IRS Logo

5.1.28  Identity Theft for Collection Employees

Manual Transmittal

January 11, 2016

Purpose

(1) This transmits revised IRM 5.1.28, Field Collection Procedures, Identity Theft for Collection Employees.

Material Changes

(1) Updated throughout for references to new IRM 25.23.1, Identity Protection and Victim Assistance - Policy Guidance, IRM 25.23.2, Identity Protection and Victim Assistance - General Case Processing, and IRM 25.23.9, BMF Identity Theft Processing.

(2) IRM 5.1.28.2(3) added Note about certain identity theft cases that TAS will have the Identity Protection Specialized Unit (IPSU) work.

(3) IRM 5.1.28.3.4(3) added about the identity theft victim obtaining information from the Service.

(4) IRM 5.1.28.6.3(7) added to address when the substantiation documentation is not legible or complete, but an identity theft determination can be made based on internal research.

(5) IRM 5.1.28.8(2) added about closing identity theft indicators.

(6) IRM 5.1.28.8.2 deleted reference to source code NODCRQ.

(7) IRM 5.1.28.8.4 (1) f. added exception when the spouse is the identity theft victim.

(8) IRM 5.1.28.8.4(2) d. added exception for individual NMF Form 3870 processing.

(9) IRM 5.1.28.8.5.3 deleted reference to source code NODCRQ and renumbered list. New (5) added, previous (5) renumbered to (6) and previous (6) renumbered to (7).

(10) IRM 5.1.28.8.6(2) added use of NORPLY when the taxpayer is unable to be located.

(11) IRM 5.1.28.9(5) added to address when the taxpayer requests review of a no identity theft determination.

(12) IRM 5.1.28.14.1.2(1) change to Secondary Date Field for CLSIDT.

(13) IRM 5.1.28.16 (3) added IRM reference for individual victim of BMF identity theft.

(14) IRM 5.1.28.16.1(1) added exception for business NMF Form 3870 processing.

(15) IRM 5.1.28.16.1 added new (3) and (4) with procedures for Form 3870 requesting CAWR and SFR abatement when EIN determined to be fictitious. Guidance for Form 14566, BMF Identity Theft Referral, moved to IRM 5.1.28.17.

(16) IRM 5.1.28.16.3 added additional procedures for refundable credit cases when the identity thief refuses to return the refundable credit refund.

(17) IRM 5.1.28.17 added with direction for Form 14566, BMF Identity Theft Referral, revised and previously at 5.1.28.16.1(2), (3), and (4), and 5.1.28.16.3(2), (3), (4).

(18) IRM 5.1.28.17 renumbered to 5.1.28.18

(19) Editorial and formatting changes made throughout.

Effect on Other Documents

IRM 5.1.28, dated 05/15/2014 is superseded. This IRM incorporates Interim Guidance Memoranda SBSE-05-1015-0080, Reissuance of Interim Guidance: Identity Theft Indicator Codes, dated December 24, 2015, and SBSE-05-0515-0040, BMF Identity Theft Adjustment, dated May 21, 2015.

Audience

The target audience is revenue officers and other collection caseworkers in SB/SE Collection.

Effective Date

(01-11-2016)

Kristen E. Bailey
Director, Collection Policy
Small Business/Self-Employed

5.1.28.1  (01-11-2016)
Overview

  1. IMF identity theft occurs when someone uses an individual's personal information, such as their name, Social Security Number (SSN) or other identifying information, without permission, to commit fraud or other crimes.

  2. BMF identity theft occurs when business identifying information is created, used, or attempted to be used, without authority, to obtain tax benefits.

  3. Refer to

    • IRM 25.23.1, Identity Protection and Victim Assistance - Policy Guidance

    • IRM 25.23.2, Identity Protection and Victim Assistance - General Case Processing

    • IRM 25.23.9, BMF Identity Theft Processing

    for servicewide guidance and information about the Identity Protection Program and Victim Assistance including the specific policies and procedures aimed at preventing identity theft, protecting taxpayers and providing assistance to victims of identity theft.

  4. This IRM provides Field Collection and other SB/SE Collection caseworkers with procedures for working IMF and BMF identity theft cases.

5.1.28.2  (01-11-2016)
Taxpayer Interaction

  1. Taxpayers who have experienced identity theft are already victims, either emotionally and/or financially. Be aware of that fact and handle the contact with an additional level of sensitivity and understanding.

  2. In addition to providing the taxpayer with courteous service, educate the taxpayer about how to protect themselves and where to find additional information. Advise them to do the following:

    • Contact the Federal Trade Commission (FTC) Identity Theft Hotline;

    • Contact the Social Security Administration (SSA);

    • File a report with their local or state police;

    • Contact their state Attorney General's office;

    • Contact one of the three major credit bureaus: Equifax, Experian, or TransUnion;

    • File Form 14039, Identity Theft Affidavit with the IRS;

    • Review Publication 4535, Identity Theft Prevention and Victim Assistance; and

    • Review the IRS website, http://www.irs.gov/, Keyword "Identity Theft" or "ID Theft."

  3. Refer taxpayers claiming financial hardship as a result of a tax-related identity theft issue to the Taxpayer Advocate Service (TAS) when TAS criteria is met, see IRM 13.1.7, Taxpayer Advocate Case Procedures, Taxpayer Advocate Service (TAS) Case Criteria, and the taxpayer's issues cannot be resolved the same day. The definition of "same day" is within 24 hours. "Same day" cases include cases that can be completely resolved in 24 hours as well as cases in which you have taken steps to begin resolving the taxpayer's issues. Do not refer same day cases to TAS unless the taxpayer asks to be transferred to TAS and the case meets TAS criteria, see IRM 13.1.7.4, Same Day Resolution by Operations. Use Form 911, Request for Taxpayer Advocate Service Assistance (And Application for Taxpayer Assistance Order), to refer cases meeting the criteria to TAS. If the taxpayer requests to contact TAS directly, advise the taxpayer to call 1-877-777-4778 toll-free, or go to http://www.taxpayeradvocate.irs.gov/.

    Note:

    Certain cases may be worked by the Identity Protection Specialized Unit rather than TAS. For more details see IRM 13.1.16.9.7, Criteria 5-7 Identity Theft Cases Eligible for Referral to Identity Protection Specialized Unit (IPSU).

5.1.28.3  (05-15-2014)
Identity Theft and Disclosure

  1. IRC 6103(a) provides that tax returns and tax return information are confidential and are not to be disclosed except as authorized. See IRM 5.1.22, Field Collecting Procedures, Disclosure.

5.1.28.3.1  (05-15-2014)
Tax Return Filed

  1. Per IRC 6103(b)(1) –“Return” means any tax or information return, declaration of estimated tax, or claim for refund required by, or provided for or permitted under, the provisions of this title which is filed with the Secretary by, on behalf of, or with respect to any person, and any amendment or supplement thereto, including supporting schedules, attachments, or lists which are supplemental to, or part of, the return so filed.

  2. An income tax return fabricated by an identity thief is not a valid return. The return is not signed by the taxpayer in whose name the return is filed and it lacks a valid signature.

  3. A Form W-2, Wage and Tax Statement, fabricated by an identity thief and attached to an invalid income tax return is also invalid.

  4. A Form W-2 filed by an employer that reports all the necessary information for the employee with a stolen SSN provided by the employee is a valid return. The valid form reflects an employment relationship and is covered by IRC 6103(b)(1).

5.1.28.3.2  (05-15-2014)
Tax Return Information - Refund Fraud

  1. Per IRC 6103(b)(2) “Return information” means a taxpayer’s identity, the nature, source, or amount of his income, payments, receipts, deductions, exemptions, credits, assets, liabilities, net worth, tax liability, tax withheld, deficiencies, over assessments, or tax payments, whether the taxpayer’s return was, is being, or will be examined or subject to other investigation or processing, or any other data, received by, recorded by, prepared by, furnished to, or collected by the Secretary with respect to a return or with respect to the determination of the existence, or possible existence, of liability (or the amount thereof) of any person under this title for any tax, penalty, interest, fine, forfeiture, or other imposition, or offense.

  2. The information reported by an identity thief on a return is considered return information under IRC 6103(b)(2)(A).

5.1.28.3.3  (05-15-2014)
Information Return Information - Forms W-2 and 1099

  1. The return information on Forms W-2 and 1099 with a stolen SSN is the return information of both the employer who filed it and the employee/individual who used the SSN for employment.

  2. Also see IRM 11.3.2.4.1.1, Identity Theft and Access to Information Returns, regarding disclosing information from Form W-2 and Form 1099.

5.1.28.3.4  (01-11-2016)
Victim Disclosure

  1. Information used by the Service to determine the victim's tax liability is return information and can be disclosed to the victim. This includes information related to the original assessment that was based on the Form 1040, Form W-2, or Form 1099 filed under the victim’s SSN.

