5.1.28 Identity Theft for Collection Employees

Manual Transmittal

April 26, 2018

Purpose

(1) This transmits revised IRM 5.1.28, Field Collection Procedures, Identity Theft for Collection Employees.

Material Changes

(1) IRM 5.1.28.4.1.1, Returning Levied Property in Cases of Identity Theft, revised the rules around the nine month time frame within both (1) and example.

Effect on Other Documents

.IRM 5.1.28, dated 06/20/2017 is superseded.

Audience

Revenue officers and other caseworkers in SB/SE Collection.

Effective Date

(04-26-2018)

Kristen E. Bailey
Director, Collection Policy
Small Business/Self-Employed

Program Scope and Objective

  1. Purpose. This chapter discusses the overall identity theft guidance, processes, and procedures aimed at preventing identity theft, protecting taxpayers, and providing assistance to victims of identity theft. While many topics are touched upon in this chapter, comprehensive guidance about all of them cannot be included here. As you use this chapter, remain alert for references to other resources, such as related IRM’s and websites and access that guidance as needed to ensure a thorough understanding of topics. Specifically, IRM 5.1.28:

    • Established procedures for taxpayer interaction.

    • Defines disclosure steps in identity theft.

    • Defines collection activity in identity theft.

    • Identifies types of identity theft.

    • Discusses identity theft claim requirements.

    • Describes steps needed in determining identity theft.

    • Describes steps needed to resolve identity theft case.

  2. Audience . These procedures and guidance apply to IRS Field Collection Revenue Officers and Group Managers.

  3. Policy Owner. The Director, Collection Policy.

  4. Program Owner. SB/SE Collection Policy

  5. Primary Stakeholders. The primary stakeholders that are impacted by this IRM include:

    • Field Collection

    • Identity Protection Strategy and Oversight

    • Identity Theft Victims Assistance

    • Designated Identity Theft Adjustment

  6. Program Goal. Identity Theft places a burden on its victims and presents a challenge to businesses, organizations, and government agencies, including the Internal Revenue Service. By following the direction in this IRM section, employees can combat tax-related identity theft with an aggressive strategy for prevention, detection, and victim assistance.

Background

  1. The definitions for IMF and BMF Identity Theft are:

    • IMF Identity Theft occurs when someone uses an individuals personal information, such as name, Social Security Number(SSN), or other identifying information without permission, to commit fraud or other crimes.

    • BMF Identity Theft occurs when business identifying information is created, used, or attempted to be used without authority, to obtain tax benefits.

Authority

  1. The Identity Protection Strategy & Oversight Program was established to ensure Service wide implementation of federal directives to protect citizens and government employees. The following are the principal documents involving the identity theft program:

    • Combating Identity Theft: A Strategic Plan, The President’s Identity Theft Task Force Report, April 2007

    • Combating Identity Theft, Volume II: Supplemental Information, The President’s Identity Theft Task Force Report, April 2007

    • President’s Identity Theft Task Force Report Summary of Interim Recommendations, September 2006

    • Office of Management and Budget (OMB), M-06-15, Safeguarding Personally Identifiable Information, May 22, 2006

    • Office of Management and Budget (OMB), M-03-22, OMB guidance for Implementing the Privacy Provisions of the E-Government Act of 2002, September 30, 2003

Responsibilities

  1. The Director, Collection Policy is the executive responsible for the policies and procedures to be employed by collection personnel.

  2. Field Collection Group Managers and Territory Managers are responsible for ensuring the guidance and procedures described in this IRM are complied with.

Program Management and Review

  1. Program Reports.

    • Embedded Quality Review System (EQRS) Reports.

    • National Quality Review System (NQRS) Reports.

    • ICS Reports

  2. Program Effectiveness. The program effectiveness is measured by the following review types and by level of management.

    • Case Reviews are conducted by Group Managers to ensure compliance with this IRM.

    • Operational Reviews are conducted by Territory Manager and Area Director annually to evaluate program delivery and conformance to administrative and compliance requirements.

Program Controls

  1. Identity Theft Indicators. These indicators are utilized to track identity theft cases from the time a victim or IRS initially suspects identity theft through case closure.

  2. Tax Administration Source Codes. These source codes are utilized to track identity theft cases when they are initially identified.

Terms/Definitions/Acronyms

  1. Frequently used terms within this IRM along with their definition include:

    1. Tax Related Identity Theft: Identity theft with a direct effect on the taxpayer’s filing and payment requirements, such as their ability to file a tax return, receive a refund or take or take other actions associated with these responsibilities. Tax-related identity theft is most often associated with the theft of a taxpayers Social Security number.

    2. Non-tax related Identity Theft: The taxpayer experiences an incident, such as becoming a victim of a data breach from their medical office or a lost or stolen wallet or purse - which will place them at risk of identity theft related to their credit or finances - but there is no direct effect on tax administration at this time.

  2. This table lists commonly used acronyms and their definitions within this IRM.

    Acronym Definition
    AMS Accounts Management System
    BOD Business Operating Division/Function
    CLSIDT BMF case resolved
    CIS Correspondence Imaging System
    DITA Designated Identity Theft Adjustment
    IDTVA Identity Theft Victims Assistance
    IDT Identity Theft
    IDTCLM Initial allegation or suspicion of identity theft prior to submitting claim.
    IDTDOC When taxpayer provides and submits legible claim.
    INCMUL Both income and MULTFL
    IPSO Identity Protection Strategy and Oversight
    MULTFL Two or more returns filed under same SSN for the same tax period.
    NFTL Notice to File Federal Tax Lien
    NOFR taxpayer not required to file.
    PNDCLM Taxpayer makes allegation of Identity Theft but has not yet provided their claim.

Related Resources

  1. IRM Resources:

    • IRM 25.23.1 Identity Protection and Victims Assistance - Policy Guidance

    • IRM 25.23.2Identity Protection and Victims Assistance - General Case Processing

    • IRM 25.23.9BMF Identity Theft Processing

Taxpayer Interaction

  1. Taxpayers who have experienced identity theft are already victims, either emotionally and/or financially. Be aware of that fact and handle the contact with an additional level of sensitivity and understanding.

  2. In addition to providing the taxpayer with courteous service, educate the taxpayer about how to protect themselves and where to find additional information. Advise them to do the following:

    • Contact the Federal Trade Commission (FTC) Identity Theft Hotline

    • Contact the Social Security Administration (SSA)

    • File a report with their local or state police

    • Contact their state Attorney General's office

    • Contact one of the three major credit bureaus: Equifax, Experian, or TransUnion

    • File Form 14039, Identity Theft Affidavit with the IRS

    • Review Publication 5027, Identity Theft Information for Taxpayers; and

    • Review the IRS website, http://www.irs.gov/, Keyword "Identity Theft" or "ID Theft."

  3. Refer taxpayers claiming financial hardship as a result of a tax-related identity theft issue to the Taxpayer Advocate Service (TAS) when TAS criteria is met, see IRM 13.1.7 Taxpayer Advocate Case Procedures, Taxpayer Advocate Service (TAS) Case Criteria and the taxpayer's issues cannot be resolved the same day. The definition of "same day" is within 24 hours. "Same day" cases include cases that can be completely resolved in 24 hours as well as cases in which you have taken steps to begin resolving the taxpayer's issues. Do not refer same day cases to TAS unless the taxpayer asks to be transferred to TAS and the case meets TAS criteria, see IRM 13.1.7.4Same Day Resolution by Operations Use Form 911Request for Taxpayer Advocate Service Assistance (And Application for Taxpayer Assistance Order), to refer cases meeting the criteria to TAS. If the taxpayer requests to contact TAS directly, advise the taxpayer to call 1-877-777-4778 toll-free, or go to http://www.taxpayeradvocate.irs.gov/.

    Note:

    Certain cases may be worked by the Identity Protection Specialized Unit rather than TAS. For more details see IRM 13.1.16.11.3Criteria 5-7 Identity Theft Cases Eligible for Referral to Identity Protection Specialized Unit (IPSU).

Identity Theft and Disclosure

  1. IRC 6103(a) provides that tax returns and tax return information are confidential and are not to be disclosed except as authorized. See IRM 5.1.22Field Collecting Procedures, Disclosure..

Tax Return Filed

  1. Per IRC 6103(b)(1) –“Return” means any tax or information return, declaration of estimated tax, or claim for refund required by, or provided for or permitted under, the provisions of this title which is filed with the Secretary by, on behalf of, or with respect to any person, and any amendment or supplement thereto, including supporting schedules, attachments, or lists which are supplemental to, or part of, the return so filed.

  2. An income tax return fabricated by an identity thief is not a valid return. The return is not signed by the taxpayer in whose name the return is filed and it lacks a valid signature.

  3. A Form W-2, Wage and Tax Statement, fabricated by an identity thief and attached to an invalid income tax return is also invalid.

  4. A Form W-2 filed by an employer that reports all the necessary information for the employee with a stolen SSN provided by the employee is a valid information return. The valid form reflects an employment relationship and is covered by IRC 6103(b)(1).

