworker through their liaison.


    4. When the case is resolved by the responsible function and the control is closed, the functional employee will complete Form 14027-B through Section VIII and return it to the IPSU through their liaison, within two business days.

  2. When functional employees receive a Form 14103, Identity Theft Assistance Request (ITAR), from the IPSU, functional employees will take the following actions:

    1. Acknowledge receipt of identity theft cases referred using Form 14103 within 5 business days via secured E-mail or fax number provided by the AM IPSU employee on the Form 14103, Section II, Box 3

    2. Process identity theft cases referred using Form 14103 as priority (similar to a TAS OAR)

    3. Review Section IV, Specific Assistance Requested, and determine whether the recommended action is appropriate and the requested completion date is reasonable

    4. Contact the IPSU employee shown in Section II if there are questions regarding the recommended action or if additional time is required. The function and IPSU employees should reach an agreement on the substantive case issues, recommended actions and follow-up and completion dates.

    5. Provide the taxpayer with official closing documents as directed in their IRM and providing copies to the AM IPSU Caseworker

    6. Return Form 14103 to the IPSU case worker with all required fields completed via fax number shown in Section II, Box 3

      Note:

      Refer to IRM 21.9.2.10 for further information regarding the Identity Theft Assistance Request.

10.5.3.2.2.2  (12-10-2010)
Taxpayer-Identified Identity Theft Not Affecting Tax Administration

  1. TC 971 AC 504 is applied to a taxpayer’s account when the taxpayer contacts the IRS claiming that he or she is a victim of identity theft, and there is no known effect to tax administration.

    Example:

    A taxpayer lost his or her wallet on the subway and is concerned the loss may lead to identity theft in the future, or has noticed recent questionable credit card activity on one or more accounts.

  2. TC 971 AC 504 will be visible for reference in the event the incident becomes a tax administration concern. See Exhibit 10.5.3-6 and Exhibit 10.5.3-7 for information regarding this indicator.

  3. Input of this indicator is limited and reserved for use by the IPSU, which is comprised of two key functions:

    1. Identity Protection Specialized Unit, 1-800-908-4490 - a unit established specifically to receive identity theft-related calls. By contacting this unit, the taxpayer will be able to access automated messages as well as customer service representatives (CSRs). This toll-free number enables individuals who have experienced identity theft, but do not have a current tax-related issue, to report the incident to the IRS.

    2. Specialized identity theft caseworkers - employees who will process standard identity theft documentation and input the TC 971 AC 504 incident tracking indicator. Caseworkers will obtain identity theft substantiation documentation as referenced in IRM 10.5.3.2.1(4).

  4. See IRM 21.9.2.2, Identity Theft-Expanded Procedures, for additional information regarding the duties and responsibilities of the IPSU.

  5. If IRS employees are contacted by a taxpayer indicating a non-tax related identity theft, advise the taxpayer about the substantiation documentation required to place an identity theft marker on his or her account. See IRM 21.9.2.3.1, Self Identified - Non-Tax Related Identity Theft, for additional guidance on this process. IRS employees may also refer the taxpayer to the IPSU at 1-800-908-4490, for additional information.

    Exception:

    Field Assistance employees should refer to their IRM 21.3.4.32.4, Non-Tax Related Identity Theft Issues, for procedures on how to assist taxpayers who may walk into a Field Assistance office (Taxpayer Assistance Center) with a non-tax related identity theft issue.

  6. In some instances, it may be necessary to manually reverse TC 971 AC 504. If reversal is indicated (TC 972 AC 504), see Exhibit 10.5.3-7 for a description of reasons for the reversal.

10.5.3.2.2.3  (12-10-2010)
IRS Data Loss Incidents

  1. TC 971 AC 505 is applied to a taxpayer’s account when all of the following occurs:

    1. A taxpayer’s PII was lost, breached, disclosed, or stolen.

    2. The incident risk assessment results in a high risk of harm to the potentially impacted taxpayer.

    3. The IRS notifies the taxpayer of this data loss incident.

    Example:

    Taxpayer case files containing PII were lost while being shipped from one location to another. Since the incident risk assessment resulted in a high risk of harm, the Incident Management Program will send notification letters to the potentially impacted taxpayers.

  2. Input of TC 971 AC 505 is limited and reserved for use by Privacy, Information Protection & Data Security (PIPDS) employees. However, this indicator will be visible and available for reference on the individual’s account. See Exhibits 10.5.3-8 and 10.5.3-9 for more information about this indicator.

    Note:

    When a TC 971 AC 505 is input on an account, PIPDS does not ask for or require identity theft substantiation documentation, as identity theft may not have occurred as of the date of the input of this action code.

  3. For information on the Incident Management Program see IRM 10.5.4, Incident Management Program. For information on the IRS data loss process, see that same IRM section, or view the Incident Management Breach Process flow chart.

10.5.3.2.2.4  (12-10-2010)
IRS-Identified Identity Theft Affecting Tax Administration

  1. TC 971 AC 506 is applied to a taxpayer's account when the IRS identifies identity theft incidents that have tax administration affect. Such incidents can result from any of the following:

    • phishing and refund schemes

    • verified false returns

    • mixed entity research

    • certain unpostable returns

  2. TC 971 AC 506 is limited and reserved for use by the following functions:

    • Criminal Investigation (CI)

    • Accounts Management (AM)

    • Accounts Management Taxpayer Assurance Program (AM TAP)

    • Submission Processing (SP)

    However, the indicator is visible and available for reference on the taxpayer's account. See IRM sections 10.5.3.2.2.4.1, 10.5.3.2.2.4.2, and 10.5.3.2.2.4.3 below for information on how each of these functions uses the TC 971 AC 506.

    Note:

    When TC 971 AC 506 is input on an account, IRS does not ask for or require identity theft substantiation documentation.

  3. The function that inputs the TC 971 AC 506 will notify the taxpayer (victim), by letter, that someone may have attempted to use his or her SSN. This victim notification letter includes information about identity theft prevention and available identity theft-related resources. Although the victim notification letter is unique for each function, each informs the taxpayer that he or she may be a victim of identity theft and that IRS has placed an identity theft indicator on his or her account. Victim notification letters and issuance procedures are contained in Accounts Management, Accounts Management Taxpayer Assurance Program, and Submission Processing IRM sections. See IRM sections 10.5.3.2.2.4.2 and 10.5.3.2.2.4.3 below for more information and function-specific IRM references.

    Note:

    Victim notification letters for CI-identified taxpayers (Letter 4310c, Identity Theft Refund Crimes Post-Adjustment Letter) are currently issued by PIPDS.

    Exception:

    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  4. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    1. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  5. In some instances, it may be necessary to manually reverse TC 971 AC 506. If reversal (TC 972 AC 506) is indicated, see Exhibit 10.5.3-11 for a description of reasons for the reversal.

10.5.3.2.2.4.1  (12-10-2010)
Identity Theft Identified by Criminal Investigation

  1. TC 971 AC 506 is applied to a taxpayer's account when Criminal Investigation (CI) identifies identity theft incidents that have tax administration effect. Such incidents can occur when a taxpayer's identity is stolen via phishing or refund schemes verified by CI.

  2. CI inputs TC 971 AC 506 on an account regardless of the existence of any other identity theft indicator code (AC 501, 504, or 505) that may be present on the account.