    Caution:

    Do not disclose the identity or location of the identity thief to the taxpayer.

  2. Information not used by the Service to determine the victim’s tax liability, including information about the Service’s investigation of the person who misuses the victim’s SSN, is not the return information of the victim and may not be disclosed to the victim.

  3. An identity theft victim may obtain from the Service a copy of the "bad return" and other return information associated with the processing of the "bad return" filed by the identity thief if the disclosure will not seriously impair federal tax administration. Information about the Service’s investigation is not the return information of the victim and may not be disclosed to the victim. Instructions for taxpayers to request a copy are available on IRS.gov, https://www.irs.gov/Individuals/Instructions-for-Requesting-Copy-of-Fraudulent-Returns.

5.1.28.3.5  (05-15-2014)
Employer Disclosure

  1. An incorrect SSN on a Form W-2 is employer return information; however, any information about the investigation of the use/theft of the SSN or the person who used the SSN for employment cannot be disclosed to the employer.

5.1.28.4  (05-15-2014)
Collection Activity in Identity Theft Cases

  1. When the taxpayer contacted claims to be a victim of identity theft and substantiation documentation has not been received, a release of any levy in effect is not warranted unless an economic hardship situation exists.

  2. When the taxpayer contacted claims to be a victim of identity theft and substantiation documentation has been received, release any levy in effect only for the tax modules affected by the identity theft.

  3. If there is a balance due not attributable to identity theft, then collection activities, including the appropriate use of enforced collection action, are not prohibited when a taxpayer has established that he/she was a victim of identity theft.
    However,

    1. Be sensitive to the adverse impact that being a victim of identity theft may have upon a taxpayer and his or her ability to pay.

    2. Consider temporarily suspending the account until the identity theft incident is resolved in cases where you determine the identity theft will have an adverse impact on the taxpayer’s ability to pay.

      Caution:

      Ensure collection activities are taken only on balance due modules not attributable to identify theft.

5.1.28.4.1  (05-15-2014)
Assessment is Result of Identity Theft

  1. If the taxpayer is a victim of identity theft, review the case history for any outstanding enforcement activity that may need to be addressed, e.g., levies, liens, and bankruptcy claims.

  2. Cases in inventory will not be systemically blocked from automated levy action. Manually block the case from levy by requesting the appropriate IDRS input if the assessment is a result of identity theft.

  3. See IRM 5.12.11.2.1, Identity Theft and Liens, for additional procedures regarding Notices of Federal Tax Lien.

  4. See IRM 5.9.5.12, Identity Theft (IDT), for additional procedures regarding taxpayers in bankruptcy.

5.1.28.4.1.1  (05-15-2014)
Returning Levied Property in Cases of Identity Theft

  1. See IRM 5.11.2.3.6, Levy Releases in Cases of Identity Theft, for guidance on returning levied property to persons other than the taxpayer. The levy of an asset belonging to someone other than the person against whom the tax was assessed is called a wrongful levy. The authority to return wrongful levy payments is provided in IRC 6343(b), which limits the return of money to the period of time within nine months of the levy issuance.

    Example:

    Taxpayer has balance due. Another person is using the taxpayer's SSN for employment and the other person’s wages are levied. The levy payments may only be returned within nine months of levy issuance.

  2. The time frame for returning levied property to the taxpayer is different. In this case, we have an assessment against the taxpayer and have levied against the taxpayer. Under our normal operating procedures, when we learn that the return that was filed was not the taxpayer’s return, we will remove (back out) the return and the erroneous refund that went to the thief. The taxpayer’s account will have a zero liability and a credit balance equal to the amount of levy proceeds. Because the assessment and levy were for the taxpayer/victim, rather than an assessment for a taxpayer and a levy on a third party, the nine month wrongful levy statute does not apply. If the victim is coming in to request the levy proceeds while the Refund Statute Expiration Date (RSED) is open, we can return the funds. If you have cases where the taxpayer comes in more than two years after the payment, counsel would need to consider whether there is another legal theory that would support returning the proceeds to the taxpayer/victim.

    Example:

    An identity thief has filed a return in the taxpayer’s name and the taxpayer did not have a filing obligation. The taxpayer was unaware that they were a victim of identity theft. In the interim, the identity theft return either was audited or reviewed and there is an assessed balance on the victim’s account that IRS is attempting to collect (defaulted deficiency or summary assessment of overstated withholding). IRS uses its levy authority to collect against the assessment by levying the taxpayer. Sometime later the victim comes forward and informs IRS of the identity theft. The Service applies the normal period of limitation rules for claiming credits or refunds in determining if the proceeds may be returned to the taxpayer. The nine-month period for a third party to recover property wrongfully levied is not applicable.

5.1.28.4.1.2  (05-15-2014)
Returning Accounts to Currently not Collectible Status

  1. Accounts previously reported currently not collectible, unable to pay, may be reactivated when the taxpayer is the victim of stolen identity refund fraud.

    Example:

    Fraudulent refund from a 2012 return offsets to Bal Due for 2011 reported currently not collectible (CNC). The total positive income (TPI) on the 2012 return is above the CNC closing code and the 2011 Bal Due is reactivated.

  2. See possible scenarios in the If/Then table below.

    If ... Then ...
    the taxpayer is not required to file for 2012 or
    the TPI on the taxpayer's correct 2012 return is below the CNC closing code amount
    return the 2011 module to CNC status without securing a new Collection Information Statement (CIS).
    the TPI on the taxpayer's correct 2012 return is above the CNC closing code amount secure a new CIS and make a new collectibility determination.
    the taxpayer owes on the correct 2012 return secure a new CIS and include all Bal Dues in case resolution.

    Exception:

    A new CIS is not required if the conditions of IRM 5.16.1.3.3, Cases Reported Currently Not Collectible Based Upon a Prior Form 53, are met.

    the taxpayer has not filed 2012 as required secure return and follow guidance above as appropriate.
  3. When the fraudulent refund offsets to the module in CNC, but does not full pay it and the TPI on the identity theft return is below the CNC closing code, the CNC module is not reactivated. If the TPI on the taxpayer's correct return is above the CNC closing code, the CNC module will be reactivated when the correct return is assessed.

  4. For Bal Dues resulting from the reversal of a fraudulent refund that full paid an account in CNC, follow the procedures in this table:

    If Then
    an NFTL was released revoke the release and file a new NFTL after the erroneous refund is reversed.
    the taxpayer does not have a filing requirement for subsequent tax years
    or the TPI on subsequent year's returns is below the CNC closing code
    do not secure a new CIS
    and reinstate the module(s) to CNC status.
    the TPI on the taxpayer's correct return is above the CNC closing code
    and/or the taxpayer owes on the correct return
    secure a new CIS and include all Bal Dues in the case resolution.

    Exception:

    A new CIS is not required if the conditions of IRM 5.16.1.3.3, Cases Reported Currently Not Collectible Based Upon a Prior Form 53, are met.

  5. For a Bal Due reversed out of CNC status when the taxpayer is a victim of employment related identity theft and the addition of the unreported income increases the TPI to greater than the CNC closing code, verify the taxpayer's income and if the taxpayer's income is,

    1. Less than the CNC closing code, then do not secure a new CIS and return the module to CNC status.

    2. Greater than the CNC closing code, then secure a new CIS unless the CIS in the case file is less than 12 months old.

5.1.28.4.1.3  (05-15-2014)
Returning Accounts to Installment Agreement Status

  1. Work Bal Due accounts resulting from the reversal of fraudulent refunds that full paid accounts in installment agreement status 60 as described in the table below.

    If ... Then ...
    the NFTL was released revoke the release and file a new NFTL.
    there is no balance due on the taxpayer's correct return reinstate the installment agreement and waive the user fee. A new Collection Information Statement (CIS) is not required.
    there is an unpaid balance due on the taxpayer's correct return secure a new CIS and include all Bal Dues in the case resolution.

    Exception:

    A new CIS is not required if the CIS in the case file is less than 12 months old per IRM 5.15.1.1(4), Financial Analysis, Overview and Expectations.

    the taxpayer is required to file a return that has not been filed secure the return and follow guidance above as appropriate.
  2. Bal Due accounts could result from an additional assessment based on false withholding and/or credits on an identity theft return that causes the installment agreement to default.

    Example:

    A fraudulent refund from 2012 offsets to and partially pays a liability for 2011 in installment agreement status. An additional assessment is subsequently made on 2012 for the false withholding that defaults the installment agreement. Apply the procedures in the following table for this example in similar cases.

  3. See possible scenarios in the If/Then table below.

    If ... Then ...
    the taxpayer is not required to file for 2012 or there is no balance due on the 2012 return reinstate the 2011 module to installment agreement status and waive the user fee.
    the taxpayer owes for 2012 secure a new CIS and include all Bal Dues in the case resolution.

