Security Summit Urges Businesses to Tighten Defenses

Security Summit Urges Businesses to Tighten Defenses

Security Summit Urges Businesses to Tighten Defenses

Businesses should be on high alert as thieves try to use their stolen names and data to file fraudulent income tax returns. The warning comes from the Internal Revenue Service, state tax agencies and tax industry partners who make up the Security Summit partnership.

The alert marks the fourth day of National Tax Security Awareness Week, and gives businesses a heads-up to protect both data and systems.

The IRS is also planning additional steps to help businesses fight cybercriminals trying to steal their data.

“As the IRS and our partners have strengthened our security standards, identity thieves have looked for new ways to find sources of information, and businesses need to stay alert,” said IRS Commissioner Charles Rettig. “Businesses, just like individuals, can be victims of identity theft. Thieves may steal enough information to file a business tax return for refund or use other scams using the company’s identity.”

Small Business faces a big threat.

Statistics show more than 70% of all cyberattacks are aimed at businesses with 100 or fewer employees. The thieves may target credit card information, the business’ identity information or employee identity information.

The Federal Trade Commission (FTC) encourages businesses to follow their best practices. These include:

  • Set your security software to update automatically
  • Back up important files
  • Require strong passwords for all devices
  • Encrypt devices
  • Use multi-factor authentication

More information can be obtained at the FTC’s Cybersecurity for Small Businesses site.

Businesses should be especially alert to any COVID-19 or tax-related phishing email scams that attempt to trick employees into opening embedded links or attachments. IRS-related scams can be sent to

The IRS is building defenses.

Starting Dec. 13, 2020, the IRS will begin masking sensitive information from business tax transcripts as well as the summary of corporate tax returns, in an effort to block thieves from stealing identifiable information that would allow them to file fake business tax returns.

Only financial entries, the IRS says, will be fully visible. All other information will have varying masking rules.

For example, only the first four letters of each first and last name—of individuals and businesses alike—will be displayed. Only the last four digits of the Employer Identification Number (EIN) will be visible.

The IRS also has launched the Form 14039-B, Business Identity Theft Affidavit, allowing companies to report possible identity theft to the IRS when, for example, the e-filed tax return is rejected.

Businesses should file Form 14039-B if they receive a:

  • Rejection notice for an electronically filed return because a return already is on file for that same period.
  • Notice about a tax return that the entity didn’t file.
  • Notice about Forms W-2 filed with the Social Security Administration that the entity didn’t file.
  • Notice of a balance due that is not owed.

The form enables the IRS to respond to the business much faster than in the past and to work to resolve issues that are created by a fraudulent tax form. However, businesses should not use Form 14039-B if they experience a data breach but don’t find a tax-related impact.  Check out Identity Theft Central and its Business section.

The W-2 scam is still alive and well.

Tax scams can come and go, but Form W-2 theft schemes seem to be a constant threat. The most common version has a thief pose as a high-ranking company executive who emails payroll department employees and asks for a list of workers and their W-2s. Many times, businesses don’t even know they’ve been scammed until a fraudulent return shows up in employees’ names.

The IRS has special reporting procedure for employers who are hit by the W-2 scam. It also can be found at Identity Theft Central’s Business Section.

Security Summit partners also urge businesses to keep their EIN application information current. A change of address or responsible party can be reported using Form 8822-B.

Remember that a change in the responsible party has to be reported to the IRS within 60 days.

Current information can help the IRS find a point of contact quickly to resolve identity theft and other issues.

For more information about this week-long series and the effort to raise awareness about identity theft, check out on the IRS website.

Source: IR-2020-268

Story provided by

Security Summit Says IP PINs Can Protect Taxpayer Information

Security Summit Says IP PINs Can Protect Taxpayer Information

Security Summit Says IP PINs Can Protect Taxpayer Information

Taxpayers who want to make it harder for identity thieves to successfully file a fraudulent tax return using their information will soon be able to sign up for an IP PIN. Starting in January 2021, the Internal Revenue Service says it will allow any taxpayer to sign up for the Identity Protection PIN Opt-In Program—provided they can “properly verify their identities.”  

This announcement comes on the third day of National Tax Security Awareness Week, an educational outreach event designed to help taxpayers and tax professionals protect their private data from criminals. Previously, the only way to get an IP PIN was to participate in the pilot version of the Identity Protection PIN Opt-In Program or for the IRS to confirm you had been the victim of identity theft.

What is an IP PIN?

According to the IRS, an IP PIN “is a six-digit number assigned to eligible taxpayers to help prevent the misuse of their Social Security number on fraudulent federal income tax returns.” Once you register for an IP PIN, the IRS will only accept your tax return if it lists this new identification number—making it much harder for identity thieves commit identity theft tax refund fraud using your information.

How do I register for the Identity Protection PIN Opt-In Program?

To sign up for an IP PIN, use the Get An IP PIN tool located on While this separate identification number can help taxpayers protect their identities, the IRS notes that applicants who use the online tool “must pass a rigorous authentication process … that uses Secure Access authentication.” (Learn more about Secure Access at

The IRS says that taxpayers should review the following information before submitting an IP PIN application:

  • The Get an IP PIN tool will be available in mid-January. This is the preferred method of obtaining an IP PIN and the only one that immediately reveals the PIN to the taxpayer.
  • Taxpayers who want to voluntarily opt into the IP PIN program do not need to file a Form 14039, Identity Theft Affidavit.
  • The IP PIN is valid for one year. Each January, the taxpayer must obtain a newly generated IP PIN.
  • The IP PIN must be properly entered on electronic and paper tax returns to avoid rejections and delays.
  • Taxpayers with either a Social Security number or Individual Tax Identification Number who can verify their identities are eligible for the opt-in program.
  • Any primary taxpayer (listed first on the return), secondary taxpayer (listed second on the return) or dependent may obtain an IP PIN if they can pass the identity proofing requirements.
  • The IRS plans to offer an opt out feature to the IP PIN program in 2022 if taxpayers find it is not right for them.

