In an Information Release, IRS and IRS’s partners in the Security Summit have called on tax professionals and taxpayers to use the free, multi-factor authentication feature being offered in tax preparation software products. The Release also contains other data-security-related information.
Background.
In 2015, IRS convened a Security Summit with chief executive officers and leaders of private sector firms and federal and state tax administrators to discuss emerging threats on identity theft and expand existing collaborative efforts to stop fraud. In addition to companies from the private sector, the Summit included several groups including the Electronic Tax Administration Advisory Committee (ETAAC), the Federation of Tax Administrators (FTA) representing the states, the Council for Electronic Revenue Communication Advancement (CERCA), and the American Coalition for Taxpayer Rights (ACTR).
Teams formed by the Summit focus on developing ways to validate the authenticity of taxpayers and information included on tax return submissions, information sharing to improve detection and expand prevention of refund fraud, and threat assessment and strategy development to prevent risks and threats.
IRS wants taxpayers and professionals to use multi-factor authentication.
In the Information Release, IRS lauds the value of multi-factor authentication.
Multi-factor authentication means users must enter their username/password credentials plus another data point that only they know, such as a security code sent to their mobile phone. For example, thieves may steal passwords but will be unable to access the software accounts without the mobile phones to receive the security codes.
IRS notes that multi-factor authentication protections are now commonly offered by financial institutions, email providers and social media platforms to protect online accounts. And it notes that the use of this authentication method is especially appropriate with tax software products because of the sensitive data held in the software or online accounts.
Other data-security-related information.
The Release also reminds tax professionals to beware of phishing scams that are commonly used by thieves to gain control of their computers. Thieves may claim to be a potential client, a cloud storage provider, a tax software provider or even IRS in their effort to trick tax professionals to download attachments or open links. These scams often have an urgent message, implying there are issues with the tax professionals’ accounts that need immediate attention.
The Release notes that tax professionals can track the number of returns filed with their Electronic Filing Identification Number (EFIN) on a weekly basis. This helps ensure EFINS are not being misused. To do this, professionals should go to e-Services, access the EFIN application and select EFIN status to see a weekly total of returns filed using the EFIN. If there are excessive returns, the professional should contact IRS immediately.
Finally, IRS stated that, already, nearly two dozen tax practitioner firms have reported data thefts to IRS this year.
To continue your research on tax return data security issues, see FTC 2d/FIN ¶ T-10164.4; United States Tax Reporter ¶61,034.0513.
Subscribe to our Checkpoint Daily Newsstand email to get all the latest tax, accounting, and audit news delivered to your inbox each weekday. It’s free!