  3. See Exhibits 10.5.3-10 and 10.5.3-11 for more information about this identity theft indicator.

10.5.3.2.2.4.2  (12-10-2010)
Identity Theft Identified by Accounts Management

  1. Accounts Management inputs a TC 971 AC 506 identity theft indicator on the account of the "determined owner" of an SSN, following procedures for TIN-related problem cases. Specifically, Accounts Management (AM) conducts research to determine the owner of the SSN. If ownership is determined and research indicates that intentional misuse of the SSN is involved, AM inputs a TC 971 AC 506. For additional information:

    • See IRM 21.6.2.4.3, Mixed Entity Procedures, and IRM 21.6.2.4.4, Scrambled SSN Case Procedures, for Accounts Management procedures.

    • See Exhibits 10.5.3-10 and 10.5.3-11 for more information about this identity theft indicator.

  2. Effective October 11, 2009, the Accounts Management Taxpayer Assurance Program (AM TAP) was established to handle Questionable Refund Program processes that migrated from the Criminal Investigation Fraud Detection Centers. AM TAP handles identity theft account work processes and conducts research to verify the validity of tax return information. Specifically, AM TAP inputs a TC 971 AC 506 identity theft indicator on a taxpayer’s account when a false tax return has been identified by the IRS, and the tax return was not filed by the valid taxpayer. See IRM 21.9.1, Taxpayer Assurance Program, for additional procedures.

10.5.3.2.2.4.3  (12-10-2010)
Identity Theft Identified by Submission Processing

  1. Submission Processing inputs TC 971 AC 506 identity theft indicator on the account of a taxpayer, with an unreversed TC 971 AC 501, when the unpostable resolution meets certain conditions. See IRM 10.5.3.2.2.1.1(3)(a) for the type of tax return that meets this condition.

  2. See the following IRM sections for specific instructions:

    • IRM 3.12.37.14.10.1, Unpostable Code 147 Reason Code 1

    • IRM 3.12.179.43.1, UPC 147 RC 1 - Possible Identification Theft Procedures for TC 971 Action Codes 501 or 506

    • IRM 3.13.5.23.1.6, Assignment of an IRSN for Possible Identity Theft

    • IRM 21.9.2.5, Unpostable 147 Reason Code 1 - (UPC 147 RC 1)

  3. See Exhibits 10.5.3-10 and 10.5.3-11 for more information about this identity theft indicator.

10.5.3.2.2.4.4  ≡ ≡ ≡ ≡ ≡ ≡
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  1. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  2. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

      Note:

      ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  3. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

      Note:

      ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    • ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

10.5.3.2.2.5  (06-24-2010)
Taxpayer or IRS-Identified Identity Theft - Substantiation Received, Account Not Yet Resolved

  1. In some cases where the IRS or the taxpayer has determined that identity theft exists, but the case has not been resolved, a TC 971 AC 522 may be applicable. If the taxpayer submits proper substantiation documentation, but the identity theft issue may take some time to resolve, the input of a TC 971 AC 522 is applicable.

  2. The TC 971 AC 522 is applied to a taxpayer's account when substantiation documentation has been received by the IRS and the adjustment and resolution of the identity theft case will be made by a function other than the one receiving the substantiation documentation.

  3. The following if/then table will assist in determining when the input of the AC 522 is applicable in most cases:

    IF THEN
    Business Unit A collects substantiation documentation and sends the case to Business Unit B for adjustment and closure of a tax administration issue, or the Identity Protection Specialized Unit (IPSU) if there is no tax administration issue Business Unit A inputs AC 522 upon receipt of complete substantiation documentation and Business Unit B inputs AC 501 after closure, or IPSU inputs AC 504 after confirmation that there is no tax administration issue
    Business Unit A collects substantiation documentation, adjusts (if applicable) and closes the account. Reminder: Any necessary Entity changes must post prior to the posting of the AC 501. This will ensure the notice generated by the AC 501 is issued to the correct name and address. Input AC 501
    Business Unit A collects substantiation and the tax administration issue is resolved or no adjustment activity is required Input AC 501

    Note:

    Use of AC 501 in this instance should not be confused with the use of AC 504, which is only applicable when the taxpayer has no tax administration issues and is input exclusively by the IPSU.

  4. A notification letter that the substantiation is received is not sent to the taxpayer when an AC 522 is input. A notification letter is sent once the case is resolved (the AC 501 is input).

10.5.3.2.3  (12-10-2010)
Identity Theft Frequently Asked Questions

  1. What sources can I reference to get general information regarding identity theft and identity theft-related topics?

    Within the IRS intranet, the following provides information:

    • Office of Privacy, Information Protection & Data Security (PIPDS), Identity Protection (Identity Theft) - homepage for its identity theft program

    • IRM 1.2.25.2 - IRS Policy Statement on assisting taxpayers who report they are victims of identity theft
    There are also a host of external websites that provide general information on identity theft. These include:

  2. How is the IRS tracking and monitoring identity theft or data loss cases?

    1. The IRS will track identity theft or data loss incidents using Servicewide indicators on the IMF. Specifically, these codes will be placed on the IMF as Transaction Code (TC) 971 with an Action Code (AC) of 501, 504, 505, or 506. Taxpayers who have experienced identity theft affecting tax administration will have their returns filtered to distinguish legitimate returns from fraudulent ones. See IRM 10.5.3.2.2 for detailed descriptions of each indicator.


  3. When should the taxpayer submit identity theft substantiation documentation?
    The taxpayer is required to provide substantiation documentation in two scenarios:

    1. If the taxpayer reports that his or her identity has been stolen and there is a known effect on tax administration, see IRM 10.5.3.2.2.1 (TC 971 AC 501), or

    2. If the taxpayer reports that his or her identity has been stolen and there is no known effect on tax administration, see IRM 10.5.3.2.2.2 (TC 971 AC 504).

      Note:

      Substantiation documentation is not required for the input of the AC 505 and AC 506. See IRM 10.5.3.2.2.3 and IRM 10.5.3.2.2.4 for additional information about how these indicators are used.


  4. A taxpayer claimed he or she is a victim of identity theft, provided substantiation documentation, and the TC 971 AC 501 has been placed on the account. What happens next?

    1. Within 12 posting cycles after the TC 971 AC 501 has been entered, the taxpayer will receive an acknowledgement notification from the IRS to confirm that the documentation has been received and accepted. The acknowledgement letter also contains information about identity theft prevention and available identity theft-related resources.

    2. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    3. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡


  5. Can there be more than one identity theft TC 971 placed on a taxpayer’s account?

    1. Yes, there can be multiple identity-theft related TC 971s input/present on a taxpayer’s account (e.g., different action codes, different tax years, and/or different functions). There are certain action codes (e.g., 501, 504, or 506) that can be placed multiple times on an account. Each indicator represents an incident that meets the criteria of the specific indicator placed on the account. For further detail on each TC 971 identity theft indicator, see IRM 10.5.3.2.3.


  6. Under what circumstances can the identity theft tracking indicators (e.g., TC 971 with AC 501, AC 504, or AC 506) be reversed?

    1. In some instances, it may be necessary to manually reverse the identity theft tracking indicators. Such instances include: taxpayer request, a keying or internal error, a fraudulent identity theft claim, or an internally identified negative impact on the taxpayer. For additional information on reversing an identity theft indicator, see the following IRM sections: 10.5.3.2.2.1.2, 10.5.3.2.2.2(6), and 10.5.3.2.2.4.


  7. I see the "Identity Theft" notation on the IDRS entity (ENMOD) screen. What does this mean?

    1. An "Identity Theft" notation on the IDRS ENMOD screen indicates that this taxpayer has one of the identity theft indicators placed on his or her account. The ENMOD screen with the TC 971 should provide you with more detailed information. See IRM 10.5.3.2.2 for detailed descriptions of each action code variation to the TC 971.


