Half of the checks processed by the Department of the Treasury are from tax returns, even though 95 percent of refunds to taxpayers are electronic, according to Stephen Mankowski, president of the National Conference of CPA Practitioners.
“Should we still have refunds made by check? These will likely continue in the foreseeable future, because there is still a segment of the population that is ‘unbanked,’” said Mankowski, who attended the September IRS National Public Liaison meeting, which focused on the future of electronic refunds, cyber attacks on tax professionals, tax reform implementation and a new e-services user agreement. “In addition, there are security features inherent with checks, other than simply the physical check.”
“Understandably, the future vision is to become all electronic. Getting there necessitates seeing why both individual and corporate taxpayers still want paper check refunds,” he continued. “The Treasury is working with the IRS to determine what percentage of checks were originally requested versus those having direct deposit issues.”
Cyber attacks on tax practitioners are continuing, and the IRS and its Security Summit partners have stepped up efforts to battle these attacks.
“Overall, the risk of fraud has increased as more PII [Personally Identifiable Information] has become available,” Mankowski said. “Large-scale cyberattacks are on the increase, posing threats to the IRS. Stolen CPA data is being used to process fraudulent returns.”
“We’re starting to see fraudsters filing legitimate returns for a taxpayer, but just changing the banking information. That’s the next step they need to work on, because at this point the IRS does not have a way to verify that a refund is going to the taxpayer’s bank account,” he said.
“The Wage & Investment and Policy Departments are working to redact [personal identifying information] on forms that are faxed or mailed to the taxpayer and their representatives,” he said. “The financial entries would not be redacted, but the other information would be. Specifically, redacted information would include employer name, address and EIN number, since these are sued to prepare fraudulent W-2s.”
One of the problems with redacting is that it’s not always feasible for taxpayers to go back to their former employer for a copy of their W-2, Mankowski observed: “When you end up with the first four letters of an employer’s name, it may not be sufficient for the taxpayer to know who the employer was. For example, in a franchise situation, the name of the corporation or partnership which owns the franchise may have nothing to do with the actual name of the franchise.”
Redacting was set to begin on Sept. 23, 2018. On Jan. 1, 2019, faxing to taxpayers and their representatives will end, and after tax season, mailings to third parties will end.
Wage and income transcripts are available via IRS e-Services and mailed to client addresses, Mankowski noted. “About 900,000 overdue returns were filed during 2017 to bring taxpayers into compliance. The surprise is that the IRS will be redacting data even when the information is being provided to the CPA’s secured mailbox within e-Services. The practitioner complaint is that the CPA has been authenticated to initially gain access to e-Services, plus the IRS uses multi-factor authentication to enter. In addition, the CPA needs to have a power of attorney on file within the IRS [Centralized Authorization File] unit. The IRS was not able to explain why this added security was needed.”
Mankowski suggests that practitioners put in passwords on software from prior years. “If they can’t get your 2017 or 2016 data, they’ll try for 2015 and get information that the bad guys like to get,” he said. “It costs nothing to put in a password for prior years, or multi-factor authentication.”
The Tax Reform Implementation Office is making a concerted effort to communicate with practitioners and taxpayers, Mankowski indicated. He noted that that professionals should not be overly dependent on their software, and need to be aware of tax reform changes to ensure that the calculations are correct.
Effective Oct. 14, 2018, a new e-Services user agreement became effective. “All users will have to acknowledge the new agreement the next time they access e-Services after this date,” said Mankowski. “The new agreement, which tends to be more high-level, should be read to ensure they can adhere to the enhanced requirements.”