You hang up the phone with a huge smile on your face. You just learned that you’re getting a pretty sizeable tax refund this year. Now all you need to do is kick back and wait a week or two for the IRS to wire the money into your bank account.
This good news, however, is unfortunately short lived. The very next day you get another phone call.
“I’m sorry to tell you this, but someone else has already used your Social Security number to file a tax return.”
You’re told that you’ll still be able to eventually get your nice, big tax refund, but it may be several months before you see the money. You first need to work with the IRS to resolve your case of identity theft.
There’s a secret weapon you can now use to protect your tax return – an Identity Protection PIN (IP PIN).
Beginning this tax season, all taxpayers who can verify their identities are eligible to obtain an IP PIN. An IP PIN is a 6-digit PIN that offers additional protections when filing your tax return. This one-time-use number is sent to you by the IRS and must be entered on your tax return along with your Social Security number. Since the IP PIN is a one-time-use number, you will receive a new IP PIN number each year from the IRS.
If someone tries to fraudulently file a tax return using your Social Security number, they will be unable to do so without this IP PIN.
What You Need to Do
How to get an IP PIN. To obtain an IP PIN, click here to visit the IRS’s Get an IP PIN tool to opt into the IP PIN program.
If your identity has already been stolen. If someone uses your Social Security number to fraudulently file a tax return, ask for help to find out next steps for getting your identity fraud case resolved with the IRS.
Once in, tough to get out…for now. As this is the first year the IRS is making the IP PIN program available for anyone who wishes to use one, they are not ready to let you opt out once you agree to participate. They anticipate adding the opt-out feature in the near future.
How companies use your identity and what you can do to protect it.
One of the most valuable things you own is YOU. Your identity includes the basics – where you live, your age, and your gender. But it also includes your interests, who you know, and what you buy. So, do you know who has your identity? Here’s the life cycle of your identity and what to do to protect it.
It gets collected. Think about the organizations that legally collect information about your identity – your employer, government entities, insurance companies, banks, credit reporting agencies, and non-profit organizations. And then add those companies you give your identity to freely – like Google, Facebook, LinkedIn, Twitter, and any other website or social media platform you visit.
It gets stored. Once your identity gets collected, it then needs to be stored somewhere. Storage is most often on servers or locally on a computer or mobile device. This is one of the core concerns with Tik-Tok, a Chinese-originated short video service. The concern is that a foreign entity will have stored U.S. citizen’s interests and behaviors that can help identify potential targets that can be manipulated.
It gets sold. Once information related to your identity and interests are collected, most organizations then sell it to other companies. Not only is information about your identity sometimes collected without your knowledge, this information is then monetized. Your viewing behavior can also be actively manipulated by the sites you view. So if you read articles about cats, you are going to get a lot more articles about cats and get ads that relate to cat-lover behavior. This is often so subtle, you do not realize it is happening.
It gets accessed. If your information is considered a public record, anybody can see it. Business licenses, property tax records and real estate ownership are just a few examples of personal information that anyone can access.
It gets stolen. Identity thieves are always looking for ways to access your information. Thieves either hack one of the organizations that collects your confidential information or find a way to trick you into giving them your information, with techniques such as phishing emails.
What you can do
Opt-out of providing personal information. The best place to start with protecting your identity is knowing who has access to it and asking if they really need it. Consider opting out of providing information if possible.
Be vigilant with the data you possess. While you can’t control how secure an insurance company’s servers are, you can control how secure you handle the information and documents you possess. Be on the lookout for phishing emails, verify requests for your information and don’t forget about getting rid of documents the old-fashioned way with a shredder.
Deliberately monetize your identity. Stop giving away your identity without a thought. Here’s an idea. Consider you are worth a million dollars. Then see what these services are paying you for your information and how they are using it. If this little exercise gets you to pause before signing up for a new service, then the exercise is worth it!
Shuttered businesses are realizing that lifting lockdown restrictions doesn’t mean a return to business as usual. Social distancing guidelines and a public wary of venturing into crowded environments means light customer traffic for many businesses.