    Exception:

    A new CIS is not required if the CIS in the case file is less than 12 months old per IRM 5.15.1.1(4), Financial Analysis, Overview and Expectations.

    the taxpayer has not filed 2012 as required secure the return and follow guidance above as appropriate.
  4. Follow the procedures in the table below for Bal Due accounts resulting from an installment agreement that defaulted because of an assessment based on income earned by someone other than the taxpayer that was reported under the taxpayer's SSN.

    If ... Then ...
    all of the taxpayer's income was verified and reported with no balance due reinstate the installment agreement and waive the user fee.
    all of the taxpayer's income is verified, but has not been reported resulting in an additional balance due secure a new CIS and include all Bal Dues in the case resolution.

    Exception:

    A new CIS is not required if the CIS in the case file is less than 12 months old per IRM 5.15.1.1(4), Financial Analysis, Overview and Expectations.

5.1.28.5  (05-15-2014)
Types of IMF Identity Theft

  1. For IRS purposes, the two types of IMF identity theft are:

    • non-tax related, and

    • tax related.

  2. In non-tax related identity theft

    1. A taxpayer’s wallet, driver's license, social security number, or credit card may have been lost or stolen. However, if there is no indication that the lost or stolen information has been used inappropriately for tax purposes, then this is a case described as identity theft not related to tax administration.

    2. Individuals may self report an identity theft incident with no existing tax-related consequence by contacting the Identity Protection Specialized Unit (toll free 800-908-4490), and submitting identity theft substantiation documentation. The IRS will input an indicator (TC 971, AC 504) on their account, and future incidents related to tax administration will not require substantiation documentation to be submitted again.

    3. When any taxpayer needs assistance regarding non-tax related identity theft with no known tax administration impact, refer them to the Identity Protection Specialized Unit at 1-800-908-4490.

  3. The two types of IMF identity theft related to tax administration are as follows:

    1. An identity thief has used a taxpayer’s SSN and other Personally Identifiable Information (PII) for employment purposes.

      Example:

      A taxpayer may not be aware that someone in another state has used his SSN for the purposes of getting a job. When IRS records are matched against Social Security records, the IRS shows that the taxpayer has not reported that additional income earned by the identity thief on his tax return. The taxpayer may receive a notice or tax bill related to that additional unknown income or may even receive a notification of an audit to get the issue resolved. If the taxpayer is not required to file a tax return, there may be a Substitute for Return assessment based on the income earned by the identity thief.

    2. An identity thief has used a taxpayer’s SSN and other PII for fraudulent filing purposes.

      Example:

      A taxpayer may file her 2011 tax return on April 15, 2012. The IRS may reject the return because an unknown person has already filed a tax return under her SSN. The taxpayer will experience a delay in receiving her refund because the identity thief has already filed a fraudulent return and received a fraudulent refund using the unsuspecting taxpayer’s SSN.

    3. Continue to work all tax-related identity theft issues in your inventory that have an impact on tax administration and do not refer such a case to the Identity Protection Specialized Unit.

    Note:

    If you are contacted by a taxpayer who is a victim of identity theft, and there is no open case on the taxpayer, whether it is tax-related identity theft or non tax-related identity theft, refer the taxpayer to the Identity Protection Specialized Unit, 1-800-908-4490.

5.1.28.6  (01-11-2016)
Standard IMF Tax Related Identity Theft Documentation Requirements

  1. To reduce the burden on individual taxpayers, the IRS has established standard documentation requirements for cases that involve identity theft.

  2. See IRM 5.1.28.8.2, Step 2 below to determine if substantiation documentation is required. In addition, IRM 25.23.2.18, Identity Theft Supporting Documentation - Overview, provides the documentation policy for all operating divisions and functions.

  3. If required, request the following documentation when a taxpayer alleges that he or she was a victim of identity theft:

    • Authentication of identity, and

    • Evidence of identity theft

  4. Establish a 30 day deadline for the taxpayer to submit substantiation documentation.

    Note:

    If the taxpayer states they previously provided the documentation, check Document Viewer on the Accounts Management System (AMS) to see if the documentation was scanned into Correspondence Imaging System (CIS).

  5. Accept substantiation documentation from the taxpayer or someone who has power of attorney for the taxpayer pursuant to Form 2848, Power of Attorney and Declaration of Representative.

5.1.28.6.1  (05-15-2014)
Authentication of Identity

  1. Secure a copy of a valid U.S. federal or state government-issued form of identification to authenticate identity.

    Example:

    Driver's License, State Identification Card, Social Security Card, Passport, etc.

    Note:

    This link provides a list of acceptable primary and secondary forms of identification: http://www.fedidcard.gov/viewdoc.aspx?id=109

5.1.28.6.2  (05-15-2014)
Evidence of Identity Theft

  1. Secure a copy of one of the following as evidence of identity theft:

    • Police Report, or

    • Form 14039, Identity Theft Affidavit

5.1.28.6.3  (01-11-2016)
Acknowledging and Handling Substantiation Documentation

  1. Follow the information in this table regarding acknowledging receipt of the taxpayer's substantiation documentation.

    If Then
    the substantiation documentation is received in person no additional acknowledgement of receipt is needed.
    the substantiation documentation is not received in person acknowledge receipt within 30 days.
    receipt acknowledgement is sent in the mail be sure it is sent to the right address.

    Caution:

    The address on the Form 14039, Identity Theft Affidavit, may be different from the case address.

  2. Substantiation documentation should be legible and accurately associated with the correct taxpayer. See IRM 25.23.2.18.2, Complete and Legible Documents, for guidance on determining if substantiation documentation is legible and complete.

  3. Apply stringent safeguards when storing and retaining substantiation documentation. Store the substantiation documentation along with the case file.

  4. Secure and handle substantiation documentation and information in the same manner as other sensitive taxpayer personal information.

  5. See IRM 5.1.28.8.2 below for procedures to request input of TC 971, AC 522 PNDCLM.

  6. After receipt of the taxpayer's substantiation documentation, conduct research to verify the taxpayer's claim.

  7. If the documentation received is not complete or legible, but a determination can be made based on internal research, then proceed using the internal research results.

5.1.28.7  (05-15-2014)
Making an Identity Theft Determination

  1. Employees assigned an identity theft case will treat the identity theft victim’s account as a whole, resolving all account issues.

  2. Perform research to determine the effect of the identity theft on all tax years. At a minimum, if applicable, review the three prior years and all subsequent tax years when analyzing the taxpayer's account.

  3. Rule out the following,

    1. A mixed entity that occurs when two or more returns post for the same period using the same TIN due to an error by the taxpayer, return preparer, or IRS.

    2. A scrambled SSN when the Social Security Administration assigns the same SSN to more than one taxpayer.

  4. Do not assume that the taxpayer filing the identity theft documentation is the true owner of the SSN. Review the case and consider all information received and available through research to determine the legitimate taxpayer.

  5. Use all available research tools to determine the validity of the identity theft claim. Keep in mind that identity theft for employment purposes and identity theft for fraudulent filing purposes will require different research.

5.1.28.7.1  (05-15-2014)
Validating Claim of Identity Theft for Fraudulent Filing Purposes

  1. The following is a list of the common research tools available to validate the claim. This list is not all inclusive.

    1. IDRS for prior and subsequent years for filing status, address, dependents claimed, and Schedules A/B/C/D/E/F information for comparison to the TC 150 return and any subsequent returns submitted.

    2. IRPTR for payer documents that may verify income, deductions, and address information reported.

    3. TRDBV for bank routing and preparer information that may be useful.

    4. IMFOLE, INOLES, and RTVUE are other research command codes available.

    5. Available locator sources

  2. If additional clarification or information is needed, contact the taxpayer and request the information.

5.1.28.7.2  (01-11-2016)
Validating Claim of Identity Theft for Employment Purposes

  1. The following is a list of suggested documents that can be secured from the employer that may help to verify a taxpayer’s claim of employment related identity theft. The list is not all inclusive and not all documents will be necessary in every circumstance.

    1. Application for employment

    2. Form I-9 (IMMIGRATION), Employment Eligibility Verification

    3. Form W-4, Employer's Withholding Allowance Certificate

    4. Internal documents such as insurance forms

    5. Copies of cancelled pay checks with endorsement

    6. Copy of work photo badge or other employment photos

    7. Copy of the driver's license and Social Security card provided to gain employment

    8. Copy of work history with dates missed, location of actual work

    Caution:

    Before making a third party contact, confirm that Publication 1 with third party contact notice or a Letter 3164 was sent to the taxpayer. If not, follow the guidance in IRM 25.27.1, Third Party Contact Program.

  2. Consider the following when reviewing the documentation:

    1. Is the taxpayer’s address different from the unreported income employer’s records?

    2. Is the handwriting on the documents collected from the taxpayer and the unreported income employer’s records distinctly different?

