Are Identity Protection Services Taxable?
Under federal tax law, gross income generally includes "all income from whatever source derived, and in whatever form realized, whether in money, property or services." However, the IRS recently announced that, when a taxpayer receives identity protection services from an organization at no cost following a data security breach, the taxpayer isn't required to include the value of those services in gross income.
Examples of such services include credit reporting and monitoring, an identity theft insurance policy, and identity restoration. The breached organization also isn't required to report these amounts on information returns filed with respect to the recipient of these services.
However, taxpayers are required to report in gross income 1) any cash received in lieu of identity protection services or 2) the value of identity protection services received for reasons other than a data breach, such as identity protection services received in connection with an employee benefits package. Existing tax rules also continue to apply to any proceeds a taxpayer receives under an identity theft insurance policy.
The number of identity theft victims is expected to grow as perpetrators become increasingly sophisticated. Many are now clever enough to hack through passwords and other security measures to gain access to personal accounts and data. Case in point: The IRS recently announced that the May 2015 security breach of its online "Get Transcript" service affected nearly three times more taxpayers than the agency originally estimated.
Expanded IRS Data Breach
In August the IRS announced that fraudsters had hacked into 334,000 taxpayers' accounts — up from the agency's original estimate of 114,000 accounts. They used stolen Social Security numbers, addresses and other personal data acquired from social media and other sources to breach the system's multistep verification process.
In response to the breach, the IRS will offer free credit monitoring services and other protections — such as identity protection personal identification numbers (PINs) — to taxpayers whose information was compromised. The IRS will also mail letters to another 170,000 households, notifying them that their personal information could be at risk even though the fraudsters failed to access the IRS system with their information. (This is in addition to the 334,000 taxpayers whose accounts were breached.)
Future Cutbacks on W-2 Extensions
In another effort to combat taxpayer identity theft scams, the IRS has curtailed the W-2 filing extension available to employers. Under existing tax law, the automatic extension for filing W-2 forms is 30 days from the original due date. Employers may request an additional extension of up to 30 days by submitting a second Form 8809.
For the 2016 tax season, the current automatic extension will still be available. Starting in the 2017 tax season, however, the IRS will allow only one 30-day, nonautomatic extension for filing W-2 forms.
Identity thieves often file fraudulent tax returns early in the tax season, before W-2s have been sent. Early filing leaves the agency unable to verify wage and other information. By limiting the availability of extensions, the IRS hopes to catch fraudulent refund scams earlier in the tax season and reduce the opportunity for thieves to steal data.
IRS Reminder about Tax Scams
In August, the IRS reiterated its warning for taxpayers to be on "high alert" for aggressive tax scams. Often these frauds start with access to personal information (names, addresses and Social Security numbers) obtained through social media or possibly illegal means. Then the fraudster contacts the individuals using this information via a phone call, email or letter, requesting payment or additional personal information to use in other frauds.
These tax scams — which originally targeted older people and immigrants — have become bolder and more authentic-looking. For example, fraudsters may cite fake IRS badge numbers, alter what shows up on the victim's caller ID and copy IRS letterhead. To sound legitimate, a fraudster may provide directions to the nearest bank so the victim can make a payment and an actual IRS address where the victim can mail the receipt from the bank for the payment (though the payment actually goes to the fraudster, not the IRS).
The IRS warns, "Scammers try to scare people into reacting immediately without taking a moment to think through what is actually happening."
How to Protect Yourself
The Treasury Inspector General for Tax Administration estimates that nearly 4,000 victims have collectively reported more than $20 million in financial losses as a result of tax-related scams. Don't allow yourself to become the next identity theft or fraud victim. If you receive a suspicious call, email or letter from someone posing as an IRS agent, contact your tax adviser immediately. He or she can help determine whether the alleged IRS inquiry is legitimate or, if not, help you report the suspicious activity to protect others from identity theft and other tax scams.