Here are several ideas to help local businesses financially as they re-open their doors:
Continue buying gift cards. For many small businesses, positive cash flow is the primary factor whether they survive this economic downturn. Buying gift cards is a great way to get them the cash they need now, while still providing value for yourself down the road. Even better, if you are in a position to do so, consider giving a gift card to a friend who’s negatively been affected financially. Also consider donating gift cards to schools, churches or non-profit organizations. Just remember to keep your receipts so you can potentially claim a tax deduction!
Tip more than usual. Of all industries impacted by the economic downturn, the leisure and hospitality industry is being hit the hardest. On top of the millions of workers in this industry that have filed for unemployment, even more have had their hours scaled back. When you order takeout or pay for a service, consider tipping more than you normally would. It may not seem like much, but every extra dollar helps.
Shop online locally. The prices you pay might be higher, but when you add the property taxes, local employment taxes and donations to school events that local businesses fund, the added costs are worth it. Also, with many retail shops restricted to limited foot traffic because of social distancing guidelines, online sales are currently a significant source of revenue for many small businesses.
Write a review. Reviews left on Google, Yelp, and other sites are a major source of new customers for local businesses and restaurants. Take the time to leave a positive review for each of your favorite local businesses so new, potential customers can find them.
Offer your services. With the change in spending habits, businesses are forced to adapt. If you have skills and knowledge that could help a small business make the transition, consider donating some of your time. Some examples include web development, marketing strategies, cash flow management and budgeting.
According to a recent Deloitte survey, 91 percent of people agree to terms and conditions without reading the legal agreement. While reading through the legally complex language may be slow and painful, it’s more important than you think. Here are four reasons why reading entire legal agreements make sense:
You miss a major technicality. Many agreements have an exit penalty that requires you to pay for a period of time after you terminate an agreement. Others automatically renew your agreement for a year with exit penalties unless you tell them in writing you do not wish to renew prior to a key date. In a recent example of missing a legal technicality, eight teachers claimed the Department of Education (DOE) mishandled a debt forgiveness program that promised to reduce student loans after 10 years of public service. In most of the cases, the teacher’s application was denied because, according to the DOE, they were in the wrong type of loan or payment program.
You give something away. With extensive agreement documents (PayPal’s user agreement is over 50 pages long!), it’s easy for a company to add language that grants itself rights to something that’s yours. Here are some examples:
Your identity. Companies like Facebook grant itself rights to use your likeness and personal information for targeted advertising unless you catch the clause and take action.
Your work. If you create a presentation using some online tools, the agreement might allow the site to use the presentation without your permission.
Your location. Most navigation software tracks your location even when not using their application. The same is true with most newer vehicles. The only way to catch these tracking rights is to read the clause in the agreement.
You’re not comfortable with the risks. Data breaches are occurring more often and are hard to prevent. To reduce their exposure to litigation, businesses are continuing to add language to agreements to protect themselves. Your job, as the consumer, is to know these risks when signing up for a new service. The more personal information you provide, the more important it is to understand your legal recourse if the supplier of your service is hacked.
You miss something good. Reading an agreement to the end may pay off. A woman in Georgia won $10,000 just by reading her travel insurance agreement. The company, Squaremouth, had a Pays to Read program that awarded a cash prize to the first person to read the clause with a cash prize. For most people, it’s more likely you’ll find additional benefits that come with the agreement or laugh at some humor injected by the company. Here is an example from social media company, Tumblr: “You have to be at least 13 years old to use Tumblr. We’re serious: it’s a hard rule, based on U.S. federal and state legislation. “But I’m, like, 12.9 years old!” you plead. Nope, sorry. If you’re younger than 13, don’t use Tumblr. Ask your parents for a PlayStation 4, or try books.”
Very few things in life can create a higher degree of stress than having your Social Security Number (SSN) stolen. This is because, unlike other forms of ID, your SSN is virtually permanent. While most instances of SSN theft are outside your control, there are some things that you can do to minimize the risk of this ever happening to you.
