The latest Federal Trade Commission (FTC) report pointed out that just under 1.4M people in the US had their identities stolen in 2020, which was double the number of the previous year. Many of these thefts led to the creation of fraudulent driver’s licenses, passports, health insurance cards, and other government identification but most thefts led to financial fraud with a whopping 394,280 ID thefts specifically targeting unemployment benefit fraud in 2020. The unfortunate reality is that Identity theft is expected to significantly increase in 2021, which in turn creates significant havoc on victim’s lives.
”60% of Americans believe that Identity theft is likely to cause them a financial loss in the next year
(20% felt it was extremely likely).” -Harris Poll conducted on behalf of the AICPA
According to the SANS Institute, it takes a victim of identity theft an average of 6 months and 100-200 hours of concerted effort to clear their name, and possibly years if they don’t have adequate time or resources to dedicate to the effort. Being a victim of identity theft is not only stress inducing but would naturally put a significant damper on one of your personnel’s productivity, particularly if they were victimized during a busy season.
As a firm manager you can help by providing education and resources to your personnel (and their families) to first, minimize the risk of them becoming a victim and second, being prepared to provide a path to recovery in the event their identity is compromised.
The FTC provides resources to help you educate your personnel on current scams and what to do if they get notification of an unrecognized credit card charge, outstanding loan balance, medical claim, criminal activity, or unemployment benefits that they were not aware of. While the majority of identity theft is utilized for financial/credit fraud, tax return fraud, employment or unemployment benefits, individuals can also be victimized if the thief commits a crime or has medical procedures performed using the stolen identity. According to the FTC report there has also been a 101% increase in medical identity theft so it is important to have your staff review their medical claim notices as well as their financial records.
Below we list high level action steps for firm managers to discuss with staff during a lunch and learn to become aware of their information being compromised and how to respond. A comprehensive listing can be found at https://www.identitytheft.gov/steps
- Obtain credit reports (AnnualCreditReport.com), review credit inquiries, and immediately close any fraudulent accounts opened in your name.
- Place one-year initial fraud alert with one of the credit bureaus (who by law must notify the other credit bureaus) to minimize the ability for thieves to open new accounts.
- Add an extended fraud alert* or credit freeze to your credit reports if there is confirmation of identity theft. Please note that placing a credit freeze must be done with each of the three credit bureaus and if you do want to apply for a loan or be extended credit, this process will have to be reversed.
- Download completed FTC Identity Theft Report (IdentityTheft.gov*) to file a local police report and to send to the three credit bureaus (via certified mail) to clear fraudulent entries, request blocking the fraudulent accounts within four business days, and to extend the fraud alert for seven years.
- Review your bank and credit card statements and document unauthorized charges and withdrawals. Contact those companies to dispute fraudulent charges.
- Change the username, pin, and passwords to any accounts you suspect may be compromised with unique passwords (do not use same passwords on multiple accounts).
- Continue to review credit reports from bureaus on a monthly basis.
- Review medical and insurance statements to verify benefits have not been compromised.
If one of your personnel does become a victim of identity theft, one of your immediate steps could be to provide them with a PDF copy of the FTC’s Publication (501a) which is a detailed recovery plan for Identity Theft victims also provides additional instructions for utilities, phones, student loans, rentals, investment accounts and bankruptcy. This document can be downloaded from IdentityTheft.gov and includes step by step recovery instructions for multiple theft scenarios. If that employee is notified of unemployment fraud, have them also go to your State Unemployment Agency website to find reporting instructions, which in most cases can be completed online. While we have listed steps involved primarily to financial fraud but the FTC Publication.
Please note that in addition to the three major credit bureaus, there are services such as IdentityGuard, Norton LifeLock, IdentityForce, and MyFico that provide ongoing credit and fraud monitoring which employees can subscribe to for a monthly fee. Discussion of these services is beyond the scope of this article but may be a great topic for your next firm manager meeting!
With the risk of identity theft on the rise you can help protect your firm by making your personnel (and their family members) cognizant of the current risks and provide the education and tools to minimize any of them from becoming a victim.
Roman H. Kepczyk, CPA.CITP, PAFM is Director of Firm Technology Strategy for Right Networks and works exclusively with accounting firms to optimize their internal production workflows within their tax, audit, client services and administrative areas and by helping them move successfully into the cloud. He can be contacted at 678-495-0508 or firstname.lastname@example.org.