Protect Your Firm From Fraud With New IRS Signature Guidance

Practice Management Social Security Card in hacker's hand, identity theft

Well, the time has finally arrived that allows tax preparers to obtain electronic signatures on Form 8879. It has been a long time coming, but the IRS, in 2014, finally allowed electronic signatures. At long last, another obstacle to achieving a highly efficient workflow system in the preparation of income tax returns has been removed. I, for one, look forward to the productivity gains we will see from using this technology.

The 2000 eSignature law made electronic contracts and signatures as legally valid as paper contracts. It only took 14 years for the IRS to come around, but they finally joined the practices that many other industries adopted worldwide to provide efficient, reliable and secure signed documents.

What about security risk? After all, identity theft was the #1 IRS reported tax scheme for 2014. Let’s explore the security features included in eSignature software, which is in compliance with IRS rules.

One might argue that using eSignature would expose a tax preparer to more risk of liability. I view it as reducing the risk to the preparer rather than increasing it. I arrived at my conclusion by looking at the security and safeguards that are in place in using eSignature software. Two of the safeguards are 256-bit Document Encryption and Dynamic Knowledge Base Authentication. Here’s a brief description of what they are designed to accomplish:

256-bit SSL Document Encryption. This term refers to creating a secure connection between a client and a server over which any amount of data can be sent securely. In other words, it enables a secure socket layer between the client and server. The 256 bit refers to the key length – the most secure in the advanced encryption standard (AES) established by the U.S. National Institute of Standards and Technology. AES became effective as a Federal government standard on May 26, 2002. It is included in many different encryption packages, and is the first publicly accessible and open cipher approved by the National Security Agency (NSA) for top secret information.

Dynamic Knowledge Base Authentication (KBA). This is a method of authentication that seeks to prove the identify of someone accessing a service, such as a website, and is required by the IRS to comply with the eSignature requirements. It requires the knowledge of personal information of the individual to grant access to the protected material. The software used for the eSignature process may use credit scores or reports to generate knowledge-based authentication questions. These questions are called dynamic KBA questions. They are generated on the fly and based on information in a consumer’s personal aggregated data file, compiled marketing data or credit reports. In my opinion, the dynamic KBA is much more secure than the static KBA (shared secrets). We all have experienced static KBA on various sites that require you to choose security questions and answers (shared secrets).

With these security measures in place, tax preparers should be able to have complete confidence in the fact that using electronic signatures will decrease risk to the preparer and certainly to the client.

Here’s to a great tax season; I’m looking forward to using eSignature software to remove the hassle of getting those signatures on the 8879 and engagement letter!