By now, consumers have become well-educated about the need of cybersecurity in their online and in-store transactions. But what about in their tax transactions with the U.S. government?
According to a recent article in The Wall Street Journal, nearly half of the firms with current agreements with the Internal Revenue Service to provide online tax preparation and filing services are not providing adequate privacy and security protection to their customers.
The audit by the nonprofit Online Trust Alliance (OTA), scheduled to be released in full later this week, found that six out of 13 firms, including Jackson Hewitt and Free1040TaxReturn.com, don’t provide adequate security against cybercriminal activity. Seven firms, including TurboTax, H&R Block, TaxAct and TaxSlayer, were praised for their practices and named to an “Honor Roll” list of top performers.
As WSJ notes, the study rated online tax filing services in three categories: consumer protection, site security and privacy. While the report did not disclose the specific performance of each firm across the three categories, it did share that the three failing firms (including Jackson Hewitt and Free1040TaxReturn.com) had “inadequate security against well-known vulnerabilities” that have been known to be exploited by cybercriminals in past attempts.
The study also compared security features used by the tax prep sector to those used in other sectors, including banking and retail. The tax firms scored well overall on privacy compared with banks but did worse than banks in protecting against fraudulent email, Craig Spiezle, president of the Online Trust Alliance, told WSJ.
A representative from the IRS commented, “As the report rightly notes, the areas of security and privacy are evolving daily,” and the IRS works with the industry to “encourage tougher standards.” According to the WSJ article, the firms noted in the audit are all part of the IRS’ Free File Alliance, a program offering free tax preparation and eFiling to taxpayers with an adjusted gross income of $62,000 or less. However, OTA says the findings are relevant for all customers of the 13 tax prep firms it examined, not just those lower-income taxpayers who qualify for the program.
According to WSJ, over the past year, the IRS has worked in collaboration with state tax officials and tax preparation firms nationwide to combat tax refund fraud, a crime in which personal information is stolen and used to file a false return and claim a refund.
In 2015, hackers stole the personal information of more than 330,000 taxpayers from the IRS’ “Get Transcript” database, which provided data from prior returns. Earlier this month, the agency revealed it was the target of an automated attack in which there were 464,000 attempts (101,000 successful) to gather information to be used to steal tax refunds.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More