  8. What is the relevance of an identity theft indicator when I am working a case?

    1. The presence of one or more of the identity theft tracking indicators should be used as a data point along with other key information to make compliance or other decisions related to working or resolving the case. Substantiation of identity theft should not supersede or replace existing procedures for case resolution. Business units have IRM procedures in place for working cases that involve identity theft. IRM 10.5.3.2.5(1)(c) contains links to function-specific IRM sections that address identity theft-related cases and/or issues.


  9. The IRS identified the taxpayer as an identity theft victim and placed a TC 971 AC 506 on the account. What happens next?

    1. The taxpayer will receive a victim notification letter from IRS advising him/her that someone has attempted to use his or her SSN. The notification letter also contains information about identity theft prevention and available identity theft-related resources.

    2. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

  10. Does Criminal Investigation (CI) investigate and prosecute identity theft-related cases?

    1. Identity theft incidents that affect tax administration may be reported to the Fraud Detection Center (FDC) or any local IRS CI field office. Additionally, CI currently investigates and recommends prosecution of identity theft-related schemes, such as phishing or refund schemes.


  11. A taxpayer indicates his or her identity has been stolen, but there is no indication that this incident affects tax administration. What general information and guidance can I provide this taxpayer?

    1. Advise the taxpayer about the substantiation documentation needed to have an identity theft marker placed on his or her account. See IRM 21.9.2.3.1, Self Identified - Non-Tax Related Identity Theft, for additional guidance on this process. IRS employees may also refer the taxpayer to the IPSU at 1-800-908-4490 for additional information. The taxpayer can also write the IPSU at P.O. Box 9039, Andover, MA 01810 or fax an inquiry to 1-978-247-9965.

    2. Inform the taxpayer of certain non-IRS resources that are available for assistance. Specifically, refer the taxpayer to the guidance available at http://www.irs.gov using the search term "identity theft. "

    3. The identity theft indicator (TC 971 AC 504) is used to indicate identity theft incidents that do not yet affect tax administration.


  12. What is the role of the Identity Protection Specialized Unit?

    1. The Identity Protection Specialized Unit (IPSU) receives taxpayer calls and works with taxpayers who believe they have been victims of identity theft that does not affect tax administration. After a taxpayer provides substantiation documentation, the unit will apply a TC 971 AC 504 to the taxpayer’s account.

    2. IPSU also receives calls from taxpayers who believe they are victims of identity theft that does affect tax administration; however, these callers are referred to the appropriate functional business units for resolution. See IRM 21.9.2.3.2, Tax Related Identity Theft.

    3. IPSU periodically follows-up with these units to ensure the case is being worked appropriately.

  13. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    1. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

10.5.3.2.4  (12-10-2010)
Identity Theft Issues/Responses

  1. This section of the IRM outlines identity theft-related issues and suggested responses, and supports IRS employees as they work to resolve identity theft-related cases. The responses outlined below provide information or links to existing function-specific IRM sections or websites that contain guidance on the issue raised.

    # Issue Action/Response
    1 Identity Theft Victim
    A taxpayer indicates that he or she is a victim of identity theft and there is tax administration effect, e.g., the taxpayer received an IRS notice.     		See IRM 10.5.3.2.1(4), Identity Theft and Substantiation Documentation, for detailed procedures on how a taxpayer should substantiate that he or she is a victim of identity theft.
    2 Taxpayer Substantiation Documentation
    A taxpayer provided substantiation documentation to substantiate an incident of identity theft affecting tax administration. Thus, a TC 971 AC 501 needs to be placed on the taxpayer’s account.     		See Exhibit 10.5.3-4 for detailed instruction on TC 971 AC 501 input.

    Note:

    A TC 971 AC 522 may be applicable after substantiation documentation is received but the account has not been resolved.

    3 Substantiation Documentation Not Provided When Requested
    A taxpayer does not provide appropriate documentation to substantiate identity theft.     		Proceed with case resolution assuming the taxpayer is not a victim of identity theft.
    4 Taxpayer Requests new SSN
    A taxpayer requests a new (replacement) SSN because his or her identity has been stolen.     		Advise the taxpayer to contact the Social Security Administration at 1-800-772-1213 or website http://www.ssa.gov.
    5 Wrongful Use of Taxpayer’s SSN
    A taxpayer states someone is wrongfully using his or her SSN, but there is no known tax administration effect yet, e.g., someone used his or her SSN to open a bank account.

    1. Advise the taxpayer about the substantiation documentation needed to have an identity theft marker placed on his or her account. See IRM 21.9.2.3.1, Self Identified - Non-Tax Related Identity Theft, for additional guidance on this process. IRS employees may also refer the taxpayer to the IPSU at 1-800-908-4490 for additional information.

    2. Advise the taxpayer of the information on the IRS.gov's web page at http://www.irs.gov/privacy/article/0,,id=186436,00.html, Identity Theft and Your Tax Records.

    6 Multiple Taxpayers Using Same SSN
    Multiple taxpayers are using the same SSN when filing their tax returns, creating duplicate returns. This condition is normally identified while working CP 36, Duplicate/Amended Filing Conditions, transcripts.     		Specific guidance contained in:
    IRM 21.6.2.4.3, Mixed Entity Procedures.
    7 Reporting SSN Misuse
    A taxpayer has knowledge of another person filing a federal tax return with a stolen SSN.     		Specific guidance contained in:
    IRM 21.3.4.32.3, Other Tax Related Identity Theft Issues;

    IRM 5.19.1.9.1(2) Identity Theft - General Information; or

    IRM 5.19.11.10.13 Identity Theft.
    8 CP 2000
    A taxpayer receives a CP 2000, Notice of Underreported Income, from the IRS
    and
    he or she never worked for this employer and believes he or she is a victim of identity theft.     		Assist the taxpayer in responding to the CP 2000.

    Specific guidance contained in:

    IRM 4.19.3.20.1.23, Stolen Identity; or

    IRM 21.3.4.32.2, Income Document Related to Identity Theft Issues; or

    IRM 21.9.2.3.2, Tax Related Identity Theft - IPSU Telephone Overview
    9 Delinquent Tax Return
    A taxpayer receives a notice regarding an unfiled tax return and indicates the reported income (e.g., Forms W-2, 1099) resulted from identity theft of his or her SSN.     		Specific guidance contained in:
    IRM 5.1.12.2.2.1, Taxpayer is a Victim of Identity Theft;

    IRM 5.18.1.10.2.3.13.5, Identity Theft; or

    IRM 5.19.2.7, Identity Theft Procedures.
    10 Rejected Tax Return
    A taxpayer states that he or she tried to file electronically (on his or her own or through a preparer), but the return was rejected because another return using the taxpayer's information was filed earlier.     		Specific guidance contained in:

    IRM 21.3.4.32.1, Tax Return Related Identity Theft Issues; or

    IRM 21.6.2.4.2.2, Taxpayer Inquiries Involving Identity Theft.
    11 Tax Balance Due
    A taxpayer received a balance due notice and states he or she does not owe the taxes because of identity theft.     		Specific guidance contained in:

    IRM 5.19.1.9.1(3), Identity Theft - General Information; or

    IRM 5.1.12.2.2, Identity Theft Case Resolution.
    12 Examination
    A taxpayer received a statutory notice or is currently involved in an examination and indicates he or she is a victim of identity theft.     		Specific guidance contained in IRM 4.19.13.25, Identity Theft.
    13 Bankruptcy
    A taxpayer indicates he or she is a victim of identity theft and has filed bankruptcy.     		Specific guidance contained in IRM 5.9.5.12, Identity Theft.
    14 Economic Burden
    A taxpayer is suffering or about to suffer economic harm because of a tax-related identity theft issue and cannot resolve the taxpayer's issue the same date.     		See IRM 13.1.7.4, Same Day Resolution by Operations

    Prepare and submit e-911, Request for Taxpayer Advocate Service Assistance (And Application for Taxpayer Assistance Order) - electronic version.