    3. What is the distance from the taxpayer to employment location for the unreported income?

    4. Could the taxpayer have worked for both employers on the same dates?

    5. Do the photo identifications from the unreported income employer match that of the taxpayer?

  3. Research available locator sources.

  4. If additional clarification or information is needed, contact the taxpayer and request the information.

5.1.28.8  (01-11-2016)
Identity Theft Case Resolution

  1. Resolve the case in an appropriate manner according to the following procedures depending on whether the:

    1. Taxpayer establishes that he/she was a victim of identity theft,

    2. Service employee determines identity theft occurred,

    3. Taxpayer does not establish that he/she was a victim of identity theft, or

    4. Taxpayer committed identity theft.

  2. No matter how the case is resolved, if initial identity theft indicators were requested (TC 971 AC 522) or were already posted when the case was received, then closing identity theft indicators (TC 971 AC 501/506 or TC 972 AC 522) must be requested.

5.1.28.8.1  (05-15-2014)
Individual Taxpayer Alleged Identity Theft vs. IRS Identified Identity Theft

  1. Identity theft can be alleged by the taxpayer or identified by an IRS employee.

  2. If substantiation documentation is secured from the taxpayer, follow IRM 5.1.28.8.2, Individual Taxpayer Alleges Identity Theft, for inputting the appropriate TC 971 action codes.

  3. If substantiation documentation is not secured from the taxpayer, follow IRM 5.1.28.8.3, IRS Identified Identity Theft, for inputting the appropriate TC 971 action codes.

5.1.28.8.2  (01-11-2016)
Individual Taxpayer Alleges Identity Theft

  1. Instances of identity theft can either be alleged by the taxpayer, or other third party such as a taxpayer representative or bankruptcy trustee.

  2. Below are step-by-step instructions for inputting the identity theft transaction codes and preparing Form 3870, Request for Adjustment, in instances of IMF taxpayer alleged identity theft.

    Note:

    For instructions in bankruptcy cases, see IRM 5.9.5, Opening a Bankruptcy Case.

    Step TC 971 Action Code Employee Actions Notes
    1 TC 971 AC 522 PNDCLM Request input of TC 971 AC 522 with source code PNDCLM using Form 4844 if the taxpayer alleges they did not earn income or did not file the return and has not yet provided supporting documentation and a PNDCLM is not already present on CC ENMOD. The Secondary Date field will reflect each tax year affected by identity theft. Use Form 4844 to request input of the TC 971 AC 522 PNDCLM (see example at Exhibit 5.1.28-1) Forward to Designated Identity Theft Adjustment (DITA). See IRM 5.1.28.8.4 (2) e. for DITA contact information.
    2   Review CC ENMOD to determine if the following conditions exist:
    1. There is a posted/unreversed TC 971 AC 501/ 506 or TC 971 AC 522 Source Code INCOME, MULTFL, INCMUL, NOFR, or OTHER and

    2. The posted transaction falls within the three year period as described in IRM 25.23.2.18(11), and

    3. The allegation relates to a previously reported incident as described in IRM 25.23.2.18(10).

    If above criteria is met, skip step 3. Substantiation documentation is not required. If above criteria is not met, give the taxpayer a 30 day deadline to provide substantiation documentation.
     
    3 TC 971 AC 522 with source code
    • INCOME - income reported under taxpayer's SSN without their consent or knowledge

    • MULTFL - two or more returns filed under the same SSN for the same tax period

    • INCMUL - both INCOME and MULTFL apply

    • NOFR - taxpayer not required to file

    • OTHER - no other source code fits

    Request input of TC 971 AC 522 with appropriate source code when complete and legible substantiation documentation is received from taxpayer. If taxpayer does not provide documentation by the deadline provided, then reverse the TC 971 AC 522 with TC 972 AC 522 source code NORPLY. Use Form 4844 to request input and forward to DITA per contact information at IRM 5.1.28.8.4(2) e. Continue with collection action following regular collection procedures.
    4   Conduct research to determine if identity theft occurred. See IRM 5.1.28.7.1 for fraudulent filing and IRM 5.1.28.7.2 for employment related identity theft claims. For example, check Accurint, IRPTR, etc. If a paper tax return was filed, compare the signature on tax return to the signature on Form 14039. To obtain a copy of the paper refund check, see http://mysbse.web.irs.gov/Collection/toolsprocesses/CollATAT/TechProc/1099OID/JobAids/27522.aspx. If after review it is determined that identity theft did not occur, reverse the TC 971 AC 522 with TC 972 AC 522 source code NOIDT. Use Form 4844 to request input and forward to DITA per contact information at IRM 5.1.28.8.4(2) e. See example of Form 4844 at Exhibit 5.1.28-2.
    5   Ensure taxpayer's address is updated to correct address. See IRM 25.23.2.8, When to Update the Victim's Address.  
    6 TC 971 AC 501 Prepare Form 3870 to correct taxpayer’s account. Notate on Form 3870 to input TC 971 AC 501. TC 971 AC 501 is input when account has been corrected.
    7 TC 470 CC 90 Request input of TC 470 CC 90 if the module will be fully abated creating no remaining balance due.  
    8   If the taxpayer's case is fully resolved and no issues remain, send Letter 4222, Field Collection Case Resolution, to victim prior to closing case on ICS.  

5.1.28.8.3  (05-15-2014)
IRS Identified Identity Theft

  1. During the normal course of business, you may determine that identity theft occurred and the case is not yet resolved. In most instances, you will attempt to secure the substantiation documentation from the taxpayer (evidence of identity theft and authentication of identity).

  2. If you are unable to secure the substantiation documentation (for example, the taxpayer is deceased), or the taxpayer is unwilling to provide the substantiation documentation because they are receiving the benefit of the refund from the identity theft return, follow the procedures for IRS identified identity theft.

    Example:

    The refund due to the identity theft return was issued to the bankruptcy trustee. The trustee negotiated the check and applied it to debts of the taxpayer. Because the taxpayer received the benefit of a debt reduction due to the issuance of the refund on the identity theft return, the taxpayer may not want to provide the substantiation documentation.

    Step TC 971 Action Code Employee Actions Notes
    1 TC 971 AC 522 IRSID Request input of TC 971 AC 522 with source code IRSID using Form 4844 if an IRS employee determines identity theft occurred.

    Exception:

    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    The Secondary Date field will reflect each tax year affected by identity theft. Use Form 4844 to request input of the TC 971 AC 522 with source code IRSID and forward to DITA per contact information at IRM 5.1.28.8.4(2) e. for input.
    2   Ensure taxpayer's address is updated to correct address. See IRM 25.23.2.8, When to Update the Victim's Address.  
    3 TC 971 AC 506 Prepare Form 3870 to correct taxpayer’s account. Notate on Form 3870 to input TC 971 AC 506. TC 971 AC 506 is input when account has been corrected.
    4 TC 470 CC 90 Request input of TC 470 CC 90 if the module will be fully abated creating no remaining balance due.  
    5   If the taxpayer's case is fully resolved and no issues remain, send Letter 4222, Field Collection Case Resolution, to victim prior to closing case on ICS.  
  3. The function that completes the account adjustment and inputs the TC 971 AC 506 requested on Form 3870 will notify the taxpayer (victim), by letter, that someone may have attempted to use his or her SSN. This victim notification letter will include information about:

    • Identity theft prevention

    • Identity theft related resources

    • The identity theft indicator placed on his or her account

5.1.28.8.4  (01-11-2016)
Form 3870 Preparation and Routing

  1. If it is determined that the individual taxpayer is a victim of identity theft, Form 3870, Request for Adjustment, is prepared to correct the victim’s account. The following guidelines should be followed when preparing Form 3870,

    1. Enter "Identity Theft" in Item 11.

    2. A nullity or fraudulent filing is a return that was not filed by the SSN owner. If the assessment is based on a fraudulent return, notate on the Form 3870 that it should be treated as a nullity. For more information on nullity returns see IRM 4.19.24.1.3.6, Preliminary Research on Fraudulent Filing (Nullity Returns).

      Note:

      Form 1040 returns with Schedule C income can only be treated as a nullity post-refund.

    3. Include specific instructions on actions needed to correct the account. For example, state that TC 150 in amount of $XX is the return filed by the identity thief. Indicate if there are any estimated tax payments that were made by the victim-taxpayer that should remain on the account or if a refund generated by the identity theft return was offset to another tax liability.

    4. If the taxpayer has been assessed a frivolous return penalty under IRC Section 6702 based on the return filed under the taxpayer's social security number by an identity thief, notate on Form 3870 to abate the frivolous return penalty. The penalty can be identified by MFT 55 with penalty reference code 543. The tax period must be the same as the identity theft return. The penalty must be abated by the Frivolous Return Program (FRP). See (4) below.

