"

Estimated reading time: 5 minutes, 6 seconds

Filing Fraud: Tax Season's Hot Issue

David Williams, IntuitThis year, everything gets tighter as governmental agencies, software vendors and tax preparers attempt to stem the flood of fraudulently filed income tax returns. The major efforts discussed publicly are requiring more information from taxpayers to prove that they are who they claim to be, along with the use of stronger passwords.

And key the phrase is multi-factor identification—requiring more steps in that proof. All of this is supposed to kick in when filing season starts on January 19.

"We have all upped our game dramatically," says David Williams, chief tax officer for tax software vendor Intuit, which was the subject of highly publicized filing fraud in several states during the 2015 tax season. The company shut down electronic filing briefly in those states. Nearly a year ago, it also publicly denied charges by two former employees that it refused to take steps in its software that would have deterred fraud.

The problem is widespread.

Williams has asked preparers attended a recent presentation he made about their experience with stolen returns. When asked if they had at least one client whose ID has been stolen and used filing returns, about 80 of 100 people in the audience raised their hands. "Asked how many had two clients affected, virtually all kept their hands up," he says.

The problem that ballooned year was identity theft—thieves used ID information about other individuals to file returns and receive refunds. Concern over the prevalence of ID theft and fraudulent filing led to a security summit held in October by the Internal Revenue Service, with participation by software vendors, state governments and tax professionals.

The Authentication Work Group and software publishers agreed on the need for passwords with a minimum of eight characters with upper case, lower case, alpha, numerical and special characters, a new timed lockout feature and limited unsuccessful log-in attempts; and the additional three security questions.

It's not just asking more questions of those filing returns. "We had taken a hard look at the different ways in which returns come in. and decide which ones should go through further identity screening without overburdening the prior-year customer," says James Wheaton of Liberty Tax.

Wheaton, the tax chain's legal counsel and VP of legal and governmental affairs, picked up the additional title of chief compliance officer for the tax chain in December and coordinated the company's participation at the IRS Security Summit.

Liberty is using profiles to screen returns, with Wheaton declining to discuss these publicly. However, Liberty is utilizing a third-party vendor in additional screening which Wheaton said involves "Not so much the content of the return as the characteristics of the customer." Those likely to undergo additional screening include customers utilizing a financial product, such as a debit card, and those filing returns "under some sort of free program."

H&R Block outlined its program and in particular said multi-factor authentication was nothing new.

"We've had multi-factor authentication in place for several years," a spokesman says. He adds, "There are stronger account creation and authentication measures in place such as enhanced password requirements."

Without disclosing details, the company says it uses multi-factor authentication at account set-up, when a returning client can't remember a user name or password, wants to reset apassword, or forgot a security Q&A. Account creation requirements include requiring a stronger password, additional security questions and answers. There is also the ability to handle certain scenarios of authentication via texting of a multi-digit code to a mobile number.

"We are recommending that all of our returning clients update their account settings to meet these stronger requirements," the spokesman says. "We will also be implementing Touch ID in our MyBlock and tax prep apps."

In a prepared statement, TaxAct notes that it is using tougher log-in requirements, such new password standards and is telling its customers about the importance of strong passwords. It also has new security questions, and email address and device identity verification.

Besides meeting those minimum standards, the company says it also offers identity recover services at no charge. Its Identity Recovery powered by Armor will help the customer resolve the problem.

While Thomson Reuters is also following the recommendations made for the industry, the company's Tax & Accounting business says it is doing far more than the minimum. For one, it put 20-year Thomson veteran Gene "Geno" Salo, director of government and regulatory, in charge of the anti-fraud program.

Salo, who reports to the unit's managing director, Jon Baron, notes the broad effort being mounted by government and industry. "We have agreed to look for emerging patterns in fraudulent filings," he says. One example of that was when the company noticed, "We were receiving W-2s from a retailer who had shut all their doors in their state."

Thomson, he notes, "probably already exceeds the standards in all respects.' Besides the standard penetration testing that most software companies utilize, he says there are many controls built into the company's UltraTax Software.

"We have pretty sophisticated security settings so that the license and firm can control unauthorized access, and unauthorized transmission of returns," Salo says.

Salo expects the efforts to grow. "In the near future, the IRS will propose some security framework standards, across the industry," he says.

But the outlook is for the need for continued vigilance as the bad guys aren't going away. "It's an ongoing battle with the criminal element," Salo says.

Bob Scott
Bob Scott has provided information to the tax and accounting community since 1991, first as technology editor of Accounting Today, and from 1997 through 2009 as editor of its sister publication, Accounting Technology. He is known throughout the industry for his depth of knowledge and for his high journalistic standards.  Scott has made frequent appearances as a speaker, moderator and panelist and events serving tax and accounting professionals. He  has a strong background in computer journalism as an editor with two former trade publications, Computer+Software News and MIS Week and spent several years with weekly and daily newspapers in Morris County New Jersey prior to that.  A graduate of Indiana University with a degree in journalism, Bob is a native of Madison, Ind
Read 4853 times
Rate this item
(0 votes)

Visit other PMG Sites:

Template Settings

Color

For each color, the params below will give default values
Tomato Green Blue Cyan Dark_Red Dark_Blue

Body

Background Color
Text Color

Header

Background Color

Footer

Select menu
Google Font
Body Font-size
Body Font-family
Direction
PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.