    Note:

    If the taxpayer asks to contact Taxpayer Advocate Service directly, have the taxpayer call 1-877-777-4778 toll free; TTY/TDD 1-800-829-4059; or go to: http://www.irs.gov/advocate.

    15 Taxpayer requests EIN
    A taxpayer who has substantiated identity theft requests a new EIN to use for business purposes instead of an SSN.     		Specific guidance contained in IRM 21.7.13.5.1.4, Determining the Need for an EIN: Sole Proprietor.
    16 E-mail from IRS
    The taxpayer states that he or she received an E-mail from the IRS requesting PII (e.g., SSN, EIN financial information).     		The IRS does not send E-mails requesting PII.

    See phishing (IRS-related phishing E-mail) for guidance on this issue.

    Also see IRM 21.1.3.24, Scams, Phishing, and Fraudulent Schemes.
    17 SSA benefits stopped or decreased
    A taxpayer claims that SSA has stopped and/or reduced his or her benefits because of a tax return filed with the IRS that the taxpayer claims not to have filed.     		If the taxpayer suffers or is about to suffer economic harm as a result of this incident, prepare and submit e-911, Request for Taxpayer Advocate Service Assistance (And Application for Taxpayer Assistance Order) - electronic version.

    Also see IRM 21.6.2.4.2.5.2.2, Identity Theft - One Return Present, for guidance.
    18 Perpetrator contacts IRS
    An individual contacts the IRS and admits to using a "borrowed" SSN to obtain work. He or she proves use of the SSN via pay stubs or another document (e.g., rent receipt, Information Returns Processing Transcript Request (IRPTR) address matches current address). He or she requests an IRPTR print-out because he or she wants to file a tax return using an ITIN.     		Specific guidance contained in IRM 21.3.4.32.2, Income Document Related to Identity Theft Issues.
    19 Identity Theft Notification Letters
    (TC 971 AC 501)
    A taxpayer contacts the IRS after receiving Notice CP 01, TC 971 AC 501 Acknowledgement Notification, and the taxpayer has a TC 971 AC 501 on his or her account.

    Note: Letter 4445c, Acknowledgement Notification, was used for victim notification prior to July 1, 2009. However, it can be used when taxpayers indicate they did not receive the CP 01.     		Advise the taxpayer that the acknowledgement notification is for informational purposes only, and the taxpayer is not required to take any additional action at this time.
    20 Identity Theft Notification Letters
    (TC 971 AC 506)
    A taxpayer contacts the IRS after receiving Letter 4310c, Identity Theft Refund Crimes Post-Adjustment Letter, and the taxpayer has a TC 971 AC 506 on his or her account that was input by Criminal Investigation.     		Advise the taxpayer that the notification is for informational purposes only, and the taxpayer is not required to take any additional action at this time.

10.5.3.2.5  (12-10-2010)
Identity Theft Information Links

  1. This section of the manual provides links containing identity theft-related information and publications. Specifically, the links include publicly available websites and IRS intranet websites that house general information, as well as function-specific IRM sections that provide guidance on identity theft-related cases and issues.

    1. Publicly available external websites and publications that provide general information on identity theft and identity theft-related issues:

      # Title Description Link Owner
      1 FTC Identity Theft Website Federal Trade Commission (FTC) identity theft awareness homepage http://www.ftc.gov/bcp/edu/microsites/idtheft/ FTC
      2 IRS Public Identity Theft Website IRS publicly available identity theft awareness homepage; can also be accessed via the IRS.gov homepage by performing a search on the term "identity theft" http://www.irs.gov/privacy/article/0,,id=186436,00.html IRS
      3 IRS Identity Theft Affidavit Direct link to Form 14039; used by taxpayers to report identity theft http://www.irs.gov/pub/irs-pdf/f14039.pdf IRS
      4 TAS Website Taxpayer Advocate Service website http://www.irs.gov/advocate TAS
      5 SSA Website Social Security Administration (SSA) homepage http://www.ssa.gov SSA
      6 SSA Identity Theft Website Social Security Administration (SSA) identity theft homepage http://www.ssa.gov/pubs/10064.html SSA
      7 Identity Theft Task Force Website Homepage for the President's task force on identity theft http://www.idtheft.gov Identity Theft Task Force
      8 IRS Phishing Website Instructions on how to report and identify phishing, E-mail scams, and bogus IRS websites http://www.irs.gov/privacy/article/0,,id=179820,00.html IRS
      9 Credit Bureaus Direct links to the three recognized credit bureaus: Equifax, Experian, and TransUnion http://www.equifax.com
      http://www.experian.com
      http://www.transunion.com       		Equifax, Experian, and TransUnion
      10 IRS Pub 4523 IRS Publication 4523 - Beware of Phishing Schemes Publication 4523 IRS
      11 IRS Pub 4524 IRS Publication 4524 - Security Awareness and Identity Theft Publication 4524 IRS
      12 IRS Pub 4535 IRS Publication 4535 - Identity Theft Prevention and Victim Assistance Publication 4535 IRS

    2. Internal IRS intranet links that provide general information on identity theft and identity theft-related issues:

      # Title Description Link Owner
      1 PIPDS Identity Theft Program Website Office of Privacy, Information Protection & Data Security (PIPDS) homepage for its identity theft program Identity Theft PIPDS
      2 Office of Privacy, Information Protection & Data Security PIPDS program and contact information Document 12737, About PIPDS PIPDS
      3 Identity Protection Vision, Mission, Goals, & Activities Link to Identity Protection Vision document Identity Theft Vision Document PIPDS
      4 Servicewide Policies and Authorities Contains a policy statement on how to assist taxpayers who report that they are victims of identity theft, as well as contact information for other relevant government agencies IRM 1.2.25.2, Servicewide Policies and Authorities, Policy Statements for Security, Privacy and Assurance Activities Organization, Finance, and Management
      5 CSIRC Website Computer Security Incident Response Center (CSIRC) homepage CSIRC MITS

