IRS, States Call for Stronger Safeguards on Electronic Data

Payroll on Bloomberg Tax is built to get you to the right answer faster and more efficiently. Get all the payroll intelligence you need with Bloomberg Tax expert analysis, perspectives and...

By Keith M. Hill

Tax-return preparation services increasingly are the targets of cybercriminals and should take appropriate steps to protect clients from data theft, the Internal Revenue Service and state tax agencies said.

The Security Summit, a partnership among the IRS, state tax agencies and tax-preparation businesses that was formed in June 2015 to fight identity theft, expanded its public-awareness campaign on data security to ensure professionals were aware of their responsibilities to protect clients from identity theft, the IRS said July 6 ( FS-2016-23 ).

The IRS expanded its data-security efforts this year and posted new information to help tax professionals get started with safeguards to protect clients’ data.

Sharper Focus on Identity Thieves

The 2016 filing season showed that identity thieves turned their attention to preparers, IRS Commissioner John Koskinen said June 28. The agency has a group working on ways to help preparers safeguard corporate data and client information, he said. The IRS is creating a set of security standards and plans to focus on educating preparers about how to ensure information is secured, he said.

There are more than 700,000 tax return preparers in the U.S. and many of them are taking good security precautions, Koskinen said. Cybercriminal techniques are continuing to evolve, so the use of new technology, ruses and scams require that tax professionals remain vigilant in protecting taxpayers as well as their businesses, he said.

Because of the client data held by tax professionals, cybercriminals increasingly target the tax preparation community with a variety of tactics, from remote computer takeovers to phishing scams, the IRS said.

Identity theft and tax fraud have been major focus areas for the agency in recent years. The IRS created the Security Summit to bring together software firms, state tax administrators and tax processors to address identity theft.

Recognizing the risk to tax return preparers, the summit's new effort is an expansion of its 2015 initiative, “Taxes. Security. Together.” The 2015 campaign was aimed at increasing public awareness for using security software, creating stronger passwords and avoiding phishing e-mails. The 2016 summit, “Protect Your Clients; Protect Yourself,” is to run through the start of the 2017 filing season, the IRS said.

Koskinen highlighted progress made since the inception of the group and applauded banks for diligently working with the IRS. The agency stopped $1.1 billion in fraudulent refunds that thieves claimed on more than 171,000 tax returns from January to April 2016, he said. During the same period in 2015, the agency stopped $754 million in fraudulent returns, he said.

The IRS also suspended for further review 36,000 suspicious returns and $148 million in claimed refunds during that period, the agency said.

The number of suspicious refunds that banks returned to the IRS was 66 percent lower through mid-June 2016, compared with the same period in 2015, the IRS said.

The IRS wants its new Identity Theft Tax Refund Fraud Information Sharing and Analysis Center working in time for next year's return-filing season, Koskinen said.

The identity theft center would be critical for preventing fraud after taxpayers file returns, when the agency processes the returns and when banks receive tax refunds, Koskinen said. The goals of the center include helping the IRS and its security summit group partners spot, analyze and share information.

IRS Expands Security Agenda

Other security projects include expanding the verification code pilot program for Forms W-2, Wage and Tax Statement, that started in 2016, creating a process for banks to identify questionable state tax refunds and improving taxpayer identity authentication, the IRS said.

Fact Sheet 2016-23 urges return preparers to follow the security guidelines in IRS Publication 4557 , Safeguarding Taxpayer Data.

“Safeguarding personally identifiable taxpayer information is of critical importance to retaining the confidence and trust of taxpayers,” the IRS said in the publication.

Businesses and individuals maintaining, transmitting or storing taxpayer data are legally responsible “to have safeguards in place to protect client information,” the fact sheet said. Information obtained or used in preparing a tax return is considered taxpayer data, the IRS said.

Preparers “must determine the appropriate security controls for your environment based on the size, complexity, nature and scope of your activities” to safeguard taxpayer information, the IRS said. Examples of security controls include locking doors to restrict access to paper or electronic files, encrypting electronically stored taxpayer data, shredding paper containing taxpayer information before placing it in the trash and not e-mailing unencrypted sensitive personal information.

Preparers should “require periodic password changes every 60-90 days, create security requirements for your entire staff regarding computer information systems, paper records and use of taxpayer data and create a plan on required steps to notify taxpayers should you be the victim of any data breach or theft,” the IRS said in the fact sheet.

Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Payroll