Never carry your card. Place your SSN card in a safe place. That place is never your wallet or purse. Only take the card with you when you need it.
Know who needs it. As identity theft continues to evolve, there are fewer who really need to know your SSN. Here is that list:
The government. The federal and state governments use this number to keep track of your earnings for retirement benefits and to ensure you pay proper taxes.
Your employer. The SSN is used to keep track of your wages and withholdings. It also is used to prove citizenship and to contribute to your Social Security and Medicare accounts.
Certain financial institutions. Your SSN is used by various financial institutions to prove citizenship, open bank accounts, provide loans, establish other forms of credit, report your credit history or confirm your identity. In no case should you be required to confirm more than the last four digits of your number.
Challenge all other requests. Many other vendors may ask for your SSN but having it may not be essential. The most common requests come from health care providers and insurance companies, but requests can also come from subscription services when setting up a new account. When asked on a form for your number, leave it blank. If your supplier really needs it, they will ask you for it. This allows you to challenge their request.
Destroy and distort documents. Shred any documents that have your number listed. When providing copies of your tax return to anyone, distort or cover your SSN. Remember, your number is printed on the top of each page of Form 1040. If the government requests your SSN on a check payment, only place the last four digits on the check, and replace the first five digits with Xs.
Keep your scammer alert on high. Never give out any part of the number over the phone or via email. Do not even confirm your SSN to someone who happens to read it back to you on the phone. If this happens to you, file a police report and report the theft to the IRS and Federal Trade Commission.
Proactively check for use. Periodically check your credit reports for potential use of your SSN. If suspicious activity is found, have the credit agencies place a fraud alert on your account. Remember, everyone is entitled to a free credit report once a year. You can obtain yours on the Annual Credit Report website.
Replacing a stolen SSN is not only hard to do, it can create many problems. Your best defense is to stop the theft before it happens.
According to the Association of Certified Fraud Examiners, nearly 30 percent of businesses are victims of payroll malfeasance, with small businesses twice as likely to be affected than large businesses. Here are four scary payroll fraud schemes you need to know:
Ghost employees. A ghost employee does not exist anywhere except in your payroll system. Typically, someone with access to your payroll creates a fake employee and assigns direct deposit information to a dummy account so they can secretly transfer the money into their own bank account.
Time thieves. Time stealing happens when employees add more time to their timecard than they actually worked. Sometimes multiple employees will team up to clock each other in earlier than when they arrive or later than when they depart for the day.
Shape-shifting commissions. In an attempt to bump up a commission payment or attain a quota, sneaky sales employees may alter a sales contract to their benefit. A typical tactic used by a dishonest salesperson is to make a booked sale appear larger than it is and then slide a credit memo through the system in a later period. Companies with complicated commission calculations or weak controls in this area are the most vulnerable.
External swindlers. A popular scam, known as phishing, starts with a fraudster impersonating a company executive through email or over the phone asking an employee with access to payroll data to wire money or provide sensitive information. These imposters can make the correspondence look very real by using company logos, signatures and email addresses.
Tips to combat payroll fraud
Being aware of the threats is a start, but you also need to know how to stop them. Here are some tips to reduce your company’s payroll fraud risk:
Better internal controls. While most employees are trustworthy, giving too much control over your payroll to one person is not a good idea. Separating payroll duties and formalizing an approval process protects both your business and your employees.
Review payroll records. Designate someone outside of the payroll-processing department to periodically review the payroll records. Have them review names, pay rates and verify that the total payroll matches what was withdrawn from the business bank account.
Perform random internal audits. During an internal audit is when you can really get into the details to look for potential payroll fraud. You can do an in-depth review of the whole payroll system or select a random sample of dates and employees. Keep the timing of the audit under wraps to prevent giving someone the chance to cover up their misdeeds.
Managing your business payroll is a daunting task by itself, and actively protecting against fraud adds additional complexity. Please call for help with your business payroll needs.