Tax Return Information - Refund Fraud

  1. Per IRC 6103(b)(2) “Return information” means a taxpayer’s identity, the nature, source, or amount of his income, payments, receipts, deductions, exemptions, credits, assets, liabilities, net worth, tax liability, tax withheld, deficiencies, over assessments, or tax payments, whether the taxpayer’s return was, is being, or will be examined or subject to other investigation or processing, or any other data, received by, recorded by, prepared by, furnished to, or collected by the Secretary with respect to a return or with respect to the determination of the existence, or possible existence, of liability (or the amount thereof) of any person under this title for any tax, penalty, interest, fine, forfeiture, or other imposition, or offense.

  2. The information reported by an identity thief on a return is considered return information under IRC 6103(b)(2)(A).

Information Return Information - Forms W-2 and 1099

  1. The return information on Forms W-2 and 1099 with a stolen SSN is the return information of both the employer who filed it and the employee/individual who used the SSN for employment.

  2. Also see IRM 11.3.2.4.1.2, Identity Theft and Access to Information Returns, regarding disclosing information from Form W-2 and Form 1099.

Victim Disclosure

  1. Information used by the Service to determine the victim's tax liability is return information and can be disclosed to the victim. This includes information related to the original assessment that was based on the Form 1040, Form W-2, or Form 1099 filed under the victim’s SSN.

    Caution:

    Do not disclose the identity or location of the identity thief to the taxpayer.

  2. Information not used by the Service to determine the victim’s tax liability, including information about the Service’s investigation of the person who misuses the victim’s SSN, is not the return information of the victim and may not be disclosed to the victim.

  3. An identity-theft victim may obtain from the Service a copy of the "bad return" and other return information associated with the processing of the "bad return" filed by the identity thief if the disclosure will not seriously impair federal tax administration. Information about the Service’s investigation is not the return information of the victim and may not be disclosed to the victim. Instructions for taxpayers to request a copy are available on IRS.gov, https://www.irs.gov/Individuals/Instructions-for-Requesting-Copy-of-Fraudulent-Returns.

Employer Disclosure

  1. An incorrect SSN on a Form W-2 is employer return information; however, any information about the investigation of the use/theft of the SSN or the person who used the SSN for employment cannot be disclosed to the employer.

Collection Activity in Identity Theft Cases

  1. When the taxpayer contacted claims to be a victim of identity theft and the IDT claim has not been received, do not release the levy unless one of the circumstances described in IRM 5.11.2.3.1, Legal Basis for Releasing Levies, exists.

  2. When the taxpayer contacted claims to be a victim of identity theft and an IDT claim has been received, release any levy in effect only for the tax modules affected by the identity theft.

  3. If there is a balance due not attributable to identity theft, then collection activities, including the appropriate use of enforced collection action, are not prohibited when a taxpayer has established that he/she was a victim of identity theft.
    However,

    1. Be sensitive to the adverse impact that being a victim of identity theft may have upon a taxpayer and his or her ability to pay.

    2. Consider temporarily suspending the account until the identity theft incident is resolved in cases where you determine the identity theft will have an adverse impact on the taxpayer’s ability to pay.

      Caution:

      Ensure collection activities are taken only on balance due modules not attributable to identify theft.

Assessment is Result of Identity Theft

  1. If the taxpayer is a victim of identity theft, review the case history for any outstanding enforcement activity that may need to be addressed, e.g., levies, liens, and bankruptcy claims.

  2. Cases in inventory will not be systemically blocked from automated levy action. Manually block the case from levy by requesting the appropriate IDRS input if the assessment is a result of identity theft.

  3. See IRM 5.12.11.2.1, Identity Theft and Liens , for additional procedures regarding Notices of Federal Tax Lien.

  4. See IRM 5.9.5.12, Identity Theft (IDT), for additional procedures regarding taxpayers in bankruptcy.

Returning Levied Property in Cases of Identity Theft
  1. See IRM 5.11.2.3.6Levy Releases in Cases of Identity Theft , for guidance on returning levied property to persons other than the taxpayer. The levy of an asset belonging to someone other than the person against whom the tax was assessed is called a wrongful levy. The authority to return wrongful levy payments is provided in IRC 6343(b), which limits the return of money to the period of time within two (2) years from the date of the levy. However, if the date of levy was on or before March 22, 2017, then the non-owner must contact the IRS to request return of levied proceeds within nine (9) months from the date of levy.

    Example:

    Taxpayer has balance due. Another person is using the taxpayer's SSN for employment and the other person’s wages are levied (levy date was after March 22, 2017). The levy payments may only be returned within two (2) years from the date of the levy.

  2. The time frame for returning levied property to the taxpayer is different. In this case, we have an assessment against the taxpayer and have levied against the taxpayer. Under our normal operating procedures, when we learn that the return that was filed was not the taxpayer’s return, we will remove (back out) the return and the erroneous refund that went to the thief. The taxpayer’s account will have a zero liability and a credit balance equal to the amount of levy proceeds. Because the assessment and levy were for the taxpayer/victim rather than an assessment for a taxpayer and a levy on a third party, the two (2) year wrongful levy statute does not apply. If the victim is coming in to request the levy proceeds while the Refund Statute Expiration Date (RSED) is open, we can return the funds. If you have cases where the taxpayer comes in more than two years after the payment, Counsel would need to consider whether there is another legal theory that would support returning the proceeds to the taxpayer/victim.

    Example:

    An identity thief has filed a return in the taxpayer’s name and the taxpayer did not have a filing obligation. The taxpayer was unaware that they were a victim of identity theft. In the interim, the identity theft return either was audited or reviewed and there is an assessed balance on the victim’s account that IRS is attempting to collect (defaulted deficiency or summary assessment of overstated withholding). IRS uses its levy authority to collect against the assessment by levying the taxpayer. Sometime later the victim comes forward and informs IRS of the identity theft. The Service applies the normal period of limitation rules for claiming credits or refunds in determining if the proceeds may be returned to the taxpayer. The two (2) year period for a third party to recover property wrongfully levied is not applicable.

Returning Accounts to Currently not Collectible Status
  1. Accounts previously reported currently not collectible, unable to pay, may be reactivated when the taxpayer is the victim of stolen identity refund fraud.

    Example:

    Fraudulent refund from a 2012 return offsets to Bal Due for 2011 reported currently not collectible (CNC). The total positive income (TPI) on the 2012 return is above the CNC closing code and the 2011 Bal Due is reactivated.

  2. See possible scenarios in the If/Then table below.

    If ... Then ...
    the taxpayer is not required to file for 2012 or
    the TPI on the taxpayer's correct 2012 return is below the CNC closing code amount
    return the 2011 module to CNC status without securing a new Collection Information Statement (CIS).
    the TPI on the taxpayer's correct 2012 return is above the CNC closing code amount secure a new CIS and make a new collectibility determination.
    the taxpayer owes on the correct 2012 return secure a new CIS and include all Bal Dues in case resolution.

    Exception:

    A new CIS is not required if the conditions of IRM 5.16.1.3.3Cases Reported Currently Not Collectible Based Upon a Prior Form 53, are met.

    the taxpayer has not filed 2012 as required secure return and follow guidance above as appropriate.
  3. When the fraudulent refund offsets to the module in CNC, but does not full pay it and the TPI on the identity theft return is below the CNC closing code, the CNC module is not reactivated. If the TPI on the taxpayer's correct return is above the CNC closing code, the CNC module will be reactivated when the correct return is assessed.

  4. For Bal Dues resulting from the reversal of a fraudulent refund that full paid an account in CNC, follow the procedures in this table:

    If Then
    an NFTL was released revoke the release and file a new NFTL after the erroneous refund is reversed.
    the taxpayer does not have a filing requirement for subsequent tax years
    or the TPI on subsequent year's returns is below the CNC closing code
    do not secure a new CIS
    and reinstate the module(s) to CNC status.
    the TPI on the taxpayer's correct return is above the CNC closing code
    and/or the taxpayer owes on the correct return
    secure a new CIS and include all Bal Dues in the case resolution.

    Exception:

    A new CIS is not required if the conditions of IRM 5.16.1.3.3Cases Reported Currently Not Collectible Based Upon a Prior Form 53, are met.

  5. For a Bal Due reversed out of CNC status when the taxpayer is a victim of employment related identity theft and the addition of the unreported income increases the TPI to greater than the CNC closing code, verify the taxpayer's income and if the taxpayer's income is,

    1. Less than the CNC closing code, then do not secure a new CIS and return the module to CNC status.

    2. Greater than the CNC closing code, then secure a new CIS unless the CIS in the case file is less than 12 months old.

Returning Accounts to Installment Agreement Status
  1. Work Bal Due accounts resulting from the reversal of fraudulent refunds that full paid accounts in installment agreement status 60 as described in the table below:

    If ... Then ...
    the NFTL was released revoke the release and file a new NFTL.
    there is no balance due on the taxpayer's correct return reinstate the installment agreement and waive the user fee. A new Collection Information Statement (CIS) is not required.
    there is an unpaid balance due on the taxpayer's correct return secure a new CIS and include all Bal Dues in the case resolution.

