Heightened security measures for tax professionals are among the latest goals of the Electronic Tax Administration Advisory Committee (ETAAC).
ETAAC’s 2018 report reveals that tax professionals can expect efforts to increase their knowledge of identity theft tax refund fraud (IDTTRF) through continuing education, and that the IRS should have “internal responsibility for tax professional security.”
The report makes clear that the threat of IDTTRF is ongoing because the crooks are constantly devising new strategies to steal individual and business identities, and converting those ID thefts into tax refunds.
In fact, “these criminals know so much about a given taxpayer that their fraudulent electronically filed returns can be largely indistinguishable from those of the legitimate taxpayer,” the report states, which adds that the fraudsters are “nimble and well-funded.”
ETAAC was established by Congress in 1998 primarily to report on how the IRS was faring in advancing e-filing. In 2017, the committee’s report shifted its focus to implementation of strong cybersecurity protections, and detecting and preventing IDTTRF.
Here’s a snapshot of the report’s four main recommendations:
- The Security Summit and IDTTRF Information Sharing and Analysis Center should be expanded and strengthened. That includes bringing the payroll community into the Security Summit and analysis center, increasing contact with employers and businesses, and emphasizing collaboration.
- Strengthen the cybersecurity of the tax “ecosystem.” That would require establishing a common security standard and the IRS’ authority to enforce it, building tax professional awareness, requiring security continuing education for tax professionals, and establishing “clear IRS internal responsibility for tax professional security.”
- Improve IDTTRF detection, analysis and reporting. An Internal Revenue Code Section 6103 IDTTRF exception would be enacted, detection would be improved by enacting enhanced business tax schema data elements, and EFIN and PTIN validations would be enabled.
- Enable electronic tax services and filing. Enhanced identity proofing and authentication would continue, online tools would be developed, and the electronic filing of employment tax returns should increase.
Naturally, all of this will take some bucks. ETAAC wants Congress to provide funding to the IRS “so that it can adequately staff and fund priorities relating to the Security Summit and the [analysis center].”
The catch, though, is that ETAAC knows the IRS faces a huge task in implementing the Tax Cuts and Jobs Act. The Committee fears that would outweigh cybersecurity needs.
ETAAC also recommends that Congress:
- Take legislative action to better protect taxpayers by expanding the Federal Trade Commission’s Safeguards Rule to include people who serve business, employment and information return filers.
- Give the IRS the authority to apply and enforce the FTC Safeguards Rule in areas under its jurisdiction.
- Add an exception to IRC Section 6103 that allows the use and disclosure of federal tax information related to cybersecurity and IDTTRF prevention activities in tax administration.
- Grant broader authority to the IRS for the agency to regulate tax preparers. This, the report states, “would obviate the need for some of these types of one-off actions.”
About Terry Sheridan
Terry Sheridan is an award-winning journalist who has covered real estate, mortgage finance, health care, insurance, personal finance, and accounting and taxation issues for newspapers, magazines, and websites. A Chicago native and former South Florida resident, she now lives in New England.