Icon Tax Group: IRS and Tax Industry Will Take Stronger Security Measures

michael-lodge

by Michael Lodge

Every year the IRS and tax professional get together to talk about and put into action new security procedures to protect taxpayer tax data.  Every tax professional that prepares tax returns should have a client data protection program in place, if your tax preparer can’t show you their tax client data program then you need to find another tax firm.  This is vital for all tax preparers to protect their client data.  Tax preparers are required to follow the IRS rules and the Federal Trade Commission rules on client data protection.

By Michael Cohn (AT):  The Internal Revenue Service convened a meeting of its Security Summit partners in the tax preparation industry and state tax authorities Thursday to discuss additional steps they can take to safeguard tax refunds from identity theft next filing season.

The measures include new data elements that will be transmitted by the tax industry with each tax return. Altogether, 37 new data elements will be added next year to provide more information to strengthen authentication to ensure tax returns are being filed by the real taxpayers. The tax industry also plans to share with the IRS and states 32 data elements from business tax returns to extend more identity theft protections to business filers along with individual taxpayers.

“Other steps we’re taking won’t be visible to taxpayers, but they will help the IRS and state tax administrators improve their ability to stop refund fraud,” said IRS Commissioner John Koskinen. “One example involves the data components that Security Summit partners collect and share when a return is filed. These act as an early warning system for potentially fraudulent individual returns. We’ve come up with 37 new data components that we will be receiving and monitoring during the next filing season. We also expect this to help with the quicker release of refunds for those returns we are able to verify, so the real taxpayers will be less likely to face delays in their refunds.”

More than 20 state tax authorities are now working with the financial services industry to create their own version of a program that enables the industry to flag suspicious tax refunds before they are deposited in taxpayer accounts. The IRS’s partners in the private sector are also beefing up their efforts to identify the “ultimate bank account” to make sure tax refunds go into the true taxpayers’ accounts instead of fraudsters’ accounts.

A Form W-2 Verification Code initiative that the IRS began last year will now expand to 50 million forms next year from 2 million in 2016. When tax professionals or taxpayers fill out a tax return in their tax software, the 16-digit verification code should be entered when prompted to validate the information on the Form W-2. The IRS expects to expand the verification code in future years for all W-2 forms.

Tax Software Changes
The software industry also plans to continue to enhance its software password requirements for individuals and tax professional users to provide additional safety before filing tax returns.

“Protecting taxpayers and strengthening the integrity of the U.S. tax system is a team effort, and the progress we’ve made together over the past 18 months demonstrates our shared commitment to fight fraud,” said CeCe Morken, executive vice president of Intuit’s ProConnect Group, in a statement. “There’s still much work to do. Intuit is committed to doing our part to actively promote a set of best practices and standards for reporting suspicious behavior to the IRS and state revenue agencies to help them improve their ability to identify tax fraud.”

Intuit said that all individual users within a firm who login and access its Intuit ProConnect desktop professional tax software will need to create and use a unique username and password. After 30 minutes of inactivity, re-authorization will be required. Passwords must also now be at least eight characters long and include a combination of uppercase and lowercase letters, numbers and special characters. Passwords will expire after 90 days. Intuit’s tax software will also use “Captcha” technology to help ensure a person who is signing in is not a robot and is authorized to use Intuit’s online products.

As part of the expanded effort, the IRS’s Security Summit partners will open a new Identity Theft Tax Refund Fraud Information Sharing and Analysis Center, or ISAC. The project’s initial stages will begin next year. The ISAC will eventually provide an improved early warning system to spot emerging identity theft schemes and share the information among the partners in the Security Summit so they can quickly put safeguards in place.

“While we will likely not have all state signatories to the ISAC finalized by the start of tax season 2017, the capability will largely be in place,” said H&R Block president and CEO Bill Cobb. “Our momentum is irreversible and the ISAC will do much to synthesize and share information among all the players.”

Early Successes
The IRS pointed to some success already in battling stolen identity refund fraud as a result of the Security Summit’s efforts. The number of people who filed affidavits with the IRS claiming they were ID theft victims fell 50 percent during the first nine months of this year compared to 2015. The number of new affidavits filed declined to 237,750 compared to 512,278 for the first nine months of 2015.

IRS statistics point to a close to 50 percent drop in the number of fraudulent returns that found their way into government tax-processing systems. Through September 2016, the IRS stopped 787,000 confirmed identity theft returns, totaling more than $4 billion. For the same nine-month period last year, the IRS stopped 1.2 million confirmed identity theft returns, totaling approximately $7.2 billion.

The number of bank partners in the security program increased to 620 financial institutions from 514 institutions last year, allowing internal processes to continue improving. The total number of suspicious tax refunds stopped by banks and returned to the IRS fell more than 50 percent, to 108,539 in 2016 compared to 243,361 in 2015. The dollar amount of suspect refunds dropped to $239 million in 2016 from $829 million in 2015.

The IRS’s partners in the tax prep industry and state tax authorities provided information that helped the IRS improve its fraud filters and stop more bad tax returns, including 57,000 that would have otherwise bypassed the IRS’s processing filters. Several new data elements that have already been shared on tax returns from the IRS’s Security Summit partners enabled the agency to stop over 74,000 suspicious returns, representing over $372 million in refunds that the IRS prevented from being paid.

Koskinen is calling on tax professionals, taxpayers and the tax industry to follow up on this success. “We also need to continue our work to make sure taxpayers and tax return preparers are doing everything they can to protect themselves against identity theft. I can’t stress enough how important this is,” he said. “Stolen identity refund fraud touches nearly everyone, and we all have a part to play in stopping it. So in 2017 the Security Summit Group will continue its public awareness campaign aimed at getting taxpayers to take more data security precautions. We’re also encouraging everyone to learn how to recognize and avoid scammers who try to trick people into disclosing personal financial data such as Social Security numbers or credit card numbers—either over the phone or by email. That’s critical to keeping this very sensitive information from falling into the wrong hands.”