    Exception:

    A new CIS is not required if the CIS in the case file is less than 12 months old per IRM 5.15.1.1(4), Financial Analysis, Overview and Expectations.

    the taxpayer is required to file a return that has not been filed secure the return and follow guidance above as appropriate.
  2. Bal Due accounts could result from an additional assessment based on false withholding and/or credits on an identity theft return that causes the installment agreement to default.

    Example:

    A fraudulent refund from 2012 offsets to and partially pays a liability for 2011 in installment agreement status. An additional assessment is subsequently made on 2012 for the false withholding that defaults the installment agreement. Apply the procedures in the following table for this example in similar cases.

  3. See possible scenarios in the If/Then table below:

    If ... Then ...
    the taxpayer is not required to file for 2012 or there is no balance due on the 2012 return reinstate the 2011 module to installment agreement status and waive the user fee.
    the taxpayer owes for 2012 secure a new CIS and include all Bal Dues in the case resolution.

    Exception:

    A new CIS is not required if the CIS in the case file is less than 12 months old per IRM 5.15.1.1(4), Financial Analysis, Overview and Expectations.

    the taxpayer has not filed 2012 as required secure the return and follow guidance above as appropriate.
  4. Follow the procedures in the table below for Bal Due accounts resulting from an installment agreement that defaulted because of an assessment based on income earned by someone other than the taxpayer that was reported under the taxpayer's SSN.

    If ... Then ...
    all of the taxpayer's income was verified and reported with no balance due reinstate the installment agreement and waive the user fee.
    all of the taxpayer's income is verified, but has not been reported resulting in an additional balance due secure a new CIS and include all Bal Dues in the case resolution.

    Exception:

    A new CIS is not required if the CIS in the case file is less than 12 months old per IRM 5.15.1.1(4), Financial Analysis, Overview and Expectations.

Types of IMF Identity Theft

  1. For IRS purposes, the two types of IMF identity theft are:

    • non-tax related, and

    • tax related.

  2. In non-tax related identity theft:

    1. A taxpayer’s wallet, driver's license, social security number, or credit card may have been lost or stolen. However, if there is no indication that the lost or stolen information has been used inappropriately for tax purposes, then this is a case described as identity theft not related to tax administration.

    2. Individuals may self report an identity theft incident with no existing tax-related consequence by contacting the Identity Protection Specialized Unit (toll free 800-908-4490), and submitting an identity theft claim. The IRS will input an indicator (TC 971, AC 504) on their account, and future incidents related to tax administration will not require a claim to be submitted again.

    3. When any taxpayer needs assistance regarding non-tax related identity theft with no known tax administration impact, refer them to the Identity Protection Specialized Unit at 1-800-908-4490.

  3. The two types of IMF identity theft related to tax administration are as follows:

    1. An identity thief has used a taxpayer’s SSN and other Personally Identifiable Information (PII) for employment purposes.

      Example:

      A taxpayer may not be aware that someone in another state has used his SSN for the purposes of getting a job. When IRS records are matched against Social Security records, the IRS shows that the taxpayer has not reported that additional income earned by the identity thief on his tax return. The taxpayer may receive a notice or tax bill related to that additional unknown income or may even receive a notification of an audit to get the issue resolved. If the taxpayer is not required to file a tax return, there may be a Substitute for Return assessment based on the income earned by the identity thief.

    2. An identity thief has used a taxpayer’s SSN and other PII for fraudulent filing purposes.

      Example:

      A taxpayer may file her 2015 tax return on April 15, 2016. The IRS may reject the return because an unknown person has already filed a tax return under her SSN. The taxpayer will experience a delay in receiving her refund because the identity thief has already filed a fraudulent return and received a fraudulent refund using the unsuspecting taxpayer’s SSN.

    3. Continue to work all tax-related identity theft issues in your inventory that have an impact on tax administration and do not refer such a case to the Identity Protection Specialized Unit.

    Note:

    If you are contacted by a taxpayer who is a victim of identity theft, and there is no open case on the taxpayer, whether it is tax-related identity theft or non tax-related identity theft, refer the taxpayer to the Identity Protection Specialized Unit, 1-800-908-4490.

Standard IMF Tax Related Identity Theft Claim Requirements

  1. To reduce the burden on individual taxpayers, the IRS has established standard claim requirements for cases that involve identity theft.

  2. See IRM 5.1.28.8.2, Step 2 below to determine if an IDT claim is required. In addition, IRM 25.23.2.15, Identity Theft Claim - Overview, provides the claim policy for all operating divisions and functions.

  3. If required, request the Form 14039 ID Theft Affidavit when a taxpayer alleges that he or she was a victim of identity theft.

    Note:

    Form 14039 no longer requires the submission of additional information/documentation

  4. Establish a 30-day deadline for the taxpayer to submit a claim.

    Note:

    If the taxpayer states they previously provided the claim, check Document Viewer on the Accounts Management System (AMS) to see if the documentation was scanned into Correspondence Imaging System (CIS).

  5. Accept a claim from the taxpayer or someone who has power of attorney for the taxpayer pursuant to Form 2848Power of Attorney and Declaration of Representative.

When to Request Additional Information to Support Claim/Allegation of Identity Theft

  1. If unable to resolve the account by using internal information sources and/or by information already provided by the taxpayer, request additional information. Taxpayer information to substantiate identity theft may include:

    1. Authentication of Identity - A copy of a valid U.S. federal or state government-issued form of identification to authenticate identity.

      Example:

      Driver's License, State Identification Card, Social Security Card, Passport, etc.

      Note:

      This link provides a list of acceptable primary and secondary forms of identification: http://www.fedidcard.gov/viewdoc.aspx?id=109

    2. Evidence of Identity Theft - Police Report, or Form 14039 Identity Theft Affidavit

      Note:

      Form 14039 should only be requested when the taxpayer has not previously submitted the form or when the submitted form was illegible.

    3. Payor documents - such as W2 or 1099, utility bills, deeds, or other proof of residency.

Acknowledging and Handling Identity Theft Claim

  1. Follow the information in this table regarding acknowledging receipt of the taxpayer's claim/additional information:

    If Then
    the IDT claim is received in person no additional acknowledgement of receipt is needed.
    the IDT claim is not received in person acknowledge receipt within 30 days.
    receipt acknowledgement is sent in the mail be sure it is sent to the right address.

    Caution:

    The address on the Form 14039, Identity Theft Affidavit, may be different from the case address.

  2. A claim should be legible and accurately associated with the correct taxpayer. See IRM 25.23.9.7.1, Complete and Legible Documents, for guidance on determining if a claim is legible and complete.

  3. Apply stringent safeguards when storing and retaining a claim. Store the claim along with the case file.

  4. Secure and handle a claim and information in the same manner as other sensitive taxpayer personal information.

  5. See IRM 5.1.28.8.2 below for procedures to request input of TC 971, AC 522 PNDCLM.

  6. After receipt of the taxpayer's IDT claim, conduct research to verify the taxpayer's claim.

  7. If the IDT claim received is not complete or legible, but a determination can be made based on internal research, then proceed using the internal research results.

Making an Identity Theft Determination

  1. Employees assigned an identity theft case will treat the identity theft victim’s account as a whole, resolving all account issues.

  2. Perform research to determine the effect of the identity theft on all tax years. At a minimum, if applicable, review the three prior years and all subsequent tax years when analyzing the taxpayer's account.

  3. Rule out the following:

    1. A mixed entity that occurs when two or more returns post for the same period using the same TIN due to an error by the taxpayer, return preparer, or IRS.

    2. A scrambled SSN when the Social Security Administration assigns the same SSN to more than one taxpayer.

  4. Do not assume that the taxpayer filing the identity theft claim is the true owner of the SSN. Review the case and consider all information received and available through research to determine the legitimate taxpayer.

  5. Use all available research tools to determine the validity of the identity theft claim. Keep in mind that identity theft for employment purposes and identity theft for fraudulent filing purposes will require different research.

Validating Claim of Identity Theft for Fraudulent Filing Purposes

  1. The following is a list of the common research tools available to validate the claim. This list is not all inclusive:

    1. IDRS for prior and subsequent years for filing status, address, dependents claimed, and Schedules A/B/C/D/E/F information for comparison to the TC 150 return and any subsequent returns submitted.

    2. IRPTR for payer documents that may verify income, deductions, and address information reported.

    3. TRDBV for bank routing and preparer information that may be useful.

    4. IMFOLE, INOLES, and RTVUE are other research command codes available.

    5. Available locator sources.

  2. If additional clarification or information is needed, contact the taxpayer and request the information.

Validating Claim of Identity Theft for Employment Purposes

  1. The following is a list of suggested documents that can be secured from the employer that may help to verify a taxpayer’s claim of employment-related identity theft. The list is not all inclusive and not all documents will be necessary in every circumstance:

    1. Application for employment

    2. Form I-9 (IMMIGRATION), Employment Eligibility Verification

    3. Form W-4, Employer's Withholding Allowance Certificate

    4. Internal documents such as insurance forms

    5. Copies of cancelled pay checks with endorsement

    6. Copy of work photo badge or other employment photos

    7. Copy of the driver's license and Social Security card provided to gain employment

    8. Copy of work history with dates missed, location of actual work

    Caution:

    Before making a third party contact, confirm that Publication 1 with third party contact notice or a Letter 3164 was sent to the taxpayer. If not, follow the guidance in IRM 25.27.1, Third Party Contact Program.

