Make a Plan to Protect Your Data and Report Theft

Make a Plan to Protect Your Data and Report Theft

The Internal Revenue Service and its partners on the Security Summit are reminding the nation’s tax professionals that having a written information security plan is more than just a good idea—it’s the law.

The Security Summit is made up of representatives from the IRS, state tax agencies and the income tax industry. As security threats continue to increase during the COVID-19 pandemic, Security Summit partners are also recommending practitioners create an emergency response plan to be used in the event of a data theft.

Contacting the IRS should be the first step in the plan in order to quickly protect tax pros and their clients.

This is the last in the Security Summit’s Working Virtually series.

Making a plan for protecting data and reporting theft is the last in a five-part series called Working Virtually: Protecting Tax Data at Home and at Work. The special Security Summit series has spotlighted basic security steps for all manner of tax professionals, but is tailored for those working remotely or social distancing due to the COVID-19 outbreak.

“COVID-19 has changed the way many of us work, and more tax professionals are working from home. With these changes, there are new risks from cybercriminals. Our special Security Summit series was designed to give you critical information protect your clients and protect your business,” said IRS Commissioner Chuck Rettig.

“We all have a role in protecting taxpayer data, and the tax professional community is a critical part of that effort,” Rettig added. “It’s more important than ever to take appropriate security precautions, protect remote work sites, use two-factor authentication and plan ahead for all possibilities.”

Remember: FTC requires a written security plan.

Federal law administered by the Federal Trade Commission requires all “professional tax preparers” to create and maintain a written information security plan. Each document should be appropriate to the firm’s size and complexity.

The plan must also be appropriate to the nature and scope of the company’s activities as well as the sensitivity to the customer information it handles. For example, a plan for a sole tax practitioner would be much different than the plan for a global, multi-partner firm.

No matter what their circumstance, tax pros working from home must ensure client data is protected just as it would in an office setting.

What does the Safeguards Rule require?

The FTC requires each company, as part of its plan, must:

  • designate one or more employees to coordinate its information security program;
  • identify and assess the risks to customer information in each relevant area of the company’s operation and evaluate the effectiveness of the current safeguards for controlling these risks;
  • design and implement a safeguards program and regularly monitor and test it;
  • select service providers that can maintain appropriate safeguards, make sure the contract requires them to maintain safeguards and oversee their handling of customer information; and
  • evaluate and adjust the program in light of relevant circumstances, including changes in the firm’s business or operations, or the results of security testing and monitoring.

It should be noted that the FTC is currently taking a second look at the Safeguards Rule and is proposing new regulations. Tax pros should be alert to any changes in the rule and its effect on the tax preparation community.

IRS Publication 4557, Safeguarding Taxpayer Data, outlines critical security measures for all tax professionals. It also includes information on how to comply with the FTC Safeguards Rule and includes a checklist of items for a prospective security plan. Practitioners are asked to focus on key areas such as employee management and training; information systems; and detecting and managing system failures.

For those preparers who think they may just forego creating a security plan, the IRS may treat a violation of the FTC Safeguards Rule as a violation of IRS Revenue Procedure 2007-40, which sets the rules for tax professionals participating as an Authorized IRS e-file Provider.

Your plan should include a response to data theft.

Tax professionals who suffer a theft of their data should report the crime to the IRS immediately. Speed is critical, so that actions can be taken to protect taxpayers — and the firm.

The Security Summit recommends practitioners create a response plan so that action can be taken quickly and contact information is readily available.

If a client or the firm are the victim of data theft, immediately:

  • Report it to the local IRS Stakeholder Liaison. Stakeholder Liaisons will notify IRS Criminal Investigation and others within the agency. Speed is critical. If reported quickly, the IRS can take steps to block fraudulent returns in clients’ names and will assist through the process.
  • Email the Federation of Tax Administrators at statealert@taxadmin.org. Get information on how to report victim information to the states. Most states require that the state attorney general be notified of data breaches. This notification process may involve multiple offices.

Find more information at Data Theft Information for Tax Professionals.

Data thieves not only attempt to steal client data, but may also try to steal the tax professional’s identity as well, using their PTINs, EFINs and CAF numbers to file fraudulent returns or to steal even more information.

Thieves may even try to impersonate the tax pro to obtain tax transcripts or other tax records.

To stay informed, tax professionals should routinely check their IRS e-Services e-file Application to see a weekly count of tax returns filed with their Electronic Filing Identification Numbers. Excessive filings are a sign of data theft. The IRS recommends that e-file applications should also be kept up to date.

Circular 230 practitioners also can review weekly the number of tax returns filed using their Preparer Tax Identification Number or PTIN. Again, excessive filings are a sign of data theft.

Preparers with Centralized Authorization File, or CAF numbers, that enable third party access to tax information or representation should keep those records updated. Practitioners should notify the IRS when they no longer need third-party authorization for clients.

Need additional resources?

Tax pros can get help with security recommendations by consulting the recently revised IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security: The Fundamentals by the National Institute of Standards and Technology.

