Non-Profit

Nonprofits: Here’s What You Should Know about ID Theft

Due to several common factors—including a lack of internal controls, as well as less resources available for prevention and recovery—many nonprofit organizations are particularly vulnerable to fraud and identity theft.

For nonprofits and businesses, identity theft occurs when a thief impersonates the business/organization by using its identification number and other business credentials, such as name, address, contact information, etc., to create false business filings of various types to steal from the federal, state, or local government; financial institutions; creditors; suppliers; and others. It can occur with corporations, partnerships, government entities, trusts, estates, and exempt organizations.

Here’s how this sort of identity theft often occurs: A person uses the employer identification number (EIN) of an active or inactive business or organization—without the EIN owner’s permission or knowledge—to file tax returns to obtain fraudulent refunds. Alternatively, they can perpetuate individual identity theft and refund fraud by reporting the EIN on bogus Forms W-2.

How the Fraud Can Be Committed

A business or organization’s EIN can be easily obtained and is more commonly exchanged than social security numbers (SSNs). While SSNs receive some level of protection, there is little protection for EINs, which are publicly available to employees who are issued a W-2, as well as vendors, investors, payees and others who receive a Form 1099. In addition, exempt organizations are required to make their tax filing information, including their EIN, public.

This kind of identity theft can occur in multiple ways. For example, a fraudulent business tax return can be filed that generates an income tax refund (e.g., on Form 990-T)—although, this is perhaps much less likely for exempt organizations than for-profit entities. However, fraudulent Forms W-2 with fictitious withholding may be filed under the organization’s EIN; then, the information can be used to file fraudulent individual income tax returns claiming refunds.

An organization’s first indication that something is wrong may be notification of a deficiency in the withholding amount and/or payroll taxes the organization paid, and a request for an explanation and/or a demand for payment from the IRS and any affected state tax agency(ies).

How to Report to the IRS

If it appears someone is using the organization’s name or EIN to submit fraudulent tax returns or Forms W-2, complete and submit Form 14039-B (Business Identity Theft Affidavit) to report identity theft to the IRS. The form may be submitted by mail, fax, or in person at an IRS Taxpayer Assistance Center with a scheduled appointment. To prevent processing delays, be sure to submit all the requested documents and sign the form.

For specific guidance, learn more about Dugan & Lopatka’s nonprofit solutions or contact us at info@duganlopatka.com.

related articles