  2. Consider the following when reviewing the documentation:

    1. Is the taxpayer’s address different from the unreported income employer’s records?

    2. Is the handwriting on the documents collected from the taxpayer and the unreported income employer’s records distinctly different?

    3. What is the distance from the taxpayer to employment location for the unreported income?

    4. Could the taxpayer have worked for both employers on the same dates?

    5. Do the photo identifications from the unreported income employer match that of the taxpayer?

  3. Research available locator sources.

  4. If additional clarification or information is needed, contact the taxpayer and request the information.

Identity Theft Case Resolution

  1. Resolve the case in an appropriate manner according to the following procedures depending on whether the:

    1. Taxpayer establishes that he/she was a victim of identity theft

    2. Service employee determines identity theft occurred

    3. Taxpayer does not establish that he/she was a victim of identity theft or

    4. Taxpayer committed identity theft.

  2. No matter how the case is resolved, if initial identity theft indicators were requested (TC 971 AC 522) or were already posted when the case was received, then closing identity theft indicators (TC 971 AC 501/506 or TC 972 AC 522) must be requested.

Individual Taxpayer Alleged Identity Theft vs. IRS Identified Identity Theft

  1. Identity theft can be alleged by the taxpayer or identified by an IRS employee.

  2. If an IDT claim is secured from the taxpayer, follow IRM 5.1.28.8.2, Individual Taxpayer Alleges Identity Theft, for inputting the appropriate TC 971 action codes.

  3. If an IDT claim is not secured from the taxpayer, follow IRM 5.1.28.8.3, IRS Identified Identity Theft, for inputting the appropriate TC 971 action codes.

Individual Taxpayer Alleges Identity Theft

  1. Instances of identity theft can either be alleged by the taxpayer, or other third party such as a taxpayer representative or bankruptcy trustee.

  2. Below are step-by-step instructions for inputting the identity theft transaction codes and preparing Form 3870, Request for Adjustment in instances of IMF taxpayer alleged identity theft.

    Note:

    For instructions in bankruptcy cases, see IRM 5.9.5, Opening a Bankruptcy Case.

    Step TC 971 Action Code Employee Actions Notes
    1 TC 971 AC 522 PNDCLM Request input of TC 971 AC 522 with source code PNDCLM using Form 4844 if the taxpayer alleges they did not earn income or did not file the return and has not yet provided an IDT claim and a PNDCLM is not already present on CC ENMOD. The Secondary Date field will reflect each tax year affected by identity theft. Use Form 4844 to request input of the TC 971 AC 522 PNDCLM (see example at Exhibit 5.1.28-1) Forward to Designated Identity Theft Adjustment (DITA). See IRM 5.1.28.8.4 (2) c. for DITA contact information.
    2   Review CC ENMOD to determine if the following conditions exist:
    1. There is a posted/unreversed TC 971 AC 501/ 506 or TC 971 AC 522 Source Code INCOME, MULTFL, INCMUL, NOFR, or OTHER and

    2. The posted transaction falls within a minimum of three prior years as described in IRM 25.23.9.6.3, and

    3. The allegation relates to a previously reported incident as described in IRM 25.23.2.15.1 (4).

    If above criteria is met, skip step 3. A claim is not required. If above criteria is not met, give the taxpayer a 30-day deadline to provide a claim.
     
    3 TC 971 AC 522 with source code
    • INCOME - income reported under taxpayer's SSN without their consent or knowledge

    • MULTFL - two or more returns filed under the same SSN for the same tax period

    • INCMUL - both INCOME and MULTFL apply

    • NOFR - taxpayer not required to file

    • OTHER - no other source code fits

    • UNWORK- IDT claim received but has not been resolved yet.

    Request input of TC 971 AC 522 with appropriate source code when a complete and legible claim is received from taxpayer. If taxpayer does not provide a claim by the deadline provided, then reverse the TC 971 AC 522 with TC 972 AC 522 source code NORPLY. Use Form 4844 to request input and forward to DITA per contact information at IRM 5.1.28.8.4(2) c. Continue with collection action following regular collection procedures.
    4   Conduct research to determine if identity theft occurred. See IRM 5.1.28.7.1 for fraudulent filing and IRM 5.1.28.7.2 for employment related identity theft claims. For example, check Accurint, IRPTR, etc. If a paper tax return was filed, compare the signature on tax return to the signature on Form 14039. To obtain a copy of the paper refund check, see http://mysbse.web.irs.gov/Collection/toolsprocesses/CollATAT/TechProc/1099OID/JobAids/27522.aspx. If after review it is determined that identity theft did not occur, reverse the TC 971 AC 522 with TC 972 AC 522 source code NOIDT. Use Form 4844 to request input and forward to DITA per contact information at IRM 5.1.28.8.4(2)c. See example of Form 4844 at Exhibit 5.1.28-2.
    5   Ensure taxpayer's address is updated to correct address. See IRM 25.23.2.7When to Update the Victim's Address.  
    6 TC 971 AC 501 Prepare Form 3870 to correct taxpayer’s account. Notate on Form 3870 to input TC 971 AC 501. TC 971 AC 501 is input when account has been corrected.
    7 TC 470 CC 90 Request input of TC 470 CC 90 if the module will be fully abated creating no remaining balance due.  
    8   If the taxpayer's case is fully resolved and no issues remain, send Letter 4222Field Collection Case Resolution, to victim prior to closing case on ICS.  

IRS Identified Identity Theft

  1. During the normal course of business, you may determine that identity theft occurred and the case is not yet resolved. In most instances, you will attempt to secure the IDT claim from the taxpayer .

  2. If you are unable to secure the IDT claim (for example, the taxpayer is deceased), or the taxpayer is unwilling to provide the IDT claim because they are receiving the benefit of the refund from the identity theft return, follow the procedures for IRS identified identity theft.

    Example:

    The refund due to the identity theft return was issued to the bankruptcy trustee. The trustee negotiated the check and applied it to debts of the taxpayer. Because the taxpayer received the benefit of a debt reduction due to the issuance of the refund on the identity theft return, the taxpayer may not want to provide the IDT claim.

    Step TC 971 Action Code Employee Actions Notes
    1 TC 971 AC 522 IRSID Request input of TC 971 AC 522 with source code IRSID using Form 4844 if an IRS employee determines identity theft occurred.

    Exception:

    TC 971 AC 522 IRSID is not used when an individual with an Individual Taxpayer Identification Number (ITIN) reports misusing an SSN belonging to someone else.

    The Secondary Date field will reflect each tax year affected by identity theft. Use Form 4844 to request input of the TC 971 AC 522 with source code IRSID and forward to DITA per contact information at IRM 5.1.28.8.4(2) c. for input.
    2   Ensure taxpayer's address is updated to correct address. See IRM 25.23.2.7, When to Update the Victim's Address.  
    3 TC 971 AC 506 Prepare Form 3870 to correct taxpayer’s account. Notate on Form 3870 to input TC 971 AC 506. TC 971 AC 506 is input when account has been corrected.
    4 TC 470 CC 90 Request input of TC 470 CC 90 if the module will be fully abated creating no remaining balance due.  
    5   If the taxpayer's case is fully resolved and no issues remain, send Letter 4222, Field Collection Case Resolution, to victim prior to closing case on ICS.  
  3. The function that completes the account adjustment and inputs the TC 971 AC 506 requested on Form 3870 will notify the taxpayer (victim), by letter, that someone may have attempted to use his or her SSN. This victim notification letter will include information about:

    • Identity theft prevention

    • Identity theft related resources

    • The identity theft indicator placed on his or her account

Form 3870 Preparation and Routing

  1. If it is determined that the individual taxpayer is a victim of identity theft, Form 3870, Request for Adjustment, is prepared to correct the victim’s account. The following guidelines should be followed when preparing Form 3870:

    1. Enter "Identity Theft" in Item 11.

    2. A nullity or fraudulent filing is a return that was not filed by the SSN owner. If the assessment is based on a fraudulent return, notate on the Form 3870 that it should be treated as a nullity. For more information on nullity returns see IRM 25.23.4.10, Nullifying Returns.

      Note:

      Form 1040 returns with Schedule C income see IRM 25.23.4.10.4, TIN-Related Problems for IRP Data, Refund Scheme or Schedule C, Case Processing.

    3. Include specific instructions on actions needed to correct the account. For example, state that TC 150 in amount of $XX is the return filed by the identity thief. Indicate if there are any estimated tax payments that were made by the victim-taxpayer that should remain on the account or if a refund generated by the identity theft return was offset to another tax liability.