In addition, Publication 5293, Data Security Resource Guide for Tax Professionals, provides a compilation of data theft information available on IRS.gov. To stay informed, tax pros can stay connected to the IRS through subscriptions to e-News for Tax Professionals and Social Media or visit Identity Theft Central at IRS.gov/identitytheft.

Want to learn more about Drake Software products?

Call 800.890.9500 or visit the product-features pages for Drake Tax, Drake Documents, Drake Accounting, and Drake Portals to learn more about Drake Software products. Check out the Buy or Renew page if you’re ready to get started today.

Story provided by TaxingSubjects.com

IRS Announces Interest Payments to 13.9 Million Refund Recipients

IRS Announces Interest Payments to 13.9 Million Refund Recipients

Receiving a tax refund might be the only thing people like about filing their return, and it looks like some taxpayers are about to get just a little more money from the Department of Treasury.

The Internal Revenue Service today announced that it “will send interest payments to about 13.9 million individual taxpayers who timely filed their 2019 federal income tax returns and are receiving refunds.” As with seemingly everything else in 2020, this is a direct result of the coronavirus pandemic.

Why are 13.9 million taxpayers receiving a tax refund interest payment?

Federal law requires the IRS issue interest payments to taxpayers who file on time after a disaster postpones the filing deadline. In this case, the obvious culprit is COVID-19 pushing Tax Day back to July 15, 2020. But before people start exchanging socially distanced air high fives, there are a few things they’ll need to know:

  • Interest payments will not be issued to businesses nor taxpayers who received their refund before April 15
  • The interest payment will in most cases not arrive at the same time as the refund payment
  • The average interest payment is $18
  • The interest payment is taxable if it’s $10 or more

The longer it takes for a timely filed tax refund to arrive after the original deadline (April 15, 2020), the more interest the IRS will owe. And since the interest is calculated using the adjusted quarterly rate (compounded daily), that can sometimes result in using a blended rate for refunds that “span quarters.”

Here are the rates specifically cited by the IRS:

  • 5% for the second quarter
  • 3% for the third quarter

Interest payments affected by the blended rate will be calculated using “the number of days falling in each calendar quarter.” Perhaps making it a little easier to report a taxable interest payment, the IRS will send letters containing Form 1099-INT at the beginning of next year.

How are these tax refund interest payments being issued?

Taxpayers should generally expect to receive their tax refund interest payment the same way they received their tax refund: “In most cases, taxpayers who received their refund by direct deposit will have their interest payment direct deposited in the same account …. [and] everyone else will receive a check.”

As you well know, many people plan their finances based on the assumption that they will receive a tax refund every year. When everything feels like it’s up in the air, a little good news is welcome—even if it requires some paperwork.

Source: IR-2020-183

Story provided by TaxingSubjects.com

Taxpayers Should Renew Their ITIN Early

Taxpayers Should Renew Their ITIN Early

The Internal Revenue Service today recommended that taxpayers with an expiring Individual Taxpayer Identification Number renew it early to make sure their tax year 2020 refund isn’t delayed. Normally an important financial boost for households across the country, this announcement could help affected non-Social Security holding taxpayers better plan for another uncertain year.

Which ITINs are expiring?

The IRS explains that the Protecting Americans from Tax Hikes Act stipulates that any ITIN not used to file a federal tax return for three consecutive years will expire alongside those with the following middle digits:

  • 88
  • 90
  • 91
  • 92
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99

That said, ITIN holders do not have to wait until their ITIN is expiring to renew. The IRS notes that families can even renew ITINs for everyone at the same time, meaning the Form W-7 renewal application can “include the tax filer, spouse, and any dependents claimed on the tax return.”

What are some ITIN-renewal tips?

The IRS identifies three ways taxpayers can renew their ITIN: by mail, with the help of a Certified Acceptance Agent, or by scheduling an appointment at an IRS Taxpayer Assistance Center.

As when filing any tax return, making mistakes can cause delays. That’s why the IRS recommends looking for these common errors before submitting the packet:

  • mailing identification documentation without a Form W-7,
  • missing information on the Form W-7, or
  • insufficient supporting documentation, such as U.S. residency documentation or official documentation to support name changes.

Additionally, the IRS says it “no longer accepts passports that do not have a date of entry into the U.S. as a stand-alone identification document for dependents other than U.S. military personnel overseas.” Otherwise, applicants will need to provide the following documentation:

  • U.S. medical records for dependents under age 6,
  • U.S. school records for dependents under age 18, and
  • U.S. school records (if a student), rental statements, bank statements or utility bills listing the applicant’s name and U.S. address, if over age 18.

For more information about renewing an ITIN, visit the “Individual Taxpayer Identification Number” page on IRS.gov or watch “Individual Taxpayer Identification Number (ITIN)” on YouTube.

Source: IR-2020-181

Story provided by TaxingSubjects.com

Truckers Reminded to e-File Highway Use Tax Return by August Deadline

Truckers Reminded to e-File Highway Use Tax Return by August Deadline

The Internal Revenue Service is reminding owners of most heavy highway vehicles to timely file their Form 2290, Heavy Highway Vehicle Use Tax Return.

