The IRS issued a bulletin in mid-August 2018 (IR-2018 -164) warning tax professionals about the potential theft of government-issued ID numbers. The bulletin is the sixth in a series issued by the IRS and its Security Summit partners. IRS officials say that tax fraud involving stolen identities and false tax returns is often related to stolen ID numbers.
Employers, third-party payroll providers, and tax preparers have a legal responsibility to protect all data relating to their activities. For tax professionals, that includes the following government issued numbers:
- Electronic Filing Identification Number (EFINs) – numbers used by tax preparers to file returns electronically on behalf of clients.
- Preparer Tax Identification Numbers (PTINs) – numbers issued to authorized individuals or companies preparing tax returns or claims for refunds.
- Centralized Authorization File Numbers (CAFs) – numbers used by tax professionals for requesting third-party access to client files.
Employers and payroll providers have their own numbers they need to protect. These include Employee Identification Numbers (EINs) and Social Security numbers. Dallas-based payroll provider BenefitMall says that not protecting government-issued numbers can lead to very serious consequences.
How Tax Fraud Occurs
Though the mid-August IRS bulletin did not discuss in detail how tax fraud occurs, the process is common knowledge. Fraudsters get hold of the data by hacking into payroll and tax preparation accounts.
With individual employee information and the numbers necessary to access IRS networks, they can then file fake tax returns using numbers that virtually guarantee a refund. Refunds can be channeled into a temporary bank account set up specifically for this purpose. Fraudsters who do not want to take their chances with a bank account can receive refund checks.
The IRS says stolen information often ends up on the Dark Web. It can be purchased from the original hackers by scammers who use it to commit tax fraud. Scammers move quickly enough to file multiple fake tax returns and get refunds before anyone realizes what is going on. Then they close the operation and start over with a new one.
Maintaining, Monitoring, and Protecting Numbers
The IRS has addressed employers and payroll providers about protecting employee data in previous bulletins. The mid-August bulletin offers tax professionals a lengthy list of suggestions for maintaining, monitoring, and protecting government-issued ID numbers. For starters, they suggest tax preparers make a concerted effort to ensure their accounts are always up-to-date.
They recommend that tax professionals closely examine the weekly reports they receive. Those reports contain a plethora of valuable information that can help a tax preparer identify potential fraud.
Finally, the IRS recommends that tax professionals learn how to recognize and avoid scams targeting them and their government-issued ID numbers. They recommend additional security protocols including encrypting all data, using strong passwords for online accounts, and securing all computers and mobile devices with appropriate software.
The New Year Is Coming
Perhaps the most important point not mentioned in the bulletin is the fact that the new year is quickly approaching. Though it is only September, hackers have about four months to get ready for the 2019 tax filing season. You can bet they are already looking to steal the information they are going to need to file fake tax returns within the first few weeks of January.
It is the responsibility of tax professionals, employers, and third-party payroll providers to protect all of the data they are entrusted with. As the IRS points out in such great detail, tax fraud is alive and well in the U.S. Everyone involved must contribute to preventing it from occurring in 2019.