    4. If the taxpayer has been assessed a frivolous return penalty under IRC Section 6702 based on the return filed under the taxpayer's social security number by an identity thief, notate on Form 3870 to abate the frivolous return penalty. The penalty can be identified by MFT 55 with penalty reference code 543. The tax period must be the same as the identity theft return. The penalty must be abated by the Frivolous Return Program (FRP). See (4) below.

    5. Indicate on Form 3870 if contact is needed when the adjustment is completed.

      Example:

      There is a balance due on the correct return secured from the taxpayer-victim and you will continue with collection actions after assessment. The function completing the adjustment will alert you when the adjustment is completed. A confirmation of account corrections will be sent via email. If email confirmation can not be completed due to an incorrect or missing email address, Form 3870 will be mailed back to the originator as confirmation.

    6. Attach the following documentation to Form 3870:
      - Copy of IDT claim . (Keep copies in the case file.)
      - Original return, if secured from victim-taxpayer (Keep a copy in the case file.)

      Exception:

      If the spouse is the identity theft victim, then process the joint return on Form 795/795A to Submission Processing.


      -NUMIDENT – (optional) CC MFTRAU

    7. Do not attach other IDRS prints.

    8. Request input of TC 971 AC 501 or AC 506 on Form 3870. The TC 971 will be input when the account is corrected.

    9. Forward Form 3870 to the appropriate function for adjustment based on type of assessment. See (2) below.

    10. Incomplete referrals will be rejected.

    11. To expedite Form 3870 notate "Expedite" at the top of the form per IRM 25.23.10.12.5 Post Function DITA Procedures.

  2. The completed Form 3870 will be routed based on the type of assessment that needs to be adjusted.

    1. Examination, Automated Under Reporter (AUR), SFR/ASFR assessments - for reconsideration prepare manual Form 3870 (Other template in ICS) and route to:
      Kansas City Service Center IDTVA
      333 W. Pershing Road
      Kansas City, MO. 64108
      MS 5050 P4
      Fax number (816) 499-7889
      Email: *W&I IDT:KC:SPEC-ACSS

    2. Identity Theft Return – a return filed under the taxpayer’s social security number by an identity thief. Prepare manual Form 3870 (OTHER template in ICS) and forward to DITA per contact information at IRM 5.1.28.8.4(2) c. below if there is not a subsequent Audit or AUR assessment. If an original return is attached to the Form 3870, then it must be mailed to DITA rather than faxed or sent electronically.

      Exception:

      For non-master file cases, forward the Form 3870 to the Accounts Management NMF team at:
      Philadelphia Campus, PAMC
      2970 Market St., Mail Stop BLN 3-J23, Team 408
      Philadelphia, PA 19104

    3. The contact information for the Designated Identity Theft Adjustment (DITA) team is as follows:

    Email Address Efax Number Mailing Address
    *SBSE CCS DITA 1–855–786–6575 Internal Revenue Service
    DITA Mail Stop 4-G20.500
    2970 Market St
    Philadelphia, PA 19104
  3. In cases involving employment related identity theft, also prepare Form 9409, IRS/SSA Wages Worksheet, to correct taxpayer wage records. Form 9409 includes the Social Security mailing address for the form.

    Note:

    Until Form 9409 is revised, if none of the Part B choices applies, write in the explanation.

  4. If the taxpayer has been assessed a frivolous return penalty under IRC Section 6702 based on the return filed under the taxpayer's social security number by an identity thief, the civil penalty must be abated by the Frivolous Return Program (FRP). The penalty can be identified by MFT 55 with penalty reference code 543. The tax period must be the same as the identity theft return. A copy of the Form 3870 that was prepared and sent based on the routing instructions in (2) above should be sent to the FRP at the following address:
    Ogden Compliance Services
    Attn: FRP, M/S 4450
    1973 N Rulon White Blvd
    Ogden, UT 84404

IMF Identity Theft Indicator Codes

  1. The Identity Protection Program developed and implemented identity theft indicator codes to centrally mark and track identity theft incidents. Each indicator is input as a Transaction Code (TC) with Action Code (AC) and displayed on Integrated Data Retrieval System (IDRS) command codes ENMOD and IMFOL with the definer "E" on the affected taxpayer's account.

  2. Request input or reversal of the identity theft transaction code according to the following procedures:

    1. When the identity theft victim is the secondary SSN on a joint account, the identity theft indicator is input on the secondary SSN. Identity theft indicators are not input on the primary SSN in these instances.

    2. If both the primary and secondary taxpayers are victims, place the indicators on both SSN’s.

Identity Theft Action Code Input Procedures
  1. Review CC ENMOD or IMFOLE for identity theft action codes.

  2. If a previous identity theft incident was substantiated, the taxpayer does not need to send in a claim in order to re-substantiate. See IRM 25.23.2.15.1, When to Request Additional Information to Support an Allegation of Identity Theft .

  3. Use Form 4844, Request for Terminal Action, to request input of the identity theft action code.

  4. Forward completed Form 4844 to the Designated Identity Theft Adjustment (DITA) for input.

Completion of Form 4844
  1. The IMF Identity Theft Action Code is input on the entity instead of being input to the applicable modules, so ensure that you follow these procedures to accurately complete Form 4844.

  2. Complete the applicable blocks of Form 4844 including the following:

    1. "SSN"

    2. "Name control"

    3. "MFT code"

      Note:

      Put "00" in "MFT" to indicate the entity.

    4. "Periods."

      Note:

      Put "0000" in "Periods" to indicate the entity.

    5. "Name of taxpayer"

    6. "Remarks"

  3. See IRM 5.1.28.8.5.3 for instructions to complete the miscellaneous fields on the form and IRM 5.1.28.8.5.5 for completing the "Remarks" block.

  4. See IRM 5.1.28.8.5.4 for instructions for entering the tax period ending date(s) in the Secondary Date (SECONDARY-DT) field.

Miscellaneous Fields
  1. The miscellaneous field has three parts:

    • BOD / Function (Business Operating Division / Function)

    • Program Name

    • Tax Administration Source (Tax Admin Source)

  2. Request input of the required miscellaneous field information in the "Miscellaneous Field Input" block of Form 4844.

  3. Use the following codes to complete the first two miscellaneous fields:

    1. BOD = "SBSE"

    2. Program Name = as applicable, enter "CFBALDUE" or "CFDELRET"

      Note:

      Use "CFBALDUE" for a combination Bal Due/Del Ret case.

  4. Use the codes displayed in the following table to complete the third miscellaneous field (Tax Admin Source):

    TC 971 AC 522 Tax Administration Source Codes
    Code Usage
    (1) PNDCLM The taxpayer makes an allegation of identity theft. The taxpayer has not yet provided the IDT claim as required by IRM 25.23.2.15Identity Theft Claims - Overview.
    (2) UNWORK Taxpayer IDT claim received but has not been resolved yet.
    (3) IRSID During the normal course of business, the IRS suspects identity theft occurred and the case is not yet resolved.
    (4) INCOME Acceptable IDT claim received from the taxpayer. Identity theft due to income reported under the taxpayer’s SSN without their consent or knowledge.
    (5) MULTFL Acceptable IDT claim received from the taxpayer. Identity theft due to two or more tax returns filed for the same tax period under the same SSN.
    (6) INCMUL Acceptable IDT claim received from the taxpayer. Identity theft due to both income reported under the taxpayer’s SSN without their consent or knowledge and multiple filings (INCOME and MULTFL apply).
    (7) NOFR Acceptable IDT claim received from the taxpayer. Identity theft due to the victim (rightful taxpayer) not having a filing requirement.
    (8) OTHER Acceptable IDT claim received from the taxpayer. Identity theft which cannot be identified as related to any existing Tax Administration Source types.
  5. No claim is required from the taxpayer if the taxpayer alleges identity theft and the following conditions exist:

    1. There is a posted unreversed TC 971 AC 501/506 or TC 971 AC 522 with Source Code INCOME, MULTFL, INCMUL, NOFR, or OTHER, and

    2. The posted transaction falls within a minimum of three prior years as described in IRM 25.23.10.12.2.3, Processing ID Theft Correspondence, and

    3. The allegation relates to a previously reported incident as described in IRM 25.23.2.15.1 (4), When to Request Additional Information to Support an Allegation of Identity Theft.

  6. If the taxpayer asserts identity theft and provides a claim at the same time, mark the account with only TC 971 AC 522 with the appropriate Tax Administration Source Code.

  7. Enter these codes into the miscellaneous field separated by a space.

    Example:

    When receiving a claim for an identity theft incident that has an income related tax administration impact for SB/SE Field Collection (FC) on a Del Ret case, enter the following in the miscellaneous field:

    Miscellaneous Field Input
    S B S E   C F D E L R E T   I N C O M E
Secondary Date Field
  1. Request input of the secondary date field information in the "Secondary Date Field" block of Form 4844.

