How my Client Handled ID Theft

Practice Management be mindful of security

Once upon a time, a young consultant named Marcia was having a romantic, candlelit dinner with her husband. This evening quickly turned into a nightmare that lasted months.

What happened?

Marcia, my client, left her purse and her iPad in the car while at dinner. When she and her husband got back to the car, it had been broken into and both were gone.

The thieves had her wallet AND her iPad, which means they had her ID, her actual credit cards and checkbook … and, access to her email.

The long nightmare began. The thieves were quick acting – the damage was most likely done before she had even ordered dessert. Here’s what happened:

  1. Through the information in Marcia’s wallet, the thieves had access to four personal credit cards, two personal bank accounts, three business credit cards and two business bank accounts.
  2. Through her iPad, the thieves had access to her email. They were able to login to each credit card (and her bank) online and reset all the passwords.
  3. Continuing this tactic, the thieves also logged into each credit card and bank account and changed the contact information and security questions.
  4. Using email access, the thieves logged into Marcia’s merchant services account and changed the bank account to which the funds were deposited. They then charged more than $10,000 in gift cards on her credit cards. The police and credit card reps told her that this was a way for them to purchase things online without using the actual credit cards, in case they were closed down quickly.
  5. Because the thieves had her wallet, they also used her health insurance card to get prescriptions: Xanax, Oxycontin, Ativan and Ritalin … all scripts that can be sold for large amounts of money on the street. Marcia didn’t discover this until she started receiving multiple explanation of benefits (EOBs) each week from her healthcare provider. It hadn’t even occurred to her to let them know of the fraud – she had just contacted them and requested a new card.

Quick Action Didn’t Matter

Marcia went to work immediately, filing a police report and trying to put a stop on all of her accounts – within less than an hour after having dinner. But, by then, it was too late. Passwords, contact information and security questions had all been changed.

By the time Marcia and her husband got back home, the damage was done.

The Real Nightmare Begins

Marcia was in a panic. All of her income was being diverted to the thieves. Her family and her business had no funds to work with for the better part of a week. Thankfully, her husband’s cards that they used are in his own name.

She was also under the burden of proving her own identity! She started with the bank, where she took her passport (her only available ID) in to get the accounts straightened out. Marcia then had to prove to each credit card company and her merchant service provider what had happened.

All in all, it took her just over four months and close to 200 hours to get everything back to normal – that’s an average of close to 10 hours per week to get her accounts in order!! And, guess what? It doesn’t even include the work she still has to do with the credit reporting agencies.

Marcia then hired my bookkeeping firm to make sure that all the fraudulent transactions were properly recorded. Previously, she had plenty of time to manage the books for her consulting business on her own, but rectifying the aftermath of the identity theft took up the time she had been using for bookkeeping.

When Marcia thought the nightmare was over – she had made it through months of untangling the mess during the holiday season – her CPA went to file her tax return. The CPA soon realized that a return had already been filed with her SSN. And, a refund had been sent – to the thieves.

Thankfully, the IRS is well aware of this type of fraud and with the help of her CPA, she was able to submit her Identity Theft Affidavit and get things taken care of on that front. But, that took even MORE time.

Marcia’s Lessons

Marcia’s painful event helped her put a variety of safety precautions into place:

  1. Password protect your devices. Put a lock code on your phones and tablets. Put a password on your computer so that it can’t be accessed easily if it’s lost or stolen.
  2. Switch it up. Don’t use the same passwords for every site or account. And, don’t use your address or your birthday, for example. Create a system so that the WAY you create the password for each site is similar, but the passwords are all unique, hard to figure out and easy for you to remember.
  3. Logout. When you’re done with your email, banking or any other website that contains sensitive information, LOGOUT.
  4. Don’t save passwords. When your browser asks you if you want to save your passwords, say NO.
  5. Have a second form of ID. If yours is lost or stolen, it’s very difficult to prove you’re really you. If you don’t have a passport, get one, and order the passport card with it. It’s worth the money, I promise.

The Tax Professional’s Role

As a bookkeeper, I work closely with my clients and tax professionals to help when identity theft takes place. In fact, tax professionals may be the first to spot signs of identify theft for their clients. Did you know 63 percent of tax pros reported that one or more of their clients were victimized by identity theft last year?

Be on the lookout for rejected tax returns or other IRS notices; they can be the first indication of a problem. No matter when you actually identify the problem, your clients need your expertise in handling identity theft.

Here are seven steps to take in case of identify theft:

  1. Place a fraud alert on credit reports by contacting one of the three credit reporting agencies (Experian, Equifax and TransUnion).
  2. Contact any institution directly affected, such as banks and credit cards.
  3. Contact the Federal Trade Commission (FTC) at 1-877-ID THEFT (877-438-4338) to file an identity theft affidavit.
  4. Download “Taking Charge: What to do if your identity is stolen,” an instructional PDF published by the FTC to assist consumers.
  5. Review the IRS’s Identity Protection: Prevention, Detection and Victim Assistance site. It is a great resource for accounting professionals and taxpayers.
  6. File a police report. Get a copy of the report and your report number.
  7. Contact the Social Security Administration (800-269-0271) and the Internal Revenue Service (800-829-0433).

Protection

As part of the new Client Benefit Suite, Intuit has introduced an extensive ID Theft Restoration support service offered by Tax Protection Plus. This affordable extra layer of support can help ensure that your clients won’t have to face an identity theft incident alone. The service offers personalized, fast assistance, helping clients restore their identity, plus it also includes help dealing with an IRS audit.

The Identity Theft Restoration service includes the following:

  • 24/7 access to Identity Theft Restoration assistance Advocates
  • Customized state specific ID Recovery Kit™ pre-completed and sent overnight
  • Notifications to appropriate bank or agencies if other forms of ID were stolen
  • Fraud alerts on credit records
  • Daily credit monitoring from all three bureaus for six months

You can learn more about the Identity Theft Restoration Service and Audit Assistance here or register for one of several free 20-minute webinars offered by Tax Protection Plus in January. The total cost to your clients is only $44.95 for both aspects of this service. It’s free for tax professionals to enroll to offer it.

Stay Vigilant

Identity thieves Identity thieves typically act fast and can do a lot of damage to your clients’ financial health. You don’t have to get your wallet stolen for them to hit. Stay vigilant, and watch monthly credit card and bank statements carefully. Your clients don’t want to face the nightmare that Marcia did.