As the IRS has noted in prior articles (summarized below), identity theft and return fraud continue to be a high priority in the tax filing community. The good news is that the federal and state government taxing agencies and the tax software industry, including Intuit®, are taking many meaningful steps to help combat identity theft and refund fraud.
IRS, state agencies and the tax industry work together to combat identity theft and refund fraud. A joint effort between the public and private sectors has identified and tested more than 20 new data elements on tax return submissions. The IRS and state taxing agencies will share this information in an effort to help detect and identity theft and refund fraud. The tax software industry is also establishing enhanced identity authentication processes to help protect their customers’ accounts from identity theft.
Security Summit kicked off in March and led to the establishment of several recommendations in June. To date, 34 state departments of revenue and 20 tax industry members have signed letters of understanding regarding roles, responsibilities and information sharing, with more participants expected to sign later.
The collaborative effort has focused on the following areas:
- Improved validation of taxpayer information included on tax return submissions;
- Increased information sharing to improve refund fraud detection and prevention; and
- More sophisticated threat assessment and strategy development.
The groups have identified many new pieces of data that can be shared with the IRS and state agencies at the time the return is filed with the IRS and state agencies in order to authenticate taxpayers, and thus, improve refund fraud detection. The more than 20 new data components will be submitted, along with the transmission of the return during the 2016 filing season (TY15 tax returns).
User authentication will also be improved for taxpayers using tax software. Taxpayer accounts will be better protected with the use of stronger authentication, such as security questions at the time of login.
IRS: Tax Professionals Should Check EFIN Status
The IRS reminds tax preparers to review their Electronic Filing Identification Number (EFIN) status to make sure it’s accurate and secure prior to the 2016 filing season. EFINs are issued by the IRS to Authorized IRS e-file Providers, and EFIN recipients must meet certain requirements, including background checks.
Intuit: Protecting Customers Continues to be a Critical Priority
Intuit has been a key driver of tax software companies at the Security Summit by working with the IRS and each state’s Departments of Revenue to monitor and flag suspicious e-file activity. Intuit’s Professional Tax Group has also recently instituted additional required validation of tax preparer identity. For the upcoming season, we are implementing some new measures to ensure our products, and our customers, continue to benefit from industry-leading anti-fraud measures. Constantly updating and improving our security is the new normal. While most of these changes are transparent to most customers, it is our role to minimize the impact for affected customers, and help them understand the importance of security.
We are leading the way by implementing new EFIN processes to prevent the misuse of customer EFINs and monitoring e-file activity to identify unusual patterns.
Multi-Factor Authentication (MFA)
MFA is now included in our Professional Tax products (ProSeries®, Lacerte®, ITO, Link and Profile) and will help ensure account security.
When our customers access their accounts for the first time or from a new device, the verification will take place in one of two ways:
- A unique, one-time code will be sent to a customer’s pre-designated device to be used in combination with their password, or
- They can answer a series of security questions.
Once authenticated, customers sign into their account. MFA is one of many investments that we are making in our products to help safeguard our customers in the upcoming tax season and beyond.
Our customers also look to us for security guidance, and more than 3,000 firms have registered for our Security and Identity Theft webinar to learn how to better secure their office and advise their clients. Here is the recorded link, which can be shared with customers: Security and Identity Theft Webinar (one-hour customer training).