  2. The secondary date (SECONDARY-DT>) will contain the tax year(s) that are affected by the identity theft. Use MMDDYYYY format of the tax year affected by the identity theft incident.

    Example:

    If a taxpayer substantiates identity theft and the impacted tax year is TY 2011, the SECONDARY-DT field input would be:

    Secondary Date Field Input
    1 2 3 1 2 0 1 1

    Example:

    If a taxpayer substantiates identity theft and the impacted tax years are TY 2011 and TY 2012, the SECONDARY-DT field input would be:

    Secondary Date Field Input
    1 2 3 1 2 0 1 1
    Secondary Date Field Input
    1 2 3 1 2 0 1 2
  3. Complete Form 4844, Request for Terminal Action, to request input of the identity theft action code and forward to DITA within 48 hours.

Remarks Block
  1. Include the following in "Remarks" of Form 4844, "Input TC 971 AC XXX under ENMOD."

  2. Enter any other key pertinent information about the case in the "Remarks" block.

    Example:

    "received valid Driver's License and affidavit"

Identity Theft Code TC 971 AC 522 Reversal Procedures (TC 972 AC 522)

  1. TC 972 AC 522 is used to close identity theft allegations when the IRS determines that identity theft has not occurred or in situations where the taxpayer fails to provide an identity theft claim as described in IRM 5.1.28.6.

  2. For effective identity theft case tracking and reporting, include the Administration Source Fields on Form 4844 when appropriate depending upon the facts and circumstances of the case. The following table provides the Source Codes, their descriptions and Secondary Date Fields needed for IDRS input of TC 972 AC 522.

    Term/Acronym Description: Administration Source Code Secondary Date Field
    Identity Theft has NOT occurred (NOIDT) In the course of resolving an identity theft issue, the employee assigned determines no identity theft occurred. Will match the tax year of the TC 971 522 PNDCLM or TC 971 AC 522 IRSID as applicable.
    The taxpayer did not provide supporting documents (NORPLY) This code is used to close a suspended case when the taxpayer fails to provide the requested IDT claim within the time specified by the employee assigned or the taxpayer is unable to be located. Will match the tax year of the TC 971 522 PNDCLM.

Identity Theft Code TC 971 AC 501 and AC 506 Reversal Procedures

  1. In some instances it may be necessary to reverse a TC 971 AC 501 or TC 971 AC 506 Identity Theft action code. Reversal may be necessary because of any of the following reasons:

    1. The taxpayer requests reversal.

    2. There was a keying or internal error in the input of the action code.

    3. The original identity theft claim was fraudulent.

    4. The action code has an internally identified negative affect on the taxpayer.

    5. There are other reasonable circumstances not listed above.

  2. Use Form 4844, Request for Terminal Action, to request the input of TC 972 with the action code 501 or 506.

  3. Complete the miscellaneous fields with any applicable, specific information for detailed reporting. The miscellaneous field has three parts:

    • BOD / Function (Business Operating Division / Function)

    • Program Name

    • Reason

  4. Request input of the required miscellaneous field information in the Miscellaneous Field Input block of Form 4844.

  5. Use the following codes to complete the first two miscellaneous fields:

    1. BOD = "SBSE"

    2. Program Name = as applicable, enter "CFBALDUE" or "CFDELRET"

      Note:

      Insert "CFBALDUE" if you have a combination Bal Due/Del Ret case.

  6. Use the codes displayed in the following table to complete the third miscellaneous field (Reason):

    Reason Field Codes and Descriptions
    Code Description
    (1) TPRQ Taxpayer Request:
    The taxpayer requests the 971 to be reversed. The taxpayer may feel that the issue has been resolved or it is no longer needed and is impacting him/her negatively.
    (2) IRSERR Keying Error or Other Internal Mistake:
    The 971 was due to a typographical mistake or another internal mistake and should be reversed.
    (3) IRSADM Internally Identified Negative Impact:
    The 971 is causing a negative impact on another internal process or system, and should be reversed to discontinue any negative impact.
    (4) FALSE Fraudulent Identity Theft Claim:
    The original identity theft incident claim was determined to be fraudulent.
    (5) OTHER Unclassified
  7. Complete the miscellaneous fields for TC 972 in the same format as for TC 971.

Secondary Date Field — TC 972
  1. The 972 will also use the SECONDARY-DT field to indicate which 971 will be reversed. When the 972 is applied, enter the tax year in the SECONDARY-DT field to designate the 971 that should be reversed.

  2. Use MMDDYYYY format of the tax year affected by the identity theft incident.

Taxpayer is Not a Victim of Identity Theft

  1. Do not manually block the case from levy if the assessment is not a result of identity theft.

  2. Follow normal collection procedures if the taxpayer does not establish he or she was a victim of identity theft.

  3. If a TC 971 transaction code was input, then request reversal using TC 972.

  4. Advise the taxpayer that the identity theft claim has not been substantiated.

  5. If the taxpayer requests to have their case reviewed by a supervisor, give the taxpayer the name, telephone number, and address of your group manager.

Taxpayer Committed Identity Theft for Purposes of Tax Evasion

  1. When indicators (badges) of fraud are uncovered, document the potential fraud indicators and initiate a discussion with your group manager. See IRM 25.1.2.3Indicators of Fraud, to help you recognize the signs of fraud.

    Note:

    An identity theft case referred to Criminal Investigation (CI) must have a tax or money laundering fraud/violation associated with it. Identity theft violations are not intended to be a stand alone violation IRM 9.5.5.2.4, Title 18 USC §1028 and 18 USC §1028A, Identity Theft.

  2. If your manager concurs there are indicators of fraud warranting fraud development, contact the local fraud technical advisor (FTA) to determine if the case should be developed further as a potential fraud case, see IRM 25.1.2.2, Fraud Development Procedures.

  3. A plan of action should be mutually developed between you, the FTA and the group manager to address the indicators of fraud present, see IRM 25.1.2.3(6), Indicators of Fraud - Conduct of Taxpayer.

  4. Once firm indicators of fraud have been established and the case meets criminal criteria, refer the case to CI, see IRM 25.1.8.9, Collection Case Disposition.

  5. If it is determined not to pursue a fraud referral, then correct the account as appropriate and follow normal collection procedures.

Compliance Against Persons Using Another Person’s SSN for Employment

  1. If someone using another person’s SSN for employment has unfiled returns and it does not rise to level of tax fraud, consider making an enforcement referral. See IRM 5.1.11.6.3, Enforcement Referrals - Individual Master File (IMF) Del Ret. If the taxpayer does not have an Individual Taxpayer Identification Number (ITIN), request an IRS Number (IRSN) using Form 9956, Request for Temporary IRSN.

  2. Consider making a referral to the Social Security Administration through Disclosure for the non-tax crime of misuse of an SSN. Disclosure to other federal agencies is permissible under IRC 6103(i)(3)(A). Only information that comes from a third party source will qualify as information that can be released under this statute. Contact the employers on IRP documents to secure employment related documents such as copies of Social Security cards, state photo identification, and Form W-9, Request for Taxpayer Identification Number and Certification. See the Disclosure Hot Topic Reporting Non-Tax Federal Crime and IRM 11.3.28.7.1, Disclosures of Return Information (Other than Taxpayer Return Information) Concerning Nontax Criminal Violations, for more information on these referrals.

  3. A taxpayer not eligible for an SSN must use an individual taxpayer identification number (ITIN) when filing his/her return.

  4. An employer cannot use an ITIN on a Form W-2, but must instead use the SSN that the taxpayer provided in order to obtain employment. A Form W-2 filed by an employer that reports all the necessary information for the employee with a stolen SSN that was provided by the employee is considered a valid information return. The fact that a Form W-2 contained the SSN of someone other than the employee is the return information of the employer and that fact alone may be disclosed to the employer.

    Note:

    This type of case should not be sent to either IDTVA or Fraud as the Internal Revenue Code recognizes these as legal returns.

  5. Once ITIN information is verified and it does not rise to the level of fraud, proceed with normal collection procedures.

Erroneous Identity Theft Refund Issued to Victim

  1. There are several situations in which the taxpayer/victim, through no fault of their own, may receive the benefit of the refund from the return filed by the identity thief.

    Example:

    The identity thief filed a return under the taxpayer-victim's SSN and the refund is offset to the taxpayer-victim's child support obligation, student loan, or other type of Treasury Offset Program offset.

    Example:

    In a bankruptcy case with a refund turnover order, the trustee received the refund check. It has already been applied to the debtor's bankruptcy case and disbursed to creditors in the bankruptcy plan. The check is not available to return.

  2. See IRM 21.4.5.11, How to Repay an Erroneous Refund or Return an Erroneous Refund Check or Direct Deposit, on returning erroneous refunds.

  3. If the taxpayer does not voluntarily return the refund, there are two remedies to recover the refund from the taxpayer/victim:

    1. Erroneous refund suit as authorized by IRC 7405

    2. Common law right of offset (Category D erroneous refund) – within two years from the date that refund was sent out

    3. See IRM 5.1.8.7.1.1.2, Unassessable Erroneous Refunds.

    Note:

    Any refunds offset through the Treasury Offset Program (TOP) will be recovered through the TOP reversal process so no other remedies need be pursued.

