Massive Opportunity for Identity Theft ?

[Jack from Ohio]

All mail, is handled by people at several stages. Anyone could see that it is a tax document and simply take it. Many UPSP workers and contractors are not vetted, bonded or checked out.

The power of the NSA is WAY overblown. The TV show "Person of Interest" is fiction at it's highest degree. The idea that the NSA can see everything we say, phone messages and email preys on the lack of information of the masses.

Some attention in basic science classes in High School would have prevented the hysteria that is currently gripping America.

[MAMalody]

It is interesting to me to note that the Secretary of HHS has stated that there is a risk of identity theft in ACA, especially at the start-up. With a projected 14 million working people losing their medical coverage (8 million by HHS) because of the employers adjusting for the increased costs and then going on the exchanges, identity theft could be an issue.

[Guest Taxed]

Did you ever hear about identity theft 30-40 years back?

As society becomes paperless and all financial "dealings" are done online the chances of identity them only goes up.

When someone tries to open a new charge account, there should be more verification and corroboration of the identity of the applicant. When someone tries to ship something purchased online to an address that is not the same as the charge card, more verification. Use modern technology like bio identity profile.

We will never eliminate identity theft but we sure can make it extremely difficult for the thieves to pull it off so easily.

[Jack from Ohio]

We will never eliminate identity theft but we sure can make it extremely difficult for the thieves to pull it off so easily.

By invoking more total police state laws in every venue? Been tried in many other countries and does not work. You would NOT like a society that had processes in place to totally protect your identity at every turn.

What happened to personal responsibility to know what you are doing and be accountable if you do something unwise? Society now blames the lack of "Big Brother" style protection from the government(s) to bail people out from their own ignorance or arrogance.

[Lion EA]

35 years ago when I moved to this small town, I was told by residents to learn when to expect things like charge card statements so I could grab my mail as soon as it arrived on those dates. People were stealing various items out of mailboxes for sale to larger groups who probably sold bulk information to even larger groups. Strictly low tech, but some very high end items were purchased on neighbors' cards, loans opened in their names, etc.

The only time our credit card was compromised was when we checked into a hotel and didn't realize until later that among all the paperwork we never got our credit card back. (There had been a lot of back and forth re rooms available or not and shuffling of paper and other confusion, probably specifically created to distract us.) It had already been used for a few small things (metro card, chinese food, maybe a movie or rental) by the time we called the credit card company that night. That thief probably did that a couple times each shift and hadn't been caught at it by sticking with small charges that might be overlooked on a joint card a month later when the statement arrived.

[Guest Taxed]

By invoking more total police state laws in every venue? Been tried in many other countries and does not work. You would NOT like a society that had processes in place to totally protect your identity at every turn.

What happened to personal responsibility to know what you are doing and be accountable if you do something unwise? Society now blames the lack of "Big Brother" style protection from the government(s) to bail people out from their own ignorance or arrogance.

So now blame the victim for getting robbed!

What if you did everything right and still had your identity stolen from an online server or a crooked waiter at the restaurant who made a copy of your credit card? You would tell them it is their fault and not have the law enforcement (Govt) help them and prosecute the criminal?

[Jack from Ohio]

So now blame the victim for getting robbed!

What if you did everything right and still had your identity stolen from an online server or a crooked waiter at the restaurant who made a copy of your credit card? You would tell them it is their fault and not have the law enforcement (Govt) help them and prosecute the criminal?

Stealing my credit card information is far from identity theft. My credit cards protect me if someone uses them without my permission. That is my protection. I generally don't give DOB, SS# and Mother's maiden name to my waiter or waitress. Another bad analogy.

Last December, went to the ATX2012 tax forum in Atlanta. Used our credit card several places for small purchases. Had extra time, so we did some Christmas shopping for gift cards. Total sale was $600. My credit card provider declined the call. In 30 seconds, my cell phone rang. It was the credit card company informing me of the large purchase 800 miles from my usual area of doing business. After giving them the all clear, the card was accepted.

Credit card theft is NOT identity theft.

[Guest Taxed]

Credit card theft is NOT identity theft.

This is How US Dept. Of Justice sees it:

The short answer is that identity theft is a crime. Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain. These Web pages are intended to explain why you need to take precautions to protect yourself from identity theft. Unlike your fingerprints, which are unique to you and cannot be given to someone else for their use, your personal data ­ especially your Social Security number, your bank account or credit card number, your telephone calling card number, and other valuable identifying data ­ can be used, if they fall into the wrong hands, to personally profit at your expense. In the United States and Canada, for example, many people have reported that unauthorized persons have taken funds out of their bank or financial accounts, or, in the worst cases, taken over their identities altogether, running up vast debts and committing crimes while using the victims's names. In many cases, a victim's losses may include not only out-of-pocket financial losses, but substantial additional financial costs associated with trying to restore his reputation in the community and correcting erroneous information for which the criminal is responsible.

[SaraEA]

"This part is WAY overstated. It is NOT easy for a hacker to read your e-mail unless he gets your e-mail username and password. This is how the great majority of e-mails get compromised."

