Last year’s United States’ tax season when the Internal Revenue Service (IRS) was breached and hackers used 464,000 stolen Social Security numbers to successfully E-file 101,000 fraudulent tax returns using false PINs. This incident should cause taxpayers to ask the question, “What’s the government doing to protect my tax returns?”
As reported by the IRS, the organization has made significant improvements over the past year in order to protect the identities of taxpayers from fraudulent returns “before, during, and after a tax return is filed.” From a November statement on irs.gov: “This is highlighted by the number of new people reporting stolen identities on federal tax returns falling by more than 50 percent, with nearly 275,000 fewer victims compared to a year ago.”
One new tool the IRS credits to dramatically combating identity theft is an annual Security Summit. This was a way for the IRS to begin identifying and implementing changes. According to the IRS, successful efforts of the summit have lead to:
- Identity theft affidavits falling sharply: A decrease of 50 percent during the first nine months of 2016 compared to 2015.
- More fraudulent returns stopped before processing: This factor also dropped by nearly 50 percent. From January through September of 2016, the IRS stopped 787,000 confirmed identity theft returns, totalling more than $4 billion.
- A decrease in fraudulent refunds: Thanks to the number of bank partners increasing by 106 institutions since 2015, the number of suspect refunds stopped by banks and returned to the IRS dropped by more than 50 percent.
- Shared information stopping more bad returns: This can be attributed to information provided by industry and state partners in order to improve IRS fraud filters, 57,000 bad tax returns were stopped that would have otherwise bypassed IRS processing filters.
- Shared data elements helping to identify new areas: Adding new data elements on tax returns helped the IRS stop over 74,000 suspicious returns, preventing $372 million in fraudulent refunds from being paid.
While these improvements are indeed significant, any concerned taxpayer will take away from all of this that, though improved, the IRS still isn’t batting 1,000 when it comes to protecting citizens against identity theft. Therefore, continuing to be mindful of best security practices when it comes to handling sensitive data for all aspects of your business is still highly recommended.
To help businesses out, the IRS has prepared a list of critical steps you can take to protect yourself and your clients from identity theft.
- Assure that taxpayer data, including data left on hardware and media, is never left unsecured.
- Securely dispose of taxpayer information.
- Require strong passwords (numbers, symbols, upper & lowercase) on all computers and tax software programs.
- Require periodic password changes every 60-to-90 days.
- Store taxpayer data in secure systems and encrypt information when transmitting across networks.
- Ensure that email being sent or received, that contains taxpayer data, is encrypted and secure.
- Make sure paper documents, computer disks, flash drives and other media are kept in a secure location and restrict access to authorized users only.
- Use caution when allowing or granting remote access to internal networks containing sensitive data.
- Terminate access to taxpayer information for anyone who is no longer employed by your business.
- Create security requirements for your entire staff regarding computer information systems, paper records, and use of taxpayer data.
- Provide periodic training to update staff members on any changes and ensure compliance.
- Protect your facilities from unauthorized access and potential dangers.
- Create a plan on required steps to notify clients should you be the victim of any data breach or theft.