BMF Identity Theft

  1. BMF identity theft is defined as creating, using, or attempting to use business identifying information without authority to obtain tax benefits. See also IRM 25.23.9, BMF Identity Theft Processing: for general guidance for all employees working cases involving BMF identity theft.

  2. In the course of an investigation, the taxpayer may allege they are the victim of identity theft or other factors may point to BMF identity theft, such as:

    1. Fictitious business

    2. Business inactive during the period in question

    3. A third party established and operated the business using another individual's identifying information

  3. The taxpayer may not have been aware of the theft until contacted by the IRS.

Types of BMF Identity Theft

  1. Examples of BMF identity theft include the following,

    1. A fabricated Employer Identification Number (EIN) or the EIN of an active or inactive business entity in which an individual has no authority is used to file false Form 941/944 and or W-2 to support Forms 1040 filed with stolen SSNs to obtain refunds.

    2. Taxpayer’s name and SSN used by third party to establish and operate a business that files employment tax returns, but does not pay as the business operator attempts to evade the tax liability.

    3. Business tax return filed without using the EIN of an active or inactive business to claim a refundable credit (e.g., Form 1120, U.S. Corporation Income Tax Return, filed to claim fuel tax credit).

    4. Business tax return filed using an EIN obtained by using the name and SSN of another individual as the entity’s responsible party without the individual’s authorization, to obtain a fraudulent refund.

Research to Substantiate BMF Identity Theft

  1. Conduct sufficient research to substantiate the identity theft and rule out any other problematic issues, such as a mixed entity. A mixed entity occurs when two or more taxpayers file a tax return for the same period using the same TIN. This may not be identity theft and instead is the result of taxpayer error, return preparer error, or IRS processing error.

  2. Research the following on IDRS for the entity as appropriate,

    • NAMEE, INOLES

    • BMFOLE - reflects a cross reference (XREF) TIN/ITIN or SSN of the entity's responsible party

    • Cross reference EINs and SSNs, parent EIN, successor EIN

    • Filing requirements and filing history

    • Entity establishment date

    • Name/address changes

  3. Research IRPTR for documents filed by the

    • Business (including IRPTRI for Form W-2s filed)

    • Payers to the business

  4. Review returns filed using CC TRDBV, CC BRTVU, MEF/EUP, AMS

    Note:

    See Exhibit 5.1.28-5, Exhibit 5.1.28-6, and Exhibit 5.1.28-7 for more applicable IDRS research when the taxpayer maintains they never applied for an EIN, or when the entity is active or inactive.

  5. Research payment patterns on the Remittance Transaction Register (RTR) for existing payments or the lack of payments

  6. Review other sources as appropriate such as AMS history and/or Accurint

BMF Identity Theft Tracking Indicators

  1. BMF identity theft indicators are applied if ID theft is highly probable or the determination had been made that identity theft occurred AND the case is controlled into a ID Theft treatment stream.

  2. Review the accounts for prior ID Theft indicators before inputting the initial TC 971 AC 522. If the account is already marked with a TC 971 AC 522 IDTCLM, do not input a second code for the same MFT and tax period even if the initial TC 971 AC 522 IDTCLM reflects another BOD/Program.

  3. BMF Identity theft tracking indicators, unlike those used in IMF, are applied to all MFT’s and tax periods affected by identity theft. IPSO established three distinctive Tax Administrative Source Codes for BMF accounts:

    • TC 971 AC 522 IDTCLM, for the initial allegation or suspicion of identity theft prior to the taxpayer providing their identity theft claim.

    • TC 971 AC 522 IDTDOC, when the taxpayer provides a complete and legible identity theft claim.

    • TC 971 AC 522 CLSIDT, for BMF case resolved.

Completion of Form 4844

  1. Complete Form 4844, Request for Terminal Action, to request input of the identity theft codes and forward to DITA per contact information at IRM 5.1.28.8.4 (2) c.

  2. The BMF identity theft indicator is input to the MFT and Tax Period affected by the identity theft and will post to TXMOD and BMFOLT. See examples of completed Forms 4844 at Exhibit 5.1.28-3 and Exhibit 5.1.28-4.

  3. Complete the applicable blocks of Form 4844, including:

    1. EIN

    2. Name control

    3. MFT code

    4. Periods

    5. Name of taxpayer

Miscellaneous Field Input
  1. Complete the three parts of the miscellaneous field

    • BOD - "SB"

    • Program Name - "FC"

    • Tax Administration Source Code - either "IDTCLM" , "IDTDOC" , or "CLSIDT" .

      Example:

      SB FC IDTDOC

Secondary Date Field
  1. Complete the Secondary Date Field as follows:

    If requesting then the Secondary Date Field is the
    IDTCLM date of the taxpayer's allegation or, if you first recognized the taxpayer was the victim of identity theft, the date of that awareness.
    IDTDOC received date of the taxpayer's documents.
    CLSIDT date the identity theft issue was resolved.

Reversing Pending BMF Identity Theft Indicators

  1. If the taxpayer alleged identity theft, but internal research cannot substantiate the claim and the taxpayer has not provided the requested claim then complete Form 4844 to request TC 972 AC 522 with the Tax Administration Source Code NORPLY in the Miscellaneous Field Input with the BOD and Program Name.

    Example:

    SB FC NORPLY

  2. If you determine identity theft is not a factor in the case, then complete Form 4844 to request TC 972 AC 522 with the Tax Administration Source Code NOIDT in the Miscellaneous Field Input with the BOD and Program Name.

    Example:

    SB FC NOIDT

  3. Enter the Secondary Date of the TC 971 AC 522 being reversed.

BMF Taxpayer Identity Theft Claim

  1. In some instances, taxpayers must provide additional information to establish the fact that they are truly victims of identity theft. The Form 14039–B Business Identity Theft Affidavit, will be utilized to obtain additional information to support the ID theft claim. Refer to IRM 25.23.9.7Form 14039-B, BMF Identity Theft Affidavit, for additional information on when to send the form.

    Note:

    Form 14039–B is not available to the general public. It must be printed and mailed or otherwise provided to the taxpayer. The form must be signed and notarized to be considered complete.

  2. If unable to resolve the account by using internal information sources and/or by information already provided by the taxpayer, request additional information. Taxpayer information to substantiate identity theft may include:

    1. Authentication of Identity
      Individual - A copy of a valid U.S. federal or state government-issued form of identification to authenticate identity.

      Example:

      Driver's License, State Identification Card, Social Security Card, Passport, etc.

      Note:

      This link provides a list of acceptable primary and secondary forms of identification: http://www.fedidcard.gov/viewdoc.aspx?id=109


      Business - articles of incorporation, articles of organization, statement from director or officer on business letterhead, trust or estate document.

    2. Evidence of Identity Theft - Police Report, or Form 14039-B Identity Theft Affidavit

      Note:

      Form 14039-B should only be requested when the taxpayer has not previously submitted the form or when the submitted form was illegible.

    3. Evidence of business operation - copy of utility bill, invoice, mortgage or rent receipt or other similar documentation.

      Exception:

      Evidence of business operation is not needed if the taxpayer never requested or has no knowledge of an EIN.

    ,

  3. Establish a 30-day deadline for the taxpayer to submit a claim and suspend any collection activity.

  4. An identity theft claim can be accepted from the taxpayer or their representative with Power of Attorney Form 2848Power of Attorney and Declaration of Representative.

  5. Secure and handle the claim in the same manner as other sensitive taxpayer information. The documents must be retained with the closed case file.

  6. Acknowledge receipt of a complete and legible claim within 30 days unless the IDT claim is received in person.

  7. When the IDT claim/additional information have been verified as complete and legible, submit completed Form 4844 to request input of TC 971, AC 522, IDTDOC

BMF Identity Theft Case Actions

  1. The following subsections provide procedures for several BMF identity theft scenarios.

  2. For referrals made through the area identity theft liaison, see the My SB/SE, Collecting Taxes, Identity Theft page, Contacts, http://mysbse.web.irs.gov/collection/identitytheft/identitytheftcontacts/26478.aspx for liaison names and contact information.

  3. For individual victims of BMF related identity theft, see IRM 25.23.9.4.2, Individual Taxpayers Reporting to be Victims of Business-Related Identity Theft .

Form 941/944 Bal Dues

  1. When it is confirmed BMF identity theft occurred and the appropriate transaction codes have been requested, follow the steps in this table to address any refund(s) issued:

    If Then
    the Form 1040 refund(s) were issued and the perpetrator(s) can be identified develop a fraud referral and consult with CI before requesting any adjustment to the BMF Bal Due.
    the Form 1040 refund(s) were issued and the perpetrator(s) cannot be identified prepare Form 3870 to correct the BMF account and forward to DITA, see IRM 5.1.28.8.4 (2) c. for DITA contact information.
    the Form 1040 refund(s) were not issued or the bogus W-2s were not claimed on a Form 1040 prepare Form 3870 to correct the BMF account and forward to DITA.

