Helping Firms Protect Client Data

History is filled with tales of frauds and imposters, of people seeking economic gain or influence by assuming another’s identity. In bygone days, hucksters would pass themselves off as royalty, doctors and military heroes to fool the unwary. And while there may be a certain mercurial boldness to the exploits of a Ferdinand Demara or a Barry Bremen, today’s identity thieves pose a far more insidious problem: Thanks to digital technology, they are availing themselves of computer-driven tools to collect data on masses of individuals, leaving behind a wake of victims struggling to repair the legal and financial damage.

Accounting firms are one group of attractive targets for identity thieves wishing to mine sensitive information from large numbers of taxpayers.

To get a sense of scope of the challenge that identity theft poses, the IRS reports that in the first eight months of 2017, roughly 443,000 confirmed identity theft returns were submitted to the agency; financial firms stopped 127,000 suspect refunds which, according to the IRS, in part reflects a handful of cases involving several thousand accounts; and 189,000 taxpayers reported themselves as victims of identity theft. Shortly before the IRS released these statistics, Reuters reported that identity theft in Australia cost that nation an estimated AUD2.2 billion (US$1.74 billion) in 2015-16.

Given the high potential for fraud, the victimization of individuals and the potential economic cost, regulators have been increasingly mindful of how well accounting firms secure client data; failure of firms to provide adequate protection exposes them (and their directors) to the risk of stiff fines based on the Gramm-Leach-Bliley Act.

To assist professional accounting firms in managing the security of client data, Thomson Reuters released its Thomson Reuters Authenticator solution in February 2017, a multi-factor authentication app that provides user verification using at least two forms of identity. The use of multi-factor solutions has been a topic of frequent and increasing discussion among IRS Security Summit participants, and Thomson Reuters was the first to market in providing a mobile app solution for accounting firms, implementing the state-of-the-art solution in all products for the Thomson Reuters CS Professional Suite® (including on-premise and hosted software, and for clients of firms using Thomson Reuters personal client portals), as well as in the cloud-hosted products for US practitioners.

It is with this understanding that Thomson Reuters undertook a variety of measures in 2017 aimed at elevating the awareness and training among tax and accounting professionals to handle the dangers of identity theft. Thomson Reuters experts speak with confidence on such matters because of deep industry relationships and affiliations with regulators and practitioner communities.

For instance, Thomson Reuters is a charter member of the Information Sharing and Analysis Center (ISAC) workgroup, one of seven workgroups comprising the IRS Security Summit. The Summit is a partnership between the IRS, the states and the tax industry, formed to combat identity theft. Jon Baron represents the company in senior leadership meetings with the IRS Commissioner; and Geno Salo, Senior Director, Government Relations, is a co-lead of the Tax Professional workgroup, which is charged with communicating how identity theft victimization impacts both professional tax preparers and taxpayers.

Partnering with the IRS to combat tax-related identity theft is a key component in thwarting cybercrime. In March 2017, Thomson Reuters hosted two IRS criminal investigators at its Ann Arbor campus for a series of meetings with strategic partners and various Thomson Reuters employee groups. The meetings raised awareness of what the IRS was seeing in its investigations and solicited investigators’ advice on what firms should be doing to protect themselves. Thanks to the success of these meetings, IRS investigators partnered with Thomson Reuters throughout 2017 to speak at customer and media events.

Trenda Hackett, Senior Technical Editor, Knowledge Solutions, Tax & Accounting, sits on several tax professional boards and committees including the Tax Alliance Conference and the Texas Society of CPAs Relations with the IRS Committee. In 2017, she was invited to speak at several industry functions on the topic of identity theft, including a news conference with the IRS during National Security Week. “When I talk to tax professionals, I want them to be aware of their legal obligations but also of the various threats and the need to encourage a culture of diligence,” said Hackett.

During SYNERGY 2017 (Thomson Reuters 37th annual users’ conference), attended by over 1,700 tax and accounting professionals, Hackett and her colleague Christina Wiseman, Product Manager, Centralized Services, led several security-related presentations and roundtable discussions. In one of her presentations, Wiseman shared the following statistic to underscore why cybersecurity in the tax and accounting profession is a hot topic:

• 72% of our accounting firm customers indicated that they had at least one client affected by tax refund identity theft.

Due to the constantly evolving methods of identity theft attack, there are no assurances that the countermeasures put in place today will remain efficacious tomorrow. As Wiseman advised attendees at a presentation on data protection, “Tax professionals should consult with their legal and technology security advisors for regular guidance on data security practices and legal standards applicable to their practice.”