    3. Links to function-specific IRM's that address identity theft-related cases and/or issues:

      # IRM Part IRM Chapter Description Link
      1 Submission Processing Campus Document Services Provides guidance for the Entity function when Submission Processing employees receive requests for IRSN's as part of an identity theft-related case IRM 3.13.5.23.1.6
      2 Submission Processing Accounting & Data Control Contains general information on identity theft IRM 3.17.46.1.13
      3 Submission Processing Electronic Tax Administration Provides guidance to e-help Desk employees when a taxpayer reports that he or she is a victim of identity theft IRM 3.42.8.3.1.2
      4 Submission Processing Electronic Tax Administration Provides guidance to e-help Desk employees when a taxpayer reports that he or she is a victim of identity theft IRM 3.42.7.2.4
      5 Examining Process Examination of Returns Includes guidance on identity theft substantiation and audit considerations IRM 4.10.2.8.6
      6 Examining Process Audit Reconsideration Provides guidance for Reconsideration Units when correspondence is received that indicates the taxpayer is a victim of Identity Theft IRM 4.13.3.19
      7 Examining Process Liability Determination Provides guidance on use of AUR Process Code 39 (Stolen Identity-No Change Closure) IRM 4.19.2.7.14
      8 Examining Process Liability Determination Provides guidance on use of AUR Process Code 69 (Stolen Identity-No Change Closure) IRM 4.19.2.7.32
      9 Examining Process Liability Determination Provides guidance on use of AUR Process Code 89 (Stolen Identity-No Change Closure) IRM 4.19.2.7.46
      10 Examining Process Liability Determination Provides guidance to AUR when a taxpayer states that underreported income is the result of his or her identity being stolen or the illegal use of his or her SSN IRM 4.19.3.20.1.23
      11 Examining Process Liability Determination Provides guidance on substantiating incidents of identity theft and assisting victims during the examination process IRM 4.19.13.25
      12 Collecting Process General Collecting Procedures (Field) Provides guidance to field revenue officers (RO's) when a taxpayer indicates that he or she is a victim of identity theft IRM 5.1.10.2.2(7)
      13 Collecting Process General Collecting Procedures (Field) Contains Collection Field Function (RO) procedures and guidance on identity theft-related issues/cases IRM 5.1.12.2
      14 Collecting Process Bankruptcy and Other Insolvencies Provides guidance to support a bankrupt taxpayer who is a victim of identity theft IRM 5.9.5.12
      15 Collecting Process Liability Determination Provides guidance to determine the tax liability of a taxpayer who has substantiated that he or she is a victim of identity theft IRM 5.18.1.10.2.3.13.5
      16 Collecting Process Liability Collection Provides guidance on addressing a caller claiming to be a victim of identity theft; also contains guidance on other general questions about identity theft IRM 5.19.1.9
      17 Collecting Process Liability Collection Provides guidance on addressing victims of identity theft that are in the Return Delinquency Program IRM 5.19.2.6.4.5.4(3)
      18 Collecting Process Liability Collection Contains detailed procedures to work and resolve identity theft related cases that involve IMF and BMF return delinquency IRM 5.19.2.7
      19 Collecting Process Liability Collection Provides guidance to address a caller claiming to be a victim of identity theft; also includes guidance to resolve issues resulting from a taxpayer claiming that an unrelated Form W-2 has been filed under his or her account IRM 5.19.11.10.13
      20 Appeals Appeals Function Provides guidance regarding identity theft substantiation; outlines the process of updating the taxpayer's file with an "ID" code as soon as identity theft has been substantiated IRM 8.1.6.4
      21 Criminal Investigation Investigative Process Provides guidance regarding the investigation of identity theft-related tax and money laundering cases IRM 9.5.3.3.11
      22 Criminal Investigation Investigative Process Details the Identity Theft and Assumption Deterrence Act of 1998 and how it is to be applied at the IRS IRM 9.5.5.2.4
      23 Customer Account Services Accounts Management and Compliance Services Operations Houses information on scams, phishing, and fraudulent schemes IRM 21.1.3.24
      24 Customer Account Services Taxpayer Contacts (Field Assistance) Provides guidance to TAC employees in order to help them understand and respond to identity theft related issues IRM 21.3.4.32
      25 Customer Account Services Refund Inquiries Provides guidance on identity theft-related cases resulting in refunds that were direct deposited into the wrong account IRM 21.4.5.10
      26 Customer Account Services Individual Tax Returns Provides guidance to CSRs regarding telephone inquiries where a taxpayer indicates he or she is a victim of identity theft and has not yet filed a return IRM 21.6.2.4.2.1
      27 Customer Account Services Individual Tax Returns Provides guidance regarding taxpayer inquiries involving identity theft IRM 21.6.2.4.2.2
      28 Customer Account Services Individual Tax Returns Provides account adjustment guidance when working TIN-related problem cases involving identity theft when more than one return is present IRM 21.6.2.4.2.5.2.1
      29 Customer Account Services Individual Tax Returns Provides account adjustment guidance when working TIN-related problem cases involving identity theft when only one return is present IRM 21.6.2.4.2.5.2.2
      30 Customer Account Services Individual Tax Returns Provides account adjustment guidance when working cases involving TIN-related problems that may involve identity theft IRM 21.6.2.4.2
      31 Customer Account Services Individual Tax Returns Provides instructions for making an adjustment to a taxpayers account when an Economic Stimulus Payment is directly deposited into the wrong account as a result of an identity theft related issue IRM 21.6.3.7.7.1(2)
      32 Customer Account Services Individual Tax Returns Contains guidance on working identity theft issues pertaining to Economic Stimulus Payments IRM 21.6.3.6.7.7
      33 Customer Account Services Business Tax Returns and NMF Accounts Provides guidance to IRS employees for identity theft related cases where an EIN was not requested by the taxpayer IRM 21.7.13.4.2.7
      34 Customer Account Services Business Tax Returns & NMF Accounts Includes guidance for cases when taxpayers request EIN in lieu of SSN for business purposes due to identity theft issues IRM 21.7.13.5.1.4
      35 Customer Account Services Specialized Accounts Management Programs Provides guidance and information about the Taxpayer Assurance Program (AM TAP) IRM 21.9.1
      36 Customer Account Services Specialized Accounts Management Programs Provides guidance on identity theft and the Identity Protection Specialized Unit (IPSU) IRM 21.9.2
      37 Special Topics Delinquent Return Refund Hold Program Provides guidance on how to respond to written refund requests from a taxpayer; including identity theft-related cases IRM 25.12.1.8.1.3(2)
      38 Special Topics Statute of Limitations Provides guidance to work and resolve identity theft- related cases involving a refund request IRM 25.6.1.10.2.9.5

10.5.3.2.6  (12-10-2010)
Technical Working Group for Identity Theft Victim Assistance

  1. The Technical Working Group for Identity Theft Victim Assistance (TWG) is a cross-functional group that discusses unique identity theft cases where the taxpayer has been unduly burdened. The TWG was established through a collaborative effort with TAS, and is facilitated by the Identity Protection Program.

  2. The overall purpose of the TWG is to provide a forum for developing recommendations on how processes and procedures can be improved to address and reduce the burden on taxpayers who are victims of identity theft. The TWG's responsibilities include:

    1. Providing a medium for cross-functional discussion and data gathering on identity theft issues

    2. Analyzing identity theft cases where the victim has been significantly burdened

    3. Determining if there are existing procedures to address key issues

    4. Discussing ideas on how related procedures can be developed and/or improved

    5. Developing recommendations for process improvements

  3. The TWG meets periodically and is comprised of representatives and subject matter experts from the various business units and functions. During the meetings, TWG participants discuss a taxpayer identity theft case and provide analysis and function-specific insight regarding existing processes and procedures pertaining to the case and taxpayer treatment. Through this discussion, the group suggests ideas to improve existing procedures and/or provides recommendations for procedures that may need to be developed.

  4. The TWG provides a forum for discussing systemic and procedural issues and developing recommendations and solutions on how processes and procedures can be improved to reduce taxpayer burden with regard to issues of identity theft. The function of the TWG is NOT to address specific taxpayer related identity theft issues, but rather to deal with systemic/procedural issues. The TWG encourages functions to submit systemic and procedural issues of identity theft that cannot be resolved at the functional level, to the TWG. Issues identified by functions will first follow the issue escalation process of their respective organization. If an issue cannot be resolved through the functional channels, but meets the systemic/procedural issue criteria shown in IRM 10.5.3.2.6(6) and (7) below, the functional liaison to the TWG will document the issue using the Issue Submission Template. The functional liaison will E-mail the completed Issue Submission Template to the following E-mail address: PIPDS.IPIM.TWG@irs.gov. Refer to the Identity Theft website link TWG Issue Submission Template for the template to be used for this purpose.