    Exception:

    For non-master file cases, forward the Form 3870 to the Accounts Management NMF team at:
    Cincinnati Campus, CAMC
    201 W. Rivercenter Blvd., Stop 6111G, Team C103
    Covington, KY 41011

  2. If you have determined the EIN is fictitious and was established for the sole purpose of defrauding the government through the filing of individual and business false refund returns or income documents, see IRM 5.1.28.17 (2) below.

  3. If the Bal Due is the result of an IRS-CAWR or SSA-CAWR assessment (see IRM 5.1.15.7Combined Annual Wage Reconciliation (CAWR) Adjustments for more assessment identification information), then prepare Form 3870 to request abatement of the TC 290, attach all information supporting the determination including IDRS research and forward per Exhibit 5.1.15–3, State Mapping for IRS-CAWR and SSA-CAWR.

    Example:

    Complete Item 11 on Form 3870 as follows:
    IRS-CAWR abatement of tax
    Requested action: Abate TC 290, dated MM-DD-YYYY in the amount of $XX
    Justification: The EIN for this entity is fictitious and was used for the sole purpose of defrauding the government through the filing of false refund returns.
    Attached: IDRS research

  4. If the Bal Due is the result of an SFR assessment with a TC 300, then prepare Form 3870 to request abatement of TC 300.

    1. For TC 300 assessments with PC (Project Code) 0453, PBC (Primary Business Code) 296 on TXMOD, forward Form 3870 with all information supporting the determination attached to:
      Internal Revenue Service
      Attn: Team 205/Recon
      201 W. Rivercenter Blvd. Stop 8202G
      Covington, KY 41011

    2. For all other TC 300 assessments research TXMOD for the PBC (Primary Business Code), SBC (Secondary Business Code) and EGC (Employee Group Code) and locate the manager for the group on this link: http://mysbse.web.irs.gov/examination/mis/news/13006.aspx Forward Form 3870 with all information supporting the determination to the manager.

Researching Issued Refunds
  1. Access the following command codes when researching an issued refund to identify the perpetrator:

    1. IMFOL#/BMFOL# - for a paper check number and issue date

    2. IMFOBT - for IMF electronic refund routing and account number

    3. TRDBV- for the electronic refund routing and account number.

  2. Consult with your Fraud Technical Advisor and Area Counsel to determine the appropriate next steps to take.

  3. See IRM 25.5.6Summonses on Third Party Witnesses when summoning a financial institution for additional information on the refund.

BMF Bal Dues - Taxpayer's Name and SSN Used by Third Party

  1. When it is confirmed that BMF identity theft occurred, the appropriate transaction codes have been requested and the Bal Dues are for a business operated by a third party who established the business using a stolen SSN, first consult with Area Counsel.

  2. If, with Counsel's concurrence, the unpaid liabilities are to be moved to a new EIN, then secure a new EIN for the third party by preparing a “dummy” Form SS-4, Application for Employer Identification Number, and faxing it to the Cincinnati Accounts Management Campus at ≡ ≡ ≡ ≡ ≡ ≡ ≡ . This fax number is for Internal Use Only.

  3. Include your name, position, fax and phone number on the fax cover sheet.

  4. Prepare Form 12810Account Transfer Request, to transfer the assessment to the new EIN and forward to DITA to per contact information at IRM 5.1.28.8.4(2) c.

  5. Proceed with collection.

Business Tax Return Claiming Refundable Credit

  1. In a case involving a BMF refund for a refundable credit where identity theft has been confirmed, and the TC 971 AC 522 requested, take the appropriate actions in this table:

    If Then
    the refund was issued and the perpetrator can be identified contact the perpetrator and request the refund be returned
    the perpetrator refuses to return the refund prepare Form 3870 to request the "bad" return be backed out and the credit returned to the account and send the form to DITA. Pursue collection from the perpetrator using an alter-ego or nominee jeopardy levy. (See IRM 5.11.3, Jeopardy Levy without a Jeopardy Assessment, and IRM 5.17.14.6, Nominee and Alter Ego Doctrines.)
    the perpetrator can not be identified
    or
    the refund was not issued
    prepare Form 3870 to correct the account and send the form to DITA, see IRM 5.1.28.8.4(2) c. for DITA contact information.
  2. If the EIN on the return is determined to be fictitious, see IRM 5.1.28.17(2) below.

Form 14566, BMF Identity Theft Referral

  1. If you are unable to determine if an EIN is fictitious, you can send Form 14566, BMF Identity Theft Referral, through the area identity theft liaison to:

    1. Return Integrity and Compliance Services (RICS) and in the Actions Needed section of the form request that RICS provide information confirming if the EIN was used to file fraudulent returns or if RICS has already flagged the EIN as fabricated, bogus or abused. See IRM 25.23.9.8.2Referrals to Return Integrity and Compliance Services.

    2. Criminal Investigation (CI) and in the Actions Needed section of the form request that CI search their scheme listing. See IRM 25.23.9.8.3, Referrals to Criminal Investigation.

  2. If you have determined that the EIN is fictitious and was established for the sole purpose of defrauding the government through the filing of false refund returns, refer the EIN on Form 14566 through the area identity theft liaison to:

    1. RICS to include the EIN in their database to help prevent future misuse of the EIN. See IRM 25.23.9.8.2, Referrals to Return Integrity and Compliance Services.

    2. CI to notify them of the BMF identity theft determination. Also ask CI to advise if the filing requirements should be deleted. See IRM 25.23.9.8.3, Referrals to Criminal Investigation.

  3. With CI's concurrence, forward Form 14566 through the area liaison to Submission Processing to close the EIN (TC 020). See 25.23.9.8.4, Referrals to Lock the Account of an EIN Deemed Fabricated.

  4. If false income documents have been filed, forward Form 14566 through the area identity theft liaison to advise Combined Annual Wage Reporting (CAWR). See IRM 25.23.9.9, Referrals to Combined Annual Wage Reporting.

    Note:

    Any account adjustments should be requested prior to advising CAWR.

Manually Reversing TC 971 AC 522 IDTCLM or IDTDOC

  1. Manual reversal of the TC 971 AC 522 may be necessary due to error or negative effect on the taxpayer.

  2. Request input of TC 972 AC 522 via Form 4844 with the appropriate reversal code:

    1. IRSERR - keying or internal error when TC 971 AC 522 input

    2. IRSADM - internally identified negative effect of TC 971 AC 522 on taxpayer

    3. OTHER - any other reasonable circumstances

IMF Form 4844 Example Input of TC 971 AC 522 Pending Claim

This is an Image: 61662001.gif
 

Please click here for the text description of the image.

IMF Form 4844 Example Input of TC 972 AC 522 No Identity Theft

This is an Image: 61662002.gif
 

Please click here for the text description of the image.

BMF Form 4844 Example Input of TC 971 AC 522 Initial Allegation or Suspicion of Identity Theft

This is an Image: 61662003.gif
 

Please click here for the text description of the image.

BMF Form 4844 Example Input of TC 971 AC 522 Indicator Case Resolved

This is an Image: 61662004.gif
 

Please click here for the text description of the image.

IDRS Research - Taxpayer Never Applied for an EIN

Question Research
Are there any identity theft indicators already on the account? CC TXMOD/BMFOLT
Is the business owner a minor, nonfiler, elderly, deceased, an individual with an IMF identity theft indicator, etc.? CC INOLES, ENMOD
Is there a Form 941 filing requirement? CC BMFOLE
Were returns filed prior to the entity established date? CC TXMOD/BMFOLT
Were Forms 1040 refund returns filed using Form W-2? CC IMFOLI
For a sole proprietor, does the individual file a Schedule C with this EIN? CC TRDBV
Were payments made under the EIN? CC BMFOLP
Did other business entities report making payments to the business? CC IRPTRI

IDRS Research - Active Business

Question Research
Are there any identity theft indicators already on the account? CC TXMOD/BMFOLT
Any major changes in returns filed, amounts reported, refundable credits claimed from prior years? CC TXMOD/BMFOLT
Was there more than one submission of Forms W-2? CC BMFOLU
Recent change in address from previous returns filed? CC BRTVU/TRDBV
Is there an adjustment on the account, e.g., CAWR, Examination? CC TXMOD/BMFOLT
Is the preparer on the return in question different from the one used on prior year returns? CC TRDBV
Do the total payments posted on the IDRS module match those on the return? CC BRTVU/TRDBV

IDRS Research - Inactive Business

Question Research
Are there any identity theft indicators already on the account? CC TXMOD/BMFOLT
Was a final return filed? CC BMFOLE
Are there any open filing requirements? CC BMFOLE
Any major changes in returns filed, amounts reported, refundable credits claimed from prior years? CC TXMOD/BMFOLT
Was there a significant amount of inactivity prior to the filing? CC TXMOD/BMFOLT
Were Forms 1040 refund returns filed using Form W-2? CC IMFOLI
Were payments made under the EIN? CC BMFOLP