IMGCAP(1)]Not everyone is a fan of Congress’ plan to have the Internal Revenue Service use outside agencies to collect unpaid taxes. (See “
For starters, it’s been tried before, and failed – twice. Both efforts, from 1996-1997, and 2006-2009, lost money. And given the current atmosphere of high cybercrime, ID theft and tax refund fraud, it doesn’t make sense to give taxpayers’ personal data to third parties, according to Stephen Mankowski, executive vice president of the National Conference of CPA Practitioners and a partner at Bryn Mawr, Pa.-based E.P. Caine & Associates CPA LLC.
“We think it’s a bad idea,” said Mankowski, who recently testified at a hearing of the House Committee on Small Business on “Small Business and the Federal Government: How Cyber Attacks Threaten Both.” His prepared remarks described the risks faced by businesses in general and CPA firms in particular to guard against ID theft. During the questions that followed his presentation, he made the point that the collections issue added further risk to taxpayers whose personal data would be open to the collection agencies.
“The education we’ve been providing to our clients that the IRS won’t phone them or send out e-mails is going by the wayside,” he said. “So many of them have received scam phone calls and spoofing e-mails that we constantly remind them that the IRS doesn’t do these things – but now it will.”
“They’re still working out the parameters of the process,” he said. “They need to determine which accounts will get sent out to collectors, and what information on the taxpayers the collectors will have. There are a lot of gray areas to work through. For example, if you get a phone call from a collector will you have the right to say, ‘I’m not dealing with you, I want to deal with the IRS’?”
“Taxpayers may be required to deal with the collectors,” he said. “It can be a scary time, especially with ID theft rampant. People will have no idea who the collectors are. The outside collectors will have access to personal tax information, and the data to support what the IRS claims the taxpayer owes.”
“At least we got it on record that there were concerns from the ID theft perspective on the outsourcing of collections,” he added.
Mankowski noted that ID theft has been growing exponentially for years. “It seems that no matter what controls are put in place, criminals have better and more focused resources to circumvent these safeguards,” he said.
“All businesses are at risk, but CPA firms and tax practitioners are at a greater risk,” he noted. “The criminals are aware that the ‘prize’ for breaching tax practitioner systems could yield them not only names and Social Security numbers, but also several year of earnings as well as bank information and dates of birth.”
“In March 2015, one tax software vendor had its electronic processing systems compromised to the extent that the State of Minnesota and subsequently all states temporarily ceased accepting electronically filed returns from that vendor,” Mankowitz told the committee. “One positive result of this situation was the formation of the IRS Commissioner’s Security Summit, which initially included representatives from state governments, banking and the software community. This group approach was a positive signal from the IRS that the issues of identity theft and data security required a multifaceted approach to work at stemming the increases in data security and ID theft.”
The initial focus of the summit was addressing and stopping suspected fraudulent returns through the implementation of protocols to address issues with tax returns before processing and during the initial processing. “Before the creation of the Security Summit, the GAO estimated that during the 2014 filing season the IRS paid approximately $3.1 billion in fraudulent refunds while preventing $22.5 billion.”
While in its initial year the summit estimates that it has prevented in excess of three million fraudulent returns from being processed and refunds issued, many fraudulent returns are still getting through, Mankowski noted. “The summit has now been expanded to include tax practitioners.”
“Unfortunately, despite all of the efforts of the IRS and Congress to curb ID theft, often the cause is unscrupulous preparers that are often unregulated by any authority,” he said. “NCCPAP urges Congress to pass legislation to provide the IRS the necessary authority to regulate all tax preparers and require paid preparers to meet minimum standards.”