    5. Indicate on Form 3870 if contact is needed when the adjustment is completed.

      Example:

      There is a balance due on the correct return secured from the taxpayer-victim and you will continue with collection actions after assessment. The function completing the adjustment will alert you when the adjustment is completed. A confirmation of account corrections will be sent via email. If email confirmation can not be completed due to an incorrect or missing email address, Form 3870 will be mailed back to the originator as confirmation.

    6. Attach the following documentation to Form 3870:
      - Copy of substantiation documentation (evidence of identity theft and authentication of identity). (Keep copies in the case file.)
      - Original return, if secured from victim-taxpayer (Keep a copy in the case file.)

      Exception:

      If the spouse is the identity theft victim, then process the joint return on Form 795/795A to Submission Processing.


      -NUMIDENT – (optional) CC MFTRAU

    7. Do not attach other IDRS prints.

    8. Request input of TC 971 AC 501 or AC 506 on Form 3870. The TC 971 will be input when the account is corrected.

    9. Forward Form 3870 to the appropriate function for adjustment based on type of assessment. See (2) and (3) below.

    10. Incomplete referrals will be rejected.

    11. To expedite Form 3870 notate "Expedite" at the top of the form per IRM 4.19.24.1.2.1(3), Field Referrals to DITA.

  2. The completed Form 3870 is routed based on the type of assessment that needs to be adjusted.

    1. Examination assessment - for reconsideration prepare Form 3870 and route based on Exhibits 4.13.7–3, Routing of Area Office Reconsideration Requests and 4.13.7–4, Central Reconsideration Unit (CRU) Addresses. This includes a return filed under the taxpayer’s social security number by an identity thief and a subsequent audit assessment made by Examination.

      Note:

      The Primary Business Code (PBC) and Employee Group Code (ECG) used to route the case can be found on TXMOD under the TC 420 DLN.

    2. Automated Under Reporter (AUR) assessment - for reconsideration prepare Form 3870 and route based on Exhibit 4.13.7–6, Addresses for AUR Reconsideration Requests. This includes a return filed under the taxpayer’s social security number by an identity thief and a subsequent AUR assessment.

      Note:

      AUR assessments have a TC 290 preceded by a TC 922. The originating campus can be determined from the 1st two digits of the TC 922 DLN.

    3. SFR/ASFR Assessment (Brookhaven/Fresno) - Prepare Form 3870 and route based on IRM 5.1.15.4.4, Substitute for Return (SFR) Reconsiderations and IRM 5.1.15.4.5, Automated Substitute for Return (ASFR) Reconsideration. See this link for mailing addresseshttp://mysbse.web.irs.gov/Collection/toolsprocesses/CaseRes/adj/send/Recons/JobAids/18018.aspx.

    4. Identity Theft Return – a return filed under the taxpayer’s social security number by an identity thief. Prepare manual Form 3870 (OTHER template in ICS) and forward to DITA per contact information at IRM 5.1.28.8.4(2) e. below if there is not a subsequent Audit or AUR assessment. If an original return is attached to the Form 3870, then it must be mailed to DITA rather than faxed or sent electronically.

      Exception:

      For non-master file cases, forward the Form 3870 to the Accounts Management NMF team at:
      Philadelphia Campus, PAMC
      2970 Market St., Mail Stop BLN 3-J23, Team 408
      Philadelphia, PA 19104

    5. The contact information for the Designated Identity Theft Adjustment (DITA) team is as follows:

    Email Address Efax Number Mailing Address
    *SBSE CCS DITA 1–855–786–6575 Internal Revenue Service
    DITA Mail Stop 4-G20.500
    2970 Market St
    Philadelphia, PA 19104
  3. In cases involving employment related identity theft, also prepare Form 9409, IRS/SSA Wages Worksheet, to correct taxpayer wage records. Form 9409 includes the Social Security mailing address for the form.

    Note:

    Until Form 9409 is revised, if none of the Part B choices applies, write in the explanation.

  4. If the taxpayer has been assessed a frivolous return penalty under IRC Section 6702 based on the return filed under the taxpayer's social security number by an identity thief, the civil penalty must be abated by the Frivolous Return Program (FRP). The penalty can be identified by MFT 55 with penalty reference code 543. The tax period must be the same as the identity theft return. A copy of the Form 3870 that was prepared and sent based on the routing instructions in (2) above should be sent to the FRP at the following address:
    Ogden Compliance Services
    Attn: FRP, M/S 4450
    1973 N Rulon White Blvd
    Ogden, UT 84404

5.1.28.8.5  (05-15-2014)
IMF Identity Theft Indicator Codes

  1. The Identity Protection Program developed and implemented identity theft indicator codes to centrally mark and track identity theft incidents. Each indicator is input as a Transaction Code (TC) with Action Code (AC) and displayed on Integrated Data Retrieval System (IDRS) command codes ENMOD and IMFOL with the definer "E" on the affected taxpayer's account.

  2. Request input or reversal of the identity theft transaction code according to the following procedures.

    Note:

    ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

5.1.28.8.5.1  (05-15-2014)
Identity Theft Action Code Input Procedures

  1. Review CC ENMOD or IMFOLE for identity theft action codes.

  2. If a previous identity theft incident was substantiated, the taxpayer does not need to send in substantiation documentation in order to re-substantiate. See IRM 25.23.2.18.1, When to Request Identity Theft Supporting Documentation.

  3. Use Form 4844, Request for Terminal Action, to request input of the identity theft action code.

  4. Forward completed Form 4844 to the Designated Identity Theft Adjustment (DITA) for input.

5.1.28.8.5.2  (05-15-2014)
Completion of Form 4844

  1. The IMF Identity Theft Action Code is input on the entity instead of being input to the applicable modules, so ensure that you follow these procedures to accurately complete Form 4844.

  2. Complete the applicable blocks of Form 4844 including the following:

    1. "SSN"

    2. "Name control"

    3. "MFT code"

      Note:

      Put "00" in "MFT" to indicate the entity.

    4. "Periods."

      Note:

      Put "0000" in "Periods" to indicate the entity.

    5. "Name of taxpayer"

    6. "Remarks"

  3. See IRM 5.1.28.8.5.3 for instructions to complete the miscellaneous fields on the form and IRM 5.1.28.8.5.5 for completing the "Remarks" block.

  4. See IRM 5.1.28.8.5.4 for instructions for entering the tax period ending date(s) in the Secondary Date (SECONDARY-DT) field.

5.1.28.8.5.3  (01-11-2016)
Miscellaneous Fields

  1. The miscellaneous field has three parts:

    • BOD / Function (Business Operating Division / Function)

    • Program Name

    • Tax Administration Source (Tax Admin Source)

  2. Request input of the required miscellaneous field information in the "Miscellaneous Field Input" block of Form 4844.

  3. Use the following codes to complete the first two miscellaneous fields:

    1. BOD = "SBSE"

    2. Program Name = as applicable, enter "CFBALDUE" or "CFDELRET"

      Note:

      Use "CFBALDUE" for a combination Bal Due/Del Ret case.

  4. Use the codes displayed in the following table to complete the third miscellaneous field (Tax Admin Source):

    TC 971 AC 522 Tax Administration Source Codes
    Code Usage
    (1) PNDCLM The taxpayer makes an allegation of identity theft. The taxpayer has not yet provided supporting documentation (Form 14039 or police report and personal identification) as required by IRM 25.23.2.18, Identity Theft Supporting Documentation - Overview.
    (2) IRSID During the normal course of business, the IRS suspects identity theft occurred and the case is not yet resolved.
    (3) INCOME Acceptable substantiation documentation received from the taxpayer. Identity theft due to income reported under the taxpayer’s SSN without their consent or knowledge.
    (4) MULTFL Acceptable substantiation documentation received from the taxpayer. Identity theft due to two or more tax returns filed for the same tax period under the same SSN.
    (5) INCMUL Acceptable substantiation documentation received from the taxpayer. Identity theft due to both income reported under the taxpayer’s SSN without their consent or knowledge and multiple filings (INCOME and MULTFL apply).
    (6) NOFR Acceptable substantiation documentation received from the taxpayer. Identity theft due to the victim (rightful taxpayer) not having a filing requirement.
    (7) OTHER Acceptable substantiation documentation received from the taxpayer. Identity theft which cannot be identified as related to any existing Tax Administration Source types.
  5. No documentation is required from the taxpayer if the taxpayer alleges identity theft and the following conditions exist:

    1. There is a posted unreversed TC 971 AC 501/506 or TC 971 AC 522 with Source Code INCOME, MULTFL, INCMUL, NOFR, or OTHER, and

    2. The posted transaction falls within the three years period as described in IRM 25.23.2.18(11), Identity Theft Supporting Documentation - Overview, and

    3. The allegation relates to a previously reported incident as described in IRM 25.23.2.18(10), Identity Theft Supporting Documentation - Overview.

  6. If the taxpayer asserts identity theft and provides substantiation documentation at the same time, mark the account with only TC 971 AC 522 with the appropriate Tax Administration Source Code.