  5. An Identity Protection staff member will monitor the issue submission mailbox regularly. The Monday before the TWG meeting (meetings held every two weeks), an Identity Protection staff member will review and select an issue to be presented to the TWG. As part of the issue review process, the Identity Protection staff member will review the form and may follow up with the submitter for additional clarification. The selected issue will be added to the agenda and will be discussed during the TWG meeting. The TWG will attempt to resolve the issue and submit the procedural changes via a SERP alert, interim guidance, and/or IRM changes.

  6. Guidelines for Selecting Systemic Issues to be Addressed by the TWG - The TWG provides a forum for discussing systemic issues and developing recommendations on how processes and procedures can be improved to reduce taxpayer burden. A systemic issue can be defined as an issue that meets any of the following criteria:

    1. Can be expected to affect multiple taxpayers

    2. Is not a problem specific to an individual taxpayer

    3. Affects segments of the taxpayer population, locally, regionally or nationally

    4. Relates to IRS systems, policies, and procedures

    5. Requires study, analysis, administrative changes or legislative remedies

    6. Involves protecting taxpayer rights, reducing or preventing taxpayer burden, ensuring equitable treatment of taxpayers or providing essential services to taxpayers

  7. The TWG is focused on the issue of identity theft, therefore all systemic issues should be specifically related to incidents of identity theft. Identity theft is defined as an incident where someone uses another individual's personal information such as name, Social Security number (SSN), or other identifying information, without permission, to commit fraud or deception. Each issue should meet one or more of the following criteria. Please indicate which criteria your issue meets (you may check off more than one).

    1. A procedural gap has been identified where no IRM exists

    2. More than one IRM exists, and the guidance is not consistent, causing disparate treatment from one case to another

    3. A procedural gap has been identified in a single BOD; however other BODs may be impacted

    4. A procedural gap has been identified in a single BOD, and the SME would like the TWG to review the issue and provide feedback

    5. A technical issue has been identified that is likely to impact multiple cases and should be addressed on a systemic level

    6. An issue requires expedited resolution; may be in response to an external inquiry to a prior case

10.5.3.3  (12-10-2010)
Identity Theft Risk Assessments and Vulnerability Mitigation Process

  1. In keeping with the intent of OMB Memorandum 03-22, OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002, the PIPDS Office of Privacy Compliance initiated Identity Theft Risk Assessments and Vulnerability Mitigation efforts. The aim is to conduct risk assessments on prioritized business processes and enable the business units to proactively address vulnerabilities and weaknesses and reduce the likelihood of exposure due to loss or theft of taxpayer and employee PII. These efforts allow the IRS to take the following actions:

    1. Identify identity theft-related vulnerabilities within IRS business processes

    2. Provide potential mitigation strategies for vulnerabilities identified during the risk assessments

    3. Remediate risk vulnerabilities identified during the risk assessments, potentially reducing IRS' overall exposure to identity theft threats

    4. Monitor and track vulnerabilities throughout the business process life-cycle

  2. The risk assessments consist of process-specific evaluations to determine where key areas (people, processes, and technology) that handle PII are susceptible to identity theft. The risk assessment includes the determination of the probability and impact of each threat, compares IRS safeguards in the current environment against leading safeguard practices, and provides safeguard enhancements that may reduce the risk associated with the identified vulnerabilities.

  3. In addition, the risk assessment process includes supporting the ongoing effort to reduce the unnecessary usage of SSNs throughout the IRS.

  4. Through these efforts, the Identity Protection Program upholds the commitment of the IRS to provide taxpayers with an accurate and efficient means for filing taxes and upholding tax law, while safeguarding the sensitive information of taxpayers and employees.

10.5.3.4  (12-10-2010)
Awareness Training and Education

  1. The Identity Protection Program shall institute measures to inform IRS personnel of their responsibilities for protecting taxpayers and employees against the loss, disclosure, or theft of their PII.

  2. The Identity Protection Program also supports the annual Information Protection and Disclosure Mandatory Briefing managed by the Office of Privacy , which provides information regarding identity protection.

Exhibit 10.5.3-1 
Glossary of Identity Protection Terms and Definitions

Access - The ability or opportunity to gain knowledge of personally identifiable information.
Breach - The loss of control, disclosure, unauthorized disclosure, unauthorized acquisition, unauthorized access, or any similar term referring to situations where persons other than authorized users and for other than authorized purpose have access or potential access to personally identifiable information, whether physical or electronic.
Federal Trade Commission (FTC) - An independent agency of the United States government, established in 1914 by the Federal Trade Commission Act, with the principal mission of promoting "consumer protection" and the elimination and prevention of what regulators perceive to be "anti-competitive" business practices.
Harm - Includes any of the following effects of a breach of confidentiality, integrity, availability, or fiduciary responsibility:
   a) Potential for blackmail;
   b) Disclosure of private facts;
   c) Mental pain and emotional distress;
   d) Potential for secondary uses of the information that could result in fear or uncertainty, or the unwarranted exposure leading to humiliation or loss of self-esteem;
   e) Identity theft; or
  f) Financial loss.
Identity Theft - A fraud that is committed or attempted, using a person's identifying information without authority.
Identity Theft Liaison - A listing of individuals in the business units that are the contacts for the W&I AM IPSU, when IPSU sends Form 14027-B, Identity Theft Case Referral for monitoring account activity on cases with open controls. A current listing of "ID Theft Liaisons (Functional)" can be found on SERP under the Who/Where tab.  
Identity Theft Risk Assessments (and Vulnerability Mitigation Process) - Risk assessments conducted on prioritized business processes within the IRS to determine the level of risk associated with those systems. The risk assessment review will help determine where key areas (people, process, and technology) that handle PII are susceptible to identity theft. Once a risk assessment review is conducted, the business unit that owns the process is given a complete report and analysis of the risks involved with that particular process. The business unit will attempt to mitigate the risks involved by analyzing the report and taking appropriate actions. (Example - An identity theft risk assessment is conducted of the Automated Collection System (ACS) to determine the level of risk associated with that system. A risk assessment report is issued and the business unit will attempt to mitigate the risks to minimize the possibility of loss of PII.)  
Incident Management - The process of managing incidents involving the loss or disclosure of data.
Information Technology - Any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by an executive agency.
Loss - Any event where an item is misplaced and/or neither the official owner nor the intended recipient has possession of the item in the expected time frame. A loss may involve an IRS-owned physical asset such as a laptop, blackberry, cell phone, and/or other portable media, or electronic or hard copy data that may contain Sensitive But Unclassified (SBU) data or Personally Identifiable Information (PII) such as paper or electronic taxpayer records, personnel records, or other identifying data, or a combination of a physical asset and electronic and/or hard copy data.
Office of Management and Budget (OMB) - A cabinet-level office that oversees the activities of federal agencies and monitors the adherence of their assigned federal programs to presidential policies.
Personally Identifiable Information (PII) - The definition of personally identifiable information is provided by OMB 07-16. For further information about PII, see the PIPDS web page called PII - What is personally identifiable information?
Privacy and Information Protection (PIP) Advisory Committee - A committee established to oversee Identity Protection Program and Incident Management Program activities, specifically the development of Servicewide identity theft and PII data loss policies and procedures, development and execution of Identity Protection and Incident Management Program office procedures, and the study and execution of identity theft outreach, victim assistance and prevention initiatives.  
Risk - The level of impact on agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring.
Risk Assessment - The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security and privacy controls that would mitigate this impact.
Safeguards - Protective measures prescribed to meet the privacy requirements specified for an information system.
Technical Working Group (TWG) for Identity Theft Victim Assistance - A cross-functional group that meets periodically to provide a forum for developing recommendations on how processes and procedures can be improved to address and reduce the burden on taxpayers who are victims of identity theft.  
Unpostable - A transaction which cannot be posted to a taxpayer's account because the transaction failed certain Master File validation checks.  

