IRS Security Summit Offers Tips on How to Prevent Identity Theft and Tax Fraud

Two-factor Identification is one of the cheapest and easiest ways to prevent tax fraud. As Certified Fraud Examiners (CFEs) we suggest many other safeguards to our clients.

As Certified Fraud Examiners (CFE) my firm has long helped clients untangle webs of taxpayer, identity and data theft. Now, with data theft rising steeply, the IRS Security Summit is finally urging tax professionals and taxpayers to use the simplest of solutions.

The Summit recommended two-factor authentication on tax software, email and cloud storage providers.Two-factor authentication (also known as multi-factor identification) requires a security code sent to a mobile device. Some programs’ multi-factor identification require a pin number or fingerprint in addition to a username and password. A thief may steal usernames and passwords but cannot access accounts without the multifactor features.

So far this year, tax professionals have reported 222 data theft reports to the IRS. Many of these reports involved hundreds of thousands of taxpayers. That is 5 percent more than in all of 2020 and 14.6 percent more than in 2019. Fraudulent tax returns created with data stolen from tax professionals’ offices are difficult to detect because the identity thief is using real financial data.

Data Security Plan Mandate for Tax Pros

Federal law, enforced by the Federal Trade Commission, requires all professional tax preparers to create and implement a data security plan. “Using the multi-factor authentication feature available on tax preparation products is one of the easiest and cheapest security measures any tax pro can take. It’s offered for free by the tax software providers,” said IRS Commissioner Chuck Rettig.

In forming the Security Summit, now in its sixth year, the IRS  joined with representatives of the software industry, tax preparation firms, payroll and tax financial product processors and 42 state tax administrators to combat ID theft  and tax fraud to protect the nation’s taxpayers. “The Security Summit has made great strides to protect the tax community, but we need the help of everyone in the tax professional community,” Commissioner Rettig said.

More Data Theft Security Steps

Multi-factor authentication is just one of several security steps tax professionals – and taxpayers – should use to protect sensitive data.

Among the other steps we recommend are:

• Use anti-virus software, set for automatic updates.  Antivirus software scans existing files and drives on computers – and mobile phones – to protect from malware.
• Use a firewall to shield digital devices from external attacks.
• Backup all data regularly with backup software and services. Making a copy of files can be crucial, especially if the user becomes a victim of a ransomware attack.
• Use drive encryption to secure computer locations where sensitive files are stored. Encryption makes data on the files unreadable to unauthorized users.
• Create and secure Virtual Private Networks. A VPN provides a secure, encrypted tunnel to transmit data between a remote user via the Internet and the company network. Search for “Best VPNs” to find a legitimate vendor; major technology sites often provide lists of top services. ©

Additional Resources

• How Is Your Organization’s Performance on Preventing Fraud?
• How the IRS Finds “Mismatches” With Its Automated Compliance Programs
• Small Business Information Security: The Fundamentals PDF by the National Institute of Standards and Technology.
• The IRS Identity Theft Central pages for tax pros, individuals and businesses have important details as well.
• The Association of Certified Fraud Examiners (ACFE), the world’s largest anti-fraud organization, has developed a Fraud Prevention Checkup for determining if  an organization has adequate fraud prevention systems in place.
• Follow Foodman CPAs and Advisors and IRS Social Media.