  7. Enter these codes into the miscellaneous field separated by a space.

    Example:

    When receiving substantiation documentation for an identity theft incident that has an income related tax administration impact for SB/SE Field Collection (FC) on a Del Ret case, enter the following in the miscellaneous field:

    Miscellaneous Field Input
    S B S E   C F D E L R E T   I N C O M E

5.1.28.8.5.4  (05-15-2014)
Secondary Date Field

  1. Request input of the secondary date field information in the "Secondary Date Field" block of Form 4844.

  2. The secondary date (SECONDARY-DT>) will contain the tax year(s) that are affected by the identity theft. Use MMDDYYYY format of the tax year affected by the identity theft incident.

    Example:

    If a taxpayer substantiates identity theft and the impacted tax year is TY 2011, the SECONDARY-DT field input would be:

    Secondary Date Field Input
    1 2 3 1 2 0 1 1

    Example:

    If a taxpayer substantiates identity theft and the impacted tax years are TY 2011 and TY 2012, the SECONDARY-DT field input would be:

    Secondary Date Field Input
    1 2 3 1 2 0 1 1
    Secondary Date Field Input
    1 2 3 1 2 0 1 2
  3. Complete Form 4844, Request for Terminal Action, to request input of the identity theft action code and forward to DITA within 48 hours.

5.1.28.8.5.5  (05-15-2014)
Remarks Block

  1. Include the following in "Remarks" of Form 4844"Input TC 971 AC XXX under ENMOD."

  2. Enter any other key pertinent information about the case in the "Remarks" block.

    Example:

    "received valid Driver's License and affidavit"

5.1.28.8.6  (01-11-2016)
Identity Theft Code TC 971 AC 522 Reversal Procedures (TC 972 AC 522)

  1. TC 972 AC 522 is used to close identity theft allegations when the IRS determines that identity theft has not occurred or in situations where the taxpayer fails to provide identity theft supporting documents as described in IRM 5.1.28.6.

  2. For effective identity theft case tracking and reporting, include the Administration Source Fields on Form 4844 when appropriate depending upon the facts and circumstances of the case. The following table provides the Source Codes, their descriptions and Secondary Date Fields needed for IDRS input of TC 972 AC 522.

    Term/Acronym Description: Administration Source Code Secondary Date Field
    Identity Theft has NOT occurred (NOIDT) In the course of resolving an identity theft issue, the employee assigned determines no identity theft occurred. Will match the tax year of the TC 971 522 PNDCLM or TC 971 AC 522 IRSID as applicable.
    The taxpayer did not provide supporting documents (NORPLY) This code is used to close a suspended case when the taxpayer fails to provide the requested supporting documentation within the time specified by the employee assigned or the taxpayer is unable to be located. Will match the tax year of the TC 971 522 PNDCLM.

5.1.28.8.7  (05-15-2014)
Identity Theft Code TC 971 AC 501 and AC 506 Reversal Procedures

  1. In some instances it may be necessary to reverse a TC 971 AC 501 or TC 971 AC 506 Identity Theft action code. Reversal may be necessary because of any of the following reasons:

    1. The taxpayer requests reversal.

    2. There was a keying or internal error in the input of the action code.

    3. The original identity theft claim was fraudulent.

    4. The action code has an internally identified negative affect on the taxpayer.

    5. There are other reasonable circumstances not listed above.

  2. Use Form 4844, Request for Terminal Action, to request the input of TC 972 with the action code 501 or 506.

  3. Complete the miscellaneous fields with any applicable, specific information for detailed reporting. The miscellaneous field has three parts:

    • BOD / Function (Business Operating Division / Function)

    • Program Name

    • Reason

  4. Request input of the required miscellaneous field information in the Miscellaneous Field Input block of Form 4844.

  5. Use the following codes to complete the first two miscellaneous fields:

    1. BOD = "SBSE"

    2. Program Name = as applicable, enter "CFBALDUE" or "CFDELRET"

      Note:

      Insert "CFBALDUE" if you have a combination Bal Due/Del Ret case.

  6. Use the codes displayed in the following table to complete the third miscellaneous field (Reason):

    Reason Field Codes and Descriptions
    Code Description
    (1) TPRQ Taxpayer Request:
    The taxpayer requests the 971 to be reversed. The taxpayer may feel that the issue has been resolved or it is no longer needed and is impacting him/her negatively.
    (2) IRSERR Keying Error or Other Internal Mistake:
    The 971 was due to a typographical mistake or another internal mistake and should be reversed.
    (3) IRSADM Internally Identified Negative Impact:
    The 971 is causing a negative impact on another internal process or system, and should be reversed to discontinue any negative impact.
    (4) FALSE Fraudulent Identity Theft Claim:
    The original identity theft incident claim was determined to be fraudulent.
    (5) OTHER Unclassified
  7. Complete the miscellaneous fields for TC 972 in the same format as for TC 971.

5.1.28.8.7.1  (05-15-2014)
Secondary Date Field — TC 972

  1. The 972 will also use the SECONDARY-DT field to indicate which 971 will be reversed. When the 972 is applied, enter the tax year in the SECONDARY-DT field to designate the 971 that should be reversed.

  2. Use MMDDYYYY format of the tax year affected by the identity theft incident.

5.1.28.9  (01-11-2016)
Taxpayer is Not a Victim of Identity Theft

  1. Do not manually block the case from levy if the assessment is not a result of identity theft.

  2. Follow normal collection procedures if the taxpayer does not establish he or she was a victim of identity theft.

  3. If a TC 971 transaction code was input, then request reversal using TC 972.

  4. Advise the taxpayer that the identity theft claim has not been substantiated.

  5. If the taxpayer requests to have their case reviewed by a supervisor, give the taxpayer the name, telephone number, and address of your group manager.

5.1.28.10  (05-15-2014)
Taxpayer Committed Identity Theft for Purposes of Tax Evasion

  1. When indicators (badges) of fraud are uncovered, document the potential fraud indicators and initiate a discussion with your group manager.

    Note:

    An identity theft case referred to Criminal Investigation (CI) must have a tax or money laundering fraud/violation associated with it. Identity theft violations are not intended to be a stand alone violation (IRM 9.5.5.2.4, Title 18 USC §1028 and 18 USC §1028A, Identity Theft).

  2. If your manager concurs there are indicators of fraud warranting fraud development, contact the local fraud technical advisor (FTA) to determine if the case should be developed further as a potential fraud case, see IRM 25.1.2.2, Fraud Development Procedures.

  3. A plan of action should be mutually developed between you, the FTA and the group manager to address the indicators of fraud present, see IRM 25.1.2.3(6), Indicators of Fraud - Conduct of Taxpayer.

  4. Once firm indicators of fraud have been established and the case meets criminal criteria, refer the case to CI, see IRM 25.1.8.9, Collection Case Disposition.

  5. If it is determined not to pursue a fraud referral, then correct the account as appropriate and follow normal collection procedures.

5.1.28.11  (05-15-2014)
Compliance Against Persons Using Another Person’s SSN for Employment

  1. If someone using another person’s SSN for employment has unfiled returns and it does not rise to level of tax fraud, consider making an enforcement referral. See IRM 5.1.11.6.3, Enforcement Referrals - Individual Master File (IMF) Del Ret. If the taxpayer does not have an Individual Taxpayer Identification Number (ITIN), request an IRS Number (IRSN) using Form 9956, Request for Temporary SSN.

  2. Consider making a referral to the Social Security Administration through Disclosure for the non-tax crime of misuse of an SSN. Disclosure to other federal agencies is permissible under IRC 6103(i)(3)(A). Only information that comes from a third party source will qualify as information that can be released under this statute. Contact the employers on IRP documents to secure employment related documents such as copies of Social Security cards, state photo identification, and Form W-9, Request for Taxpayer Identification Number and Certification. See the Disclosure Hot Topic Reporting Non-Tax Federal Crime and IRM 11.3.28.7.1, Disclosures of Return Information (Other than Taxpayer Return Information) Concerning Nontax Criminal Violations, for more information on these referrals.

  3. A Form W-2 filed by an employer that reports all the necessary information for the employee with a stolen SSN that was provided by the employee is considered a valid return. The fact that a Form W-2 contained the SSN of someone other than the employee is the return information of the employer and that fact alone may be disclosed to the employer.

5.1.28.12  (05-15-2014)
Erroneous Identity Theft Refund Issued to Victim

  1. There are several situations in which the taxpayer-victim, through no fault of their own, may receive the benefit of the refund from the return filed by the identity thief.

    Example:

    The identity thief filed a return under the taxpayer-victim's SSN and the refund is offset to the taxpayer-victim's child support obligation, student loan, or other type of Treasury Offset Program offset.

    Example:

    In a bankruptcy case with a refund turnover order, the trustee received the refund check. It has already been applied to the debtor's bankruptcy case and disbursed to creditors in the bankruptcy plan. The check is not available to return.