Exhibit 10.5.3-2 
References

The Identity Protection Program was established to ensure Servicewide implementation of federal directives to protect citizens and government employees . The following are the principal documents involving the Identity Protection Program:


OMB Memoranda

  1. M-06-15, Safeguarding Personally Identifiable Information, May 22, 2006

  2. M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002, September 30, 2003

OMB Memoranda are available at Office of Management and Budget at http://www.whitehouse.gov/omb/memoranda.

Other Federal Guidance

  1. Combating Identity Theft: A Strategic Plan, The President’s Identity Theft Task Force Report, April 2007

  2. Combating Identity Theft, Volume II: Supplemental Information, The President’s Identity Theft Task Force Report, April 2007

  3. President’s Identity Theft Task Force Report Summary of Interim Recommendations, September 2006


The President’s Identity Theft Task Force documents are available at http://www.idtheft.gov/

PIPDS Internal Revenue Manuals

  • IRM 10.5.1, Privacy, Information Protection & Data Security Policy and Guidance

  • IRM 10.5.3, Identity Protection Program

  • IRM 10.5.4, Incident Management Program

Exhibit 10.5.3-3 
Acronyms and Definitions

The following tables describe the terms and acronyms used for TC 971 AC 501, 504, and 506 identity theft indicator codes. The three tables are: 1) BOD/Function, 2) Program Name, and 3) Tax Administration Source.

  1. BOD/Function

    Term/Acronym Description
    AP Appeals
    CI Criminal Investigation
    MITS Modernization & Information Technology Services
    PPDS Privacy, Information Protection & Data Security
    SBSE Small Business / Self-Employed
    TAS Taxpayer Advocate Service
    WI Wage & Investment

  2. Program Name

    Term/Acronym Description
    ACS Automated Collection System
    AM Accounts Management (IRS-identified identity theft)
    AMADJ Accounts Management (TP-identified identity theft)
    AMTAP Accounts Management Taxpayer Assurance Program
    AP Appeals
    ASFR Automated Substitute for Return
    AUR Automated Underreporter
    CA TAS Case Advocate
    CFBALDUE SB/SE: Field Collection - Taxpayer Delinquency Accounts
    CFDELRET SB/SE: Field Collection - Taxpayer Delinquency Investigations
    CONGINQ Congressional Inquiry
    CORR SB/SE Correspondence Exam
    CSCO Compliance Services Collection Operations
    CSIRC Computer Security Incident Response Center
    EXAM W&I Correspondence Exam
    FA Field Assistance
    FLDEXAM Field Exam
    OPIP Office of Privacy & Information Protection
    PHSH Phishing
    PREREF Pre-Refund
    RC Refund Crime
    RFND Refund Crime
    SP Submission Processing
    TDI Tax Delinquency Investigation
    WHC Withholding Compliance

  3. Tax Administration Source

    Term/Acronym Description
    INCOME Identify theft identified and substantiated due to an underreporting of income
    MULTFL Identity theft identified and substantiated due to two or more tax returns filed for one taxpayer
    INCMUL Identity theft identified and substantiated due to both underreporting of income and multiple filings
    NOFR Substantiated identity theft incidents where the victim does not have a filing requirement
    OTHER Identity theft which cannot be identified as related to any existing Tax Administration Source types
    RFND Identity theft identified by the filing of a false return in order to obtain a refund
    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

Exhibit 10.5.3-4 
TC 971 AC 501 — Taxpayer-Identified Identity Theft Affecting Tax Administration

Input instructions for TC 971 AC 501 are as follows:

  1. Obtain the following information:

    • Entity - SSN;

    • Business Operating Division (BOD)/Function (See Exhibit 10.5.3-3);

    • Program Name (See Exhibit 10.5.3-3);

    • Tax Administration Source (See Exhibit 10.5.3-3); and

    • Tax Year affected by identity theft.

      Note:

      The tax year affected by the identity theft cannot be the current year. For example, the taxpayer gives you substantiation documentation during the current year, e.g., 2010, for a 2005 tax year issue. Input TC 971 AC 501 on tax year 2005 only and not on 2010.

  2. Navigate to FRM77

    • Sign into IDRS;

    • Enter ENMOD (SSN), then press ENTER;

    • Enter REQ77.

    • FRM77 is displayed for the selected SSN.

  3. Enter the TC 971 AC 501

    • Enter the TC with 971;

    • TRANS-DT is auto populated with the current date;

    • Enter SECONDARY-DT (enter the tax year affected by the identity theft incident in the format MM-DD-YYYY);

    • Enter MISC (enter your specific BOD/Function, Program Name, and Tax Administration Source, see Exhibit 10.5.3-3); and

    • After REMARKS, enter IDENTITY THEFT.

Exhibit 10.5.3-5 
TC 972 AC 501 — Reversal of TC 971 AC 501

Input instructions for TC 972 AC 501 are as follows:

  1. Obtain the following information:

    • Entity - SSN;

    • BOD/Function (See Exhibit 10.5.3-3);

    • Program Name (See Exhibit 10.5.3-3);

    • Tax Year of the TC 971 AC 501 being reversed; and

      Note:

      The tax year must match the tax year of the TC 971 AC 501 that is being reversed.

    • Transaction date of the TC 971 AC 501 being reversed.

  2. Navigate to FRM77

    • Sign into IDRS;

    • Enter ENMOD SSN, then press ENTER;

    • Enter REQ77.

    • FRM77 is displayed for the selected SSN.

  3. Enter the TC 972 AC 501

    • Enter the TC with 972;

    • Enter TRANS-DT (enter the transaction date of the TC 971 AC 501 being reversed);

    • Enter SECONDARY-DT (enter the tax year of the TC 971 AC 501 being reversed in the MM-DD-YYYY format);

    • Enter MISC (Modify the Reason Code field with the reason for the reversal). Select the Reason code that reflects the reason for the reversal from the options below; and

    • Enter REMARKS (enter your remarks).

The following table describes the TC 972 AC 501 reason codes:

TC 972 AC 501 Reason Codes
Reason Description Value
Taxpayer Request The taxpayer requests the 971 be reversed. TPRQ
Keying or Internal Error The 971 was due to a typographical mistake or another internal mistake. IRSERR
Internally Identified Negative Impact The 971 is causing a negative impact on another internal process or system, and should be reversed to discontinue the negative impact. IRSADM
False Identity Theft Claim The original identity theft incident claim was determined to be fraudulent. FALSE
Other The reason for the 971 reversal does not meet any of the reason descriptions above. OTHER

Exhibit 10.5.3-6 
TC 971 AC 504 — Taxpayer-Identified Identity Theft Not Affecting Tax Administration

Important: Input of Action Code 504 is limited and reserved for use by the Identity Protection Specialized Unit (IPSU) in W&I, Accounts Management.

