5 Ways to Protect Your Clients Against Tax Identity Theft

Tax identity theft is a matter of grave concern for individuals and businesses alike. It robs people of their personal data, tax returns, and all the time and effort they put into filing a clean return.

More often than not, tax fraud and identity theft occur due to a lack of data security. For every business owner and client, it is crucial to protect their financial data to avoid this kind of disaster.

The Internal Revenue Service (IRS) claims that cases of business identity theft have increased exponentially since the year 2015. In 2017, the amount of fraud reached $137 million. Hence, every person and organization must employ sophisticated security measures to prevent fraud.

Understandably, it is difficult for small business owners and freelancers to engage resources for ID theft protection. However, in such a scenario, there are several practical steps you can take personally to safeguard your tax identity and returns.

The IRS details various steps you can take to protect your tax information and make sure you get your refund securely. All this starts from curating a few simple habits that can ensure protection from fraud.

How to Protect Your Clients Against Tax Identity Theft

Someone who intends to steal your identity for tax purposes obviously wants to get a hold of your returns or reap the benefits meant for you. They might also misuse your personal information for other criminal activities that could be traced back to you.

It's best if this never happens in the first place so follow these five steps to protect yourself and your clients against tax identity theft and hijacking of personal information.

1. Secure Taxpayer Information

The most obvious and efficient form of preventing identity theft is to protect your taxpayer information. This means keeping addresses, birth dates, and social security numbers confidential; this goes for businesses and their clients.

Beware of phishing. Never divulge your tax information in reply to suspicious emails, calls, or other communication. Be very careful about where to disclose account number and related information.

Scammers also often send links or ask you to share your information for fake purposes, such as credit card verification, lucky draw contests, and so on. Anyone can fall prey to such tactics and can end up getting their identity stolen, so you must always stay vigilant. 

To prevent this from happening:

• • Do not click on suspicious links that claim to be from banks or other institutions.  
  • Do not share your account number or social security number online or in person.
  • Keep a tab on your tax information and returns.
  • Remember that banks, companies, or the IRS would never ask you to reveal sensitive information over the phone or email.
  • Ensure that any taxpayer data, hard copy or soft copy, is not left unprotected.
  • Dispose of sensitive information carefully and in a way that cannot be retrieved.
  • Store data in a secure location and keep sensitive files encrypted while sharing.
  • Keep paper documents and hard drives in a secure location and restrict access to authorized personnel only.

2. Get an Employer Identification Number (EIN)

If you run a corporation or an LLC, you must have a distinct employer identification number to file taxes. Small business owners and freelancers can operate with a social security number if they are sole proprietors.

However, even in these cases, it is wise to get your EIN from the IRS website. This is because separating your personal and professional finances reduces the chances of fraud. This way, you can protect your business and clients. 

Another way to minimize the risk of identity theft is to file taxes as early as possible. Once you file your tax returns, the IRS rejects any duplicate entries. Hence, a fraudster would not be able to opt for a fraudulent return or get hold of your returns.

3. Apply Internal Control Methods

If you are running an organization, the responsibility of protecting client information automatically falls to you. Be sure to employ internal control methods to guarantee any sensitive information remains secure.

Documents like accounting files, financial statements, customer lists, client details, etc., must be encrypted and placed under protection. It is best practice to only enable file access to those who are authorized and pre-screened.

It is also crucial to have a protocol in place for data breaches and put a specific person in charge of handling these matters. Updating passwords periodically and using combinations that cannot be predicted easily is another wise practice. Never use personal information as passwords under any scenario. Be sure to also: 

• • Always encrypt emails or external communication that has sensitive tax information.
  • Terminate employee access to records immediately after the employee leaves your hire.
  • Place security requirements to gain access to taxpayer data.
  • Keep updating security measures periodically to avoid predictability.
  • Perform background checks before granting sensitive information access to employees.

4. Prevent Device-Centered Hacking

Qualified tax experts will tell you that a “bring your own device” trend in the office increases identity theft risks exponentially. For your business location, ensure all devices are password protected and cannot be accessed without proper verification if lost or stolen. 

Your clients’ account credentials must be saved under protection and never on devices unauthorized by the company. Lax security measures make it easier for fraudsters to access an account, steal an identity, or divert funds illegally.

Businesses using mobile payment systems must apply the best encryption software and employ multi-factor authentication wherever possible.

5. Perform Risk Assessment

To ensure continued protection, you need to perform regular risk assessments and put plans of action into place. Use the checklist below to ensure your firm is protected.

• • Secure your facilities, both physically and virtually.
  • Create an Information Security Plan and follow it.
  • Teach employees about basic cybersecurity measures. 
  • Employ a protocol to inform taxpayers and clients of any data breach as soon as possible.
  • Use your risk assessment to identify risks and impacts of potential theft.
  • Maintain the availability of information through timely access and reliable data recovery.

Tax identity theft can ruin businesses, spoil client relationships, and create a major personal impact on individuals. You should never take these matters lightly and always ensure the best and most secure service for clients.

Need help studying for the CPA Exam? Check out Bryan Kesler's guide here. 


Canopy is a one-stop-shop for all of your accounting firm's needs. Sign up free today to see how our full suite of services can help you.