  2. See IRM 21.4.5.11, How to Repay an Erroneous Refund or Return an Erroneous Refund Check or Direct Deposit, on returning erroneous refunds.

  3. If the taxpayer does not voluntarily return the refund, there are two remedies to recover the refund from the taxpayer-victim:

    1. Erroneous refund suit as authorized by IRC 7405

    2. Common law right of offset (Category D erroneous refund) – within two years from the date that refund was sent out

    3. See IRM 5.1.8.7.1.1.2, Unassessable Erroneous Refunds.

    Note:

    Any refunds offset through the Treasury Offset Program (TOP) will be recovered through the TOP reversal process so no other remedies need be pursued.

5.1.28.13  (01-11-2016)
BMF Identity Theft

  1. BMF identity theft is defined as creating, using, or attempting to use business identifying information without authority to obtain tax benefits. See also IRM 25.23.9, BMF Identity Theft Processing, for general guidance for all employees working cases involving BMF identity theft.

  2. In the course of an investigation, the taxpayer may allege they are the victim of identity theft or other factors may point to BMF identity theft, such as,

    1. Fictitious business

    2. Business inactive during the period in question

    3. A third party established and operated the business using another individual's identifying information

  3. The taxpayer may not have been aware of the theft until contacted by the IRS.

5.1.28.13.1  (05-15-2014)
Types of BMF Identity Theft

  1. Examples of BMF identity theft include the following,

    1. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    2. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    3. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

    4. ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡

5.1.28.13.2  (05-15-2014)
Research to Substantiate BMF Identity Theft

  1. Conduct sufficient research to substantiate the identity theft and rule out any other problematic issues, such as a mixed entity. A mixed entity occurs when two or more taxpayers file a tax return for the same period using the same TIN. This may not be identity theft and instead is the result of taxpayer error, return preparer error, or IRS processing error.

  2. Research the following on IDRS for the entity as appropriate,

    • NAMEE, INOLES

    • BMFOLE - reflects a cross reference (XREF) TIN/ITIN or SSN of the entity's responsible party

    • Cross reference EINs and SSNs, parent EIN, successor EIN

    • Filing requirements and filing history

    • Entity establishment date

    • Name/address changes

  3. Research IRPTR for documents filed by the

    • Business (including IRPTRI for Form W-2s filed)

    • Payers to the business

  4. Review returns filed using CC TRDBV, CC BRTVU, MEF/EUP, AMS

    Note:

    See Exhibit 5.1.28-5, Exhibit 5.1.28-6, and Exhibit 5.1.28-7 for more applicable IDRS research when the taxpayer maintains they never applied for an EIN, or when the entity is active or inactive.

  5. Research payment patterns on the Remittance Transaction Register (RTR) for existing payments or the lack of payments

  6. Review other sources as appropriate such as AMS history and/or Accurint

5.1.28.14  (05-15-2014)
BMF Identity Theft Code Input Procedures

  1. After all preliminary research is completed and it appears that identity theft occurred, request input of the identity theft indicator. There are three Tax Administration Source Codes for BMF accounts.

  2. TC 971 AC 522 IDTCLM for the initial allegation or suspicion of identity theft prior to the taxpayer providing supporting documents

  3. TC 971 AC 522 IDTDOC when the taxpayer provides complete and legible documentation

  4. TC 971 AC 522 CLSIDT for BMF case resolved

  5. Complete Form 4844, Request for Terminal Action, to request input of the identity theft codes and forward to DITA per contact information at IRM 5.1.28.8.4 (2) e.

5.1.28.14.1  (05-15-2014)
Completion of Form 4844

  1. The BMF identity theft indicator is input to the MFT and Tax Period affected by the identity theft and will post to TXMOD and BMFOLT. See examples of completed Forms 4844 at Exhibit 5.1.28-3 and Exhibit 5.1.28-4.

  2. Complete the applicable blocks of Form 4844, including,

    1. EIN

    2. Name control

    3. MFT code

    4. Periods

    5. Name of taxpayer

5.1.28.14.1.1  (05-15-2014)
Miscellaneous Field Input

  1. Complete the three parts of the miscellaneous field

    • BOD - "SB"

    • Program Name - "FC"

    • Tax Administration Source Code - either "IDTCLM" , "IDTDOC" , or "CLSIDT"

      Example:

      SB FC IDTDOC

5.1.28.14.1.2  (01-11-2016)
Secondary Date Field

  1. Complete the Secondary Date Field as follows

    If requesting then the Secondary Date Field is the
    IDTCLM date of the taxpayer's allegation or, if you first recognized the taxpayer was the victim of identity theft, the date of that awareness.
    IDTDOC received date of the taxpayer's documents.
    CLSIDT date the identity theft issue was resolved.

5.1.28.14.2  (05-15-2014)
Reversing Pending BMF Identity Theft Indicators

  1. If the taxpayer alleged identity theft, but internal research cannot substantiate the claim and the taxpayer has not provided requested documentation, then complete Form 4844 to request TC 972 AC 522 with the Tax Administration Source Code NORPLY in the Miscellaneous Field Input with the BOD and Program Name.

    Example:

    SB FC NORPLY

  2. If you determine identity theft is not a factor in the case, then complete Form 4844 to request TC 972 AC 522 with the Tax Administration Source Code NOIDT in the Miscellaneous Field Input with the BOD and Program Name.

    Example:

    SB FC NOIDT

  3. Enter the Secondary Date of the TC 971 AC 522 being reversed.

5.1.28.15  (05-15-2014)
BMF Taxpayer Identity Theft Documentation

  1. Request supporting documentation from the taxpayer only when you cannot make the identity theft determination with internal research only.

  2. Supporting documentation consists of the following,

    1. Evidence of identity theft - a copy of a police report or Form 14039–B, Business Identity Theft Affidavit.

      Note:

      Form 14039–B is not available to the general public. It must be printed and mailed or otherwise provided to the taxpayer. The form must be signed and notarized to be considered complete.

    2. Authentication of identity:

      • Individual - valid federal or state government issued identification card, e.g., driver's license, state identification card, social security card, passport

      • Business - articles of incorporation, articles of organization, statement from director or officer on business letterhead, trust or estate document

    3. Evidence of business operation - copy of utility bill, invoice, mortgage or rent receipt or other similar documentation.

      Exception:

      Evidence of business operation is not needed if the taxpayer never requested or has no knowledge of an EIN.

  3. Establish a 30 day deadline for the taxpayer to submit substantiation documentation and suspend any collection activity.

  4. Supporting documentation can be accepted from the taxpayer or their representative with Power of Attorney (Form 2848, Power of Attorney and Declaration of Representative).

  5. Secure and handle the documentation in the same manner as other sensitive taxpayer information. The documents must be retained with the closed case file.

  6. Acknowledge receipt of complete and legible documentation within 30 days unless the documentation is received in person.

  7. When the documents have been verified as complete and legible, submit completed Form 4844 to request input of TC 971, AC 522, IDTDOC

5.1.28.16  (01-11-2016)
BMF Identity Theft Case Actions

  1. The following subsections provide procedures for several BMF identity theft scenarios.

  2. For referrals made through the area identity theft liaison, see the My SB/SE, Collecting Taxes, Identity Theft page, Contacts, http://mysbse.web.irs.gov/collection/identitytheft/identitytheftcontacts/26478.aspx for liaison names and contact information.

  3. For individual victims of BMF related identity theft, see IRM 25.23.9.4.1, Individual Taxpayers Reporting to be Victims of Business-Related Identity Theft.

5.1.28.16.1  (01-11-2016)
Form 941/944 Bal Dues

  1. When it is confirmed BMF identity theft occurred and the appropriate transaction codes have been requested, follow the steps in this table to address any refund(s) issued,

    If Then
    the Form 1040 refund(s) were issued and the perpetrator(s) can be identified develop a fraud referral and consult with CI before requesting any adjustment to the BMF Bal Due.
    the Form 1040 refund(s) were issued and the perpetrator(s) cannot be identified prepare Form 3870 to correct the BMF account and forward to DITA, see IRM 5.1.28.8.4 (2) e. for DITA contact information.
    the Form 1040 refund(s) were not issued or the bogus W-2s were not claimed on a Form 1040 prepare Form 3870 to correct the BMF account and forward to DITA.

    Exception:

    For non-master file cases, forward the Form 3870 to the Accounts Management NMF team at:
    Cincinnati Campus, CAMC
    201 W. Rivercenter Blvd., Stop 6111G, Team C103
    Covington, KY 41011

  2. If you have determined the EIN is fictitious and was established for the sole purpose of defrauding the government through the filing of individual and business false refund returns or income documents, see IRM 5.1.28.17 (2) below.

