In a News Release (IR 2019-122, 7/9/2019), IRS has announced that it and its Security Summit partners have created the "Taxes. Security. Together." checklist, which contains suggested procedures for tax professionals to improve their anti-identity theft and other security practices. The Release also contains some statistics on tax-related identity theft.
In 2015, IRS convened a Security Summit with chief executive officers and leaders of private sector firms and federal and state tax administrators to discuss emerging threats on identity theft and expand existing collaborative efforts to stop fraud. In addition to companies from the private sector, the Summit included several groups including the Electronic Tax Administration Advisory Committee (ETAAC), the Federation of Tax Administrators (FTA) representing the states, the Council for Electronic Revenue Communication Advancement (CERCA), and the American Coalition for Taxpayer Rights (ACTR).
Teams formed by the Summit focus on developing ways to validate the authenticity of taxpayers and information included on tax return submissions, information sharing to improve detection and expand prevention of refund fraud, and threat assessment and strategy development to prevent risks and threats.
IRS has announced that it and its Security Summit partners have created a new “Taxes. Security. Together.” Checklist for tax professionals to use to deal with identity theft and other security issues. Beginning next week, IRS and Summit partners will issue a series of five “Tax Security 2.0” news releases highlighting “Taxes-Security-Together” Checklist action items.
In its announcement, IRS has noted that the Checklist contains the following key security features:
Deploy the “Security Six” measures:
- Activate anti-virus software.
- Use a firewall.
- Opt for two-factor authentication when it’s offered.
- Use backup software/services.
- Use Drive encryption.
- Create and secure Virtual Private Networks.
Create a data security plan:
- Federal law requires all “professional tax preparers” to create and maintain an information security plan for client data.
- The security plan requirement is flexible enough to fit any size of tax preparation firm, from small to large.
- Tax professionals are asked to focus on key risk areas such as employee management and training; information systems; and detecting and managing system failures.
Educate yourself and be alert to key email scams, a frequent risk area involving:
- Learn about spear phishing emails.
- Beware of ransomware.
Recognize the signs of client data theft:
- Clients receive IRS letters about suspicious tax returns in their name.
- More tax returns filed with a practitioner’s Electronic Filing Identification Number than submitted.
- Clients receive tax transcripts they did not request.
Create a data theft recovery plan including:
- Contact the local IRS Stakeholder Liaison immediately.
- Assist IRS in protecting clients’ accounts.
- Contract with a cybersecurity expert to help prevent and stop thefts.
Identity theft statistics
The release notes that, between 2015 and 2018:
- The number of taxpayers who reported to IRS that they were victims of identity theft fell 71%. In 2018, IRS received 199,000 identity theft affidavits from taxpayers compared to 677,000 in 2015. This was the third consecutive year this number declined.
- The number of confirmed identity theft returns stopped by IRS declined by 54%, falling from 1.4 million in 2015 to 649,000 in 2018.
Checkpoint References: For identity theft, see FTC 2d/FIN ¶ T-10164.4.