TC 971 AC 504 is displayed on IDRS command code ENMOD and consists of the following data elements:

TRANS-DT SECONDARY-DT MISC REMARKS
Input date of TC 971 AC 504 Date identity theft occurred (per taxpayer). BOD, Function, and taxpayer impact. (See the Impact to Taxpayer table below.) Comments
Impact to Taxpayer
Term/Acronym Description
ACCT One or more personal accounts have been opened under the victim's identity or the victim reported questionable account activity.
BOTH Both EMPL and ACCT.
EMPL Victim's SSN Used for Employment.
NKI No known impact has been identified by the taxpayer.

Exhibit 10.5.3-7 
TC 972 AC 504 — Reversal of TC 971 AC 504

The miscellaneous field for TC 972 AC 504 reflects the reason for the reversal of TC 971 AC 504. See the TC 972 AC 504 Miscellaneous Field chart below for the reasons and values for the MISC field.

TC 972 AC 504 Miscellaneous Field
Reason Description Value
Taxpayer Request The taxpayer requests the 971 be reversed. TPRQ
Keying or Internal Error The 971 was due to a typographical mistake or other internal mistake. IRSERR
Internally Identified Negative Impact The 971 is causing a negative impact on another internal process or system, and should be reversed to discontinue the negative impact. IRSADM
False Identity Theft Claim The original identity theft incident claim was determined to be fraudulent. FALSE
Other The reason for the 971 reversal does not meet any of the reason descriptions above. OTHER

Exhibit 10.5.3-8 
TC 971 AC 505 — IRS Data Loss Incidents

Important: Input of Action Code 505 is limited and reserved for use by the Office of Privacy, Information Protection & Data Security personnel.

TC 971 AC 505 is displayed on IDRS command code ENMOD and consists of the following data elements:

TRANS-DT SECONDARY-DT MISC
TC 971 AC 505 input date Date the data loss incident occurred. Incident Reference Code number assigned to the data loss case. This number begins with the literal "IR" and is followed by 11 numeric digits. For example: IR20080211034

Exhibit 10.5.3-9 
TC 972 AC 505 — Reversal of TC 971 AC 505

The miscellaneous field for TC 972 AC 505 reflects the reason for the reversal of TC 971 AC 505. See the following chart for reasons and values for the MISC field:

TC 972 AC 505 Miscellaneous Field
Reason Description Value
Keying or Internal Error The 971 was due to a typographical mistake or another internal mistake. IRSERR
Internally Identified Negative Impact The 971 is causing a negative impact on another internal process or system, and should be reversed to discontinue the negative impact. IRSADM
Other The reason for the 971 reversal does not meet any of the above reason descriptions. OTHER

Exhibit 10.5.3-10 
TC 971 AC 506 — IRS-Identified Identity Theft Affecting Tax Administration

Important: Input of Action Code 506 is limited and reserved for use by the following functions: Criminal Investigation, Accounts Management, and Submission Processing.

TC 971 AC 506 is displayed on IDRS command code ENMOD and consists of the following data elements:

TRANS-DT SECONDARY-DT MISC XREF-TIN
Input date of TC 971 AC 506 Tax year at issue date. BOD, Function, and Program that input the TC 971 AC 506. (See the Miscellaneous Field table below.) Optional field that, when populated, displays a TIN (e.g., SSN, ITIN, or IRSN).
TC 971 AC 506 Miscellaneous Field
Description BOD / Function Program Name Tax Administration Source
Phishing Schemes CI PHSH N/A
Refund Fraud CI RFND N/A
Other CI OTHER N/A
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
Input on true SSN owner’s account when a non-legitimate unpostable return with UPC147 RC 1 has been filed using the taxpayer’s SSN as identified and determined by SP. WI SP UPCMUL
Input on the identified IRSN corresponding to the non-legitimate unpostable return with UPC147 RC 1 as identified and determined by SP. WI SP UPC147
Input on true SSN owner’s account per TIN-related problem case procedures. WI AM MULTFL
Other identity theft-related incident, affecting tax administration identified and substantiated by Accounts Management. WI AM OTHER
Identity theft identified by the filing of a false return in order to obtain a refund WI AMTAP RFND
Other identity theft-related incident, affecting tax administration identified and substantiated by AMTAP WI AMTAP OTHER
≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

Exhibit 10.5.3-11 
TC 972 AC 506 — Reversal of TC 971 AC 506

The miscellaneous field displays the reason for the reversal. See TC 972 AC 506 Miscellaneous Field chart below for reasons and values for the MISC field:

TC 972 AC 506 Miscellaneous Field
Reason Description Value
Taxpayer Request The taxpayer requests the 971 be reversed. TPRQ
Keying or Internal Error The 971 was due to a typographical mistake or another internal mistake. IRSERR
Internally Identified Negative Impact The 971 is causing a negative impact on another internal process or system, and should be reversed to discontinue the negative impact. IRSADM
False Identity Theft Claim The original identity theft incident claim was determined to be fraudulent. FALSE
Other The reason for the 971 reversal does not meet any of the above reason descriptions. OTHER

Exhibit 10.5.3-12 
TC 971 AC 522 - Substantiation Documentation Received by IRS

The following table is what is displayed on IDRS Masterfile command code ENMOD and consists of the following data elements:

Term/Acronym Description
AP Appeals
CI Criminal Investigation
MITS Modernization & Information Technology Services
PPDS Privacy, Information Protection & Data Security
SBSE Small Business / Self-Employed
TAS Taxpayer Advocate Service
WI Wage & Investment

The following is displayed on IDRS Masterfile command code ENMOD, program name:

Term/Acronym Description
ACS Automated Collection System
AM Accounts Management (IRS-identified identity theft)
AMADJ Accounts Management (TP-identified identity theft)
AP Appeals
ASFR Automated Substitute for Return
AUR Automated Underreporter
CA TAS Case Advocate
CFBALDUE SB/SE: Field Collection - Taxpayer Delinquency Accounts
CFDELRET SB/SE: Field Collection - Taxpayer Delinquency Investigations
CONGINQ Congressional Inquiry
CORR SB/SE Correspondence Exam
CSCO Compliance Services Collection Operations
CSIRC Computer Security Incident Response Center
EXAM W&I Correspondence Exam
FA Field Assistance
FLDEXAM Field Exam
OPIP Office of Privacy & Information Protection
PHSH Phishing
RFND Refund Crime
SP Submission Processing
TDI Tax Delinquency Investigation
WHC Withholding Compliance

The following is displayed on IDRS Masterfile command code ENMOD, tax administration source:

Term/Acronym Description
INCOME Identify theft identified and substantiated due to an underreporting of income
MULTFL Identity theft identified and substantiated due to two or more tax returns filed for one taxpayer
INCMUL Identity theft identified and substantiated due to both underreporting of income and multiple filings
NOFR Substantiated identity theft incidents where the victim does not have a filing requirement
OTHER Identity theft which cannot be identified as related to any existing Tax Administration Source types

Note:

Input instructions for TC 971 AC 522 are the same as input instructions for TC 971 AC 501.

Exhibit 10.5.3-13 
TC 972 AC 522 - Reversal of TC 971 AC 522

The miscellaneous field displays the reason for the reversal. See TC 972 AC 522 Miscellaneous Field chart below:

TC 972 AC 522 Miscellaneous Field
Reason Description Value
Taxpayer Request The taxpayer requests the 971 be reversed. TPRQ
Keying or Internal Error The 971 was due to a typographical mistake or another internal mistake. IRSERR
Internally Identified Negative Impact The 971 is causing a negative impact on another internal process or system, and should be reversed to discontinue the negative impact. IRSADM
False Identity Theft Claim The original identity theft incident claim was determined to be fraudulent. FALSE
Other The reason for the 971 reversal does not meet any of the above reason descriptions. OTHER

More Internal Revenue Manual