Jack, you're kidding, right? Please ask your software engineer son to explain this to you. The danger is not someone wirelessly connecting to your email account or finding out your access info. Email accounts go through account providers, ISPs, routers and backup systems that may or may not abide by encryption (if any). Here's just one example from Wikipedia: "Because email connects through many routers and mail servers on its way to the recipient, it is inherently vulnerable to both physical and virtual eavesdropping. Current industry standards do not place emphasis on security; information is transferred in plain text, and mail servers regularly conduct unprotected backups of email that passes through. In effect, every email leaves a digital papertrail in its wake that can be easily inspected months or years later."

I have a client who is also a software engineer. When I offered to send him his signature docs via password-protected email he refused. He then gave me a 10-minute lecture about how insecure that practice is.

Believe me, email is NOT secure. Please do not use it for any sensitive information. Someone on this board recently posted that Circ 230 forbids practitioners to use email for sending tax returns. I did a word search of the Circular and found no matches. Is that mandate in the proposed revisions that haven't been approved yet?

[Guest Taxed]

I forget where I read it but basically, an e-mail is really an electronic postcard. If you are hesitant to write something on a paper postcard, you should be hesitant to write that in an e-mail??

Yesterday I stopped my sister from e-mailing me some brokerage statement to review for this year's tax return. She downloaded it from the broker's website.

[Jack from Ohio]

"This part is WAY overstated. It is NOT easy for a hacker to read your e-mail unless he gets your e-mail username and password. This is how the great majority of e-mails get compromised."

Jack, you're kidding, right? Please ask your software engineer son to explain this to you. The danger is not someone wirelessly connecting to your email account or finding out your access info. Email accounts go through account providers, ISPs, routers and backup systems that may or may not abide by encryption (if any). Here's just one example from Wikipedia: "Because email connects through many routers and mail servers on its way to the recipient, it is inherently vulnerable to both physical and virtual eavesdropping. Current industry standards do not place emphasis on security; information is transferred in plain text, and mail servers regularly conduct unprotected backups of email that passes through. In effect, every email leaves a digital papertrail in its wake that can be easily inspected months or years later."

I have a client who is also a software engineer. When I offered to send him his signature docs via password-protected email he refused. He then gave me a 10-minute lecture about how insecure that practice is.

Believe me, email is NOT secure. Please do not use it for any sensitive information. Someone on this board recently posted that Circ 230 forbids practitioners to use email for sending tax returns. I did a word search of the Circular and found no matches. Is that mandate in the proposed revisions that haven't been approved yet?

You believe all that if you wish. Email or any transmission on the internet is broken up into hundreds or thousands of individual packets. All packets do not take the same routes to the destination. They move by the billions per second at the speed of light. It is VERY difficult to target one e-mail or mail address. Ask your engineer what the process would be.

So, now faxes and e-mail are not secure? Back to the USPS that has an efficiency rate that is deplorable, and allow many people that are not screened or vetted handle mail that, by IRS regs, must be marked "Important Tax Information" clearly on the outside of the envelope which makes for easy pickins for an identity thief.

Our firm had too many instances of USPS losing items this year. I do not believe that Circular 230 has any provision about sending anything via email or any other method. Please correct me if I missed something.

MAS said it correctly. Identity hackers get enough information directly from victims by them answering phishing phone calls and e-mails. They also target companies with hundreds of thousands of people in their database. They are not going to "tap my line" for the 100 or so e-mails I send in a 4 month period with information in them. Too much work.

Keep believing the hysteria. It will cost you multiple dozens of hours of additional work, just to calm your fears.

[Jack from Ohio]

I forget where I read it but basically, an e-mail is really an electronic postcard. If you are hesitant to write something on a paper postcard, you should be hesitant to write that in an e-mail??

Yesterday I stopped my sister from e-mailing me some brokerage statement to review for this year's tax return. She downloaded it from the broker's website.

How is downloading from a website any different than sending an e-mail? I know the answer, but for your fear to be valid, there must be some difference? I speak techie, so enlighten me??

[Guest Taxed]

How is downloading from a website any different than sending an e-mail? I know the answer, but for your fear to be valid, there must be some difference? I speak techie, so enlighten me??

In her case she had no means to encrypt/password protect the pdf she got from her broker's site. That is why i did not want it e-mailed to me. When my clients request I e-mail them their tax return copy because they do not want to come pick it up, I send it by encrypting the pdf. I call them and tell them the password.

[Jack from Ohio]

In her case she had no means to encrypt/password protect the pdf she got from her broker's site. That is why i did not want it e-mailed to me. When my clients request I e-mail them their tax return copy because they do not want to come pick it up, I send it by encrypting the pdf. I call them and tell them the password.

I meant, what is the difference in security of her downloading the file vs. sending it to you? Would you download the file from the website?

[Guest Taxed]

Not if it is un-encrypted. If I know it has my personal info I will not download it.

Just got some documents from my auto ins company and it was encrypted pdf.