  3. If the Bal Due is the result of an IRS-CAWR or SSA-CAWR assessment (see IRM 5.1.15.7, Combined Annual Wage Reconciliation (CAWR) Adjustments, for more assessment identification information), then prepare Form 3870 to request abatement of the TC 290, attach all information supporting the determination including IDRS research and forward per Exhibit 5.1.15–3, State Mapping for IRS-CAWR and SSA-CAWR.

    Example:

    Complete Item 11 on Form 3870 as follows:
    IRS-CAWR abatement of tax
    Requested action: Abate TC 290, dated MM-DD-YYYY in the amount of $XX
    Justification: The EIN for this entity is fictitious and was used for the sole purpose of defrauding the government through the filing of false refund returns.
    Attached: IDRS research

  4. If the Bal Due is the result of an SFR assessment with a TC 300, then prepare Form 3870 to request abatement of TC 300.

    1. For TC 300 assessments with PC (Project Code) 0453, PBC (Primary Business Code) 296 on TXMOD, forward Form 3870 with all information supporting the determination attached to:
      Internal Revenue Service
      Attn: Team 205/Recon
      201 W. Rivercenter Blvd. Stop 8202G
      Covington, KY 41011

    2. For all other TC 300 assessments research TXMOD for the PBC (Primary Business Code), SBC (Secondary Business Code) and EGC (Employee Group Code) and locate the manager for the group on this link http://mysbse.web.irs.gov/examination/mis/news/13006.aspx Forward Form 3870 with all information supporting the determination to the manager.

5.1.28.16.1.1  (05-15-2014)
Researching Issued Refunds

  1. Access the following command codes when researching an issued refund to identify the perpetrator:

    1. IMFOL#/BMFOL# - for a paper check number and issue date

    2. IMFOBT - for IMF electronic refund routing and account number

    3. TRDBV- for the electronic refund routing and account number

  2. Consult with your Fraud Technical Advisor and Area Counsel to determine the appropriate next steps to take.

  3. See IRM 25.5.6, Summonses on Third Party Witnesses, when summoning a financial institution for additional information on the refund.

5.1.28.16.2  (05-15-2014)
BMF Bal Dues - Taxpayer's Name and SSN Used by Third Party

  1. When it is confirmed that BMF identity theft occurred, the appropriate transaction codes have been requested and the Bal Dues are for a business operated by a third party who established the business using a stolen SSN, first consult with Area Counsel.

  2. If, with Counsel's concurrence, the unpaid liabilities are to be moved to a new EIN, then secure a new EIN for the third party by preparing a “dummy” Form SS-4, Application for Employer Identification Number, and faxing it to the Cincinnati Accounts Management Campus at ≡ ≡ ≡ ≡ ≡ ≡ ≡ . This fax number is for Internal Use Only.

  3. Include your name, position, fax and phone number on the fax cover sheet.

  4. Prepare Form 12810, Account Transfer Request, to transfer the assessment to the new EIN and forward to DITA to per contact information at IRM 5.1.28.8.4(2) e.

  5. Proceed with collection.

5.1.28.16.3  (01-11-2016)
Business Tax Return Claiming Refundable Credit

  1. In a case involving a BMF refund for a refundable credit where identity theft has been confirmed, and the TC 971 AC 522 requested, take the appropriate actions in this table,

    If Then
    the refund was issued and the perpetrator can be identified contact the perpetrator and request the refund be returned
    the perpetrator refuses to return the refund prepare Form 3870 to request the "bad" return be backed out and the credit returned to the account and send the form to DITA. Pursue collection from the perpetrator using an alter-ego or nominee jeopardy levy. (See IRM 5.11.3, Jeopardy Levy without a Jeopardy Assessment, and IRM 5.17.14.6, Nominee and Alter Ego Doctrines.)
    the perpetrator can not be identified
    or
    the refund was not issued
    prepare Form 3870 to correct the account and send the form to DITA, see IRM 5.1.28.8.4(2) e. for DITA contact information.
  2. If the EIN on the return is determined to be fictitious, see IRM 5.1.28.17(2) below.

5.1.28.17  (01-11-2016)
Form 14566, BMF Identity Theft Referral

  1. If you are unable to determine if an EIN is fictitious, you can send Form 14566, BMF Identity Theft Referral, through the area identity theft liaison to:

    1. Return Integrity and Compliance Services (RICS) and in the Actions Needed section of the form request that RICS provide information confirming if the EIN was used to file fraudulent returns or if RICS has already flagged the EIN as fabricated, bogus or abused. See IRM 25.23.9.8.2, Referrals to Return Integrity and Compliance Services.

    2. Criminal Investigation (CI) and in the Actions Needed section of the form request that CI search their scheme listing. See IRM 25.23.9.8.3, Referrals to Criminal Investigation.

  2. If you have determined that the EIN is fictitious and was established for the sole purpose of defrauding the government through the filing of false refund returns, refer the EIN on Form 14566 through the area identity theft liaison to:

    1. RICS to include the EIN in their database to help prevent future misuse of the EIN. See IRM 25.23.9.8.2, Referrals to Return Integrity and Compliance Services

    2. CI to notify them of the BMF identity theft determination. Also ask CI to advise if the filing requirements should be deleted. See IRM 25.23.9.8.3, Referrals to Criminal Investigation.

  3. With CI's concurrence, forward Form 14566 through the area liaison to Submission Processing to close the EIN (TC 020). See 25.23.9.8.4, Referrals to Submission Processing.

  4. If false income documents have been filed, forward Form 14566 through the area identity theft liaison to advise Combined Annual Wage Reporting (CAWR). See IRM 25.23.9.9, Referrals to Combined Annual Wage Reporting.

    Note:

    Any account adjustments should be requested prior to advising CAWR.

5.1.28.18  (05-15-2014)
Manually Reversing TC 971 AC 522 IDTCLM or IDTDOC

  1. Manual reversal of the TC 971 AC 522 may be necessary due to error or negative effect on the taxpayer.

  2. Request input of TC 972 AC 522 via Form 4844 with the appropriate reversal code,

    1. IRSERR - keying or internal error when TC 971 AC 522 input

    2. IRSADM - internally identified negative effect of TC 971 AC 522 on taxpayer

    3. OTHER - any other reasonable circumstances

Exhibit 5.1.28-1 
IMF Form 4844 Example Input of TC 971 AC 522 Pending Claim

This image is too large to be displayed in the current screen. Please click the link to view the image.

Exhibit 5.1.28-2 
IMF Form 4844 Example Input of TC 972 AC 522 No Identity Theft

This image is too large to be displayed in the current screen. Please click the link to view the image.

Exhibit 5.1.28-3 
BMF Form 4844 Example Input of TC 971 AC 522 Initial Allegation or Suspicion of Identity Theft

This image is too large to be displayed in the current screen. Please click the link to view the image.

Exhibit 5.1.28-4 
BMF Form 4844 Example Input of TC 971 AC 522 Indicator Case Resolved

This image is too large to be displayed in the current screen. Please click the link to view the image.

Exhibit 5.1.28-5 
IDRS Research - Taxpayer Never Applied for an EIN

Question Research
Are there any identity theft indicators already on the account? CC TXMOD/BMFOLT
Is the business owner a minor, nonfiler, elderly, deceased, an individual with an IMF identity theft indicator, etc.? CC INOLES, ENMOD
Is there a Form 941 filing requirement? CC BMFOLE
Were returns filed prior to the entity established date? CC TXMOD/BMFOLT
Were Forms 1040 refund returns filed using Form W-2? CC IMFOLI
For a sole proprietor, does the individual file a Schedule C with this EIN? CC TRDBV
Were payments made under the EIN? CC BMFOLP
Did other business entities report making payments to the business? CC IRPTRI

Exhibit 5.1.28-6 
IDRS Research - Active Business

Question Research
Are there any identity theft indicators already on the account? CC TXMOD/BMFOLT
Any major changes in returns filed, amounts reported, refundable credits claimed from prior years? CC TXMOD/BMFOLT
Was there more than one submission of Forms W-2? CC BMFOLU
Recent change in address from previous returns filed? CC BRTVU/TRDBV
Is there an adjustment on the account, e.g., CAWR, Examination? CC TXMOD/BMFOLT
Is the preparer on the return in question different from the one used on prior year returns? CC TRDBV
Do the total payments posted on the IDRS module match those on the return? CC BRTVU/TRDBV

Exhibit 5.1.28-7 
IDRS Research - Inactive Business

Question Research
Are there any identity theft indicators already on the account? CC TXMOD/BMFOLT
Was a final return filed? CC BMFOLE
Are there any open filing requirements? CC BMFOLE
Any major changes in returns filed, amounts reported, refundable credits claimed from prior years? CC TXMOD/BMFOLT
Was there a significant amount of inactivity prior to the filing? CC TXMOD/BMFOLT
Were Forms 1040 refund returns filed using Form W-2? CC IMFOLI
Were payments made under the EIN? CC BMFOLP

More Internal Revenue Manual