The highway use tax applies to those motor vehicles with a taxable gross weight of 55,000 pounds or more. Generally, this includes large trucks, truck tractors and buses. The tax is based the weight of the vehicle.

A variety of special rules apply, but they are spelled out in the instructions for Form 2290.

The deadline for filing Form 2290 and paying the tax is Aug. 31 for vehicles used on the road during July.

If a taxpayer is unsure whether they have a requirement to file Form 2290, the IRS offers an online tool, “Do I Need to Pay the Heavy Highway Vehicle Use Tax?” The tool features a question-and-answer format that helps owners determine if they have to pay the highway use tax.

How does e-filing make it easier?

The IRS is encouraging all heavy highway vehicle owners to take advantage of the speed and convenience of e-file and to pay any tax due electronically.

Some taxpayers have an option of filing Form 2290 on paper, but those with 25 or more taxed vehicles must file Form 2290 electronically.

With Form 2290 e-filed and any tax due paid online, here’s no need to visit an IRS office. Visit IRS.gov for a list of IRS-approved e-file providers and to find an approved provider for Form 2290 on the IRS 2290 e-file partners page.

What are the payment methods?

There are two ways to pay the highway use tax electronically:

  • Electronic funds withdrawal; authorize a direct debit as part of the e-file process.
  • Electronic Federal Tax Payment System; allow five to seven business days for new accounts.

For now, the IRS says they cannot accept payment payment of the Heavy Highway Vehicle Use Tax by credit card or debit card.

To pay the use tax by mail, send a completed Form 2290 and a check or money order with Form 2290-V, Payment Voucher, to:

Internal Revenue Service
P.O. Box 932500
Louisville, KY 40293-2500

When Form 2290 is filed electronically, e-filers generally get their IRS-stamped Schedule 1 electronically, just minutes after filing and paying any Heavy Highway Vehicle Use Tax due online. They can then print the Schedule 1 and provide it to their state department of motor vehicles – all without having to visit an IRS office.

In 2019, the IRS received about 941,000 Heavy Highway Vehicle Use Tax Returns.

For more information about the highway use tax, check out the Trucking Tax Center at IRS.gov/trucker.

SourceIR-2020-179

Story provided by TaxingSubjects.com

Phishing Scams Can Still Hook the Prepared

Phishing Scams Can Still Hook the Prepared

The humble phishing scam is one of the oldest grifts in the Digital Age. Despite their age, these scams remain remarkably effective. Part of that success is derived from constant evolution, and the Security Summit is dedicating the fourth installment of its “Working Virtually: Protect Tax Data at Home and at Work” educational outreach to warning tax professionals about a raft of new scams that could soon fill inboxes.  

Since COVID-19 forced many businesses to adopt some form of telework, the annual Security Summit event is focusing on remote-work data security tips for tax professionals. While previous weeks have emphasized the need for adopting newer data security tools like multi-factor authentication and Virtual Private Networks, this week goes back to the basics.

What is a phishing scam?

Phishing scams pose as a trusted sender to trick victims into providing personally identifiable information. While chain letters and phone calls are some of the oldest forms of phishing, email scams are probably the most prolific due to how easy they are to create and send. Here are two basic things to remember about phishing emails:

  • Phishing emails often impersonate major retailers and people you know personally, and the IRS warns that they tend to have “urgent” subject lines, like “your account has expired.” For tax professionals, IRS Commissioner Chuck Rettig says that list often includes “a client, your software provider, or even the IRS.”
  • Phishing emails often contain attached files or embedded links that install malware designed to steal your information or directly take over your accounts—whether by using stolen usernames and passwords or installing a type of remote-access malware.

One key takeaway is that you should never click on anything in these emails, and you should never send a response to the sender (regardless of how funny and satisfying that TED Talk is). Remember, these criminals are very skilled at tricking people into providing information via back-and-forth conversations. Instead, you should alert the proper authorities. In this case, that means starting by forwarding the email to the IRS scam-reporting email address: phishing@irs.gov.

What are the NEW phishing scams targeting tax professionals?

New phishing scams are impersonating legitimate coronavirus resources, often “by presenting themselves as providers of face masks or personally protective equipment in short supply.” The IRS says that scams more focused on tax professionals have posed as current or potential clients asking for more information about Economic Impact Payments. And if another round of EIPs is signed into law this year, expect phishing scams tailored to that legislation.

How do I learn more about phishing scams?

The IRS.gov “Identity Theft Central” aggregates information related to all forms of identity theft, breaking down topics according to individuals, tax professionals, and businesses. Visitors will find links to the “Taxpayer Guide to Identity Theft” and the Security Summit’s “Taxes. Security. Together.” campaign, and it serves as an excellent starting point for learning more about identity theft. The Working Virtually press release also includes links to relevant documents:

Check back with us next week for the final installment of the Security Summit’s Working Virtually campaign.

Source: IR-2020-178

Story provided by TaxingSubjects.com