Luckily, there are options for IP PIN applicants who can’t complete the online identity verification process.

“Taxpayers with incomes of $72,000 or less and with access to a telephone should complete Form 15227 and mail or fax it to the IRS,” the IRS explains. “An IRS assistor will call the taxpayer to verify their identity with a series of questions. For additional security reasons, taxpayers who pass authentication will receive an IP PIN the following tax year.”

Note: While the program is being expanded to include voluntary IP PIN requests, confirmed victims of identity theft are still eligible to receive an IP PIN at no charge after filing Form 14039.

Source: IR-2020-267

Story provided by

Multi-factor Authentication Spotlighted for National Tax Security Awareness Week

Multi-factor Authentication Spotlighted for National Tax Security Awareness Week

Multi-factor Authentication Spotlighted for National Tax Security Awareness Week

Day two of National Tax Security Awareness Week is all about multi-factor authentication. Following opening day warnings about the increased number of phishing scams that taxpayers will face over the holidays, during tax season, and throughout 2021, it makes sense that the second day emphasizes a security measure that the Internal Revenue Service says “will be available on all 2021 online tax preparation products.”

“The agreement to add the multi-factor authentication feature is just one publicly visible example of the ongoing collaboration by the IRS, state tax agencies, and the tax industry, which work together as the Security Summit,” the IRS says. “2020 marks the fifth year of the Security Summit and of National Tax Security Awareness Week.”

How does multi-factor authentication protect improve account security?

Multi-factor authentication is a term used for accounts that require more than one piece of user-provided information to access. While this process can take many forms, the IRS says that users may be required to enter a code that is texted to their phone or sent to an authentication app to log in. (Those who have enabled multi-factor authentication on a web-based email account like Gmail or Yahoo! Mail are already familiar with the process.)

But why does multi-factor authentication work?

“Thieves use a variety of scams—but most commonly by a phishing email—to download malicious software, such as keystroke software … to steal all passwords from a tax pro,” the IRS explains. “However, with multi-factor authentication, it’s unlikely the thief will have stolen the practitioner’s cell phone—blocking the ability to receive the necessary security code to access the account.”

Multi-factor authentication is an optional feature—and you should use it!

The IRS rightly points out that “no product is fool-proof,” but that doesn’t mean individual security features aren’t effective. When it comes to multi-factor authentication, the IRS flat-out states that the feature “does dramatically reduce the likelihood that taxpayers or tax practitioners will become [identity theft] victims.” But you can’t be protected by something you don’t use.

To read more about day one of National Tax Security Awareness Week, check out our blog, “National Tax Security Awareness Week Opens with a Warning.”

Source: IR-2020-266

Story provided by

National Tax Security Awareness Week Opens with a Warning

National Tax Security Awareness Week Opens with a Warning

National Tax Security Awareness Week Opens with a Warning

A warning has been issued to all taxpayers and tax professionals alike: Beware of scams and identity theft schemes by criminals taking advantage of the holiday shopping period, the approaching tax season and the coronavirus pandemic.

The warning comes from the Internal Revenue Service and its Security Summit partners as the IRS, state tax agencies and the income tax industry kick off National Tax Security Awareness Week at the traditional start of the holiday shopping season.

Holiday shopping, combined with the upcoming tax season and an increased trend toward working remotely, makes increased online security an absolute necessity.

“This is generally the hunting season for online thieves, but this year there’s a dangerous combination of factors at play that should make people more alert,” said IRS Commissioner Chuck Rettig. “The combination of online holiday shopping, the approaching filing season and more of us are working remotely puts people more at risk. People can help avoid becoming victims of scams or identity thefts, by taking a few simple steps to help protect sensitive tax and financial information.”

The Security Summit—which teams up the IRS, state tax agencies and members of the nation’s tax industry at large—marks the start of this, the fifth National Tax Security Awareness Week, with some basic tips on safeguards everyone should take.

Here are a few basic steps—for everyone:

  • Don’t forget to use security software for computers and mobile phones –- and keep it updated.
  • Make sure purchased anti-virus software has a feature to stop malware, and there is a firewall that can prevent intrusions.
  • Phishing scams—like imposter emails, calls and texts—are the leading way thieves steal personal data. Don’t open links or attachments on suspicious emails. This year, fraud scams related to COVID-19 and the Economic Impact Payment are common.
  • Use strong and unique passwords for online accounts. Use a phrase or series of words that can be easily remembered or use a password manager.
  • Use multi-factor authentication whenever possible. Many email providers and social media sites offer this feature. It helps prevents thieves from easily hacking accounts.
  • Shop at sites where the web address begins with “https”—the “s” is for secure communications over the computer network. Also, look for the “padlock” icon in the browser window.
  • Don’t shop on unsecured public Wi-Fi in places like a mall. Remember, thieves can eavesdrop.
  • At home, secure home Wi-Fi with a password. With more homes connected to the web, secured systems become more important, from wireless printers, wireless door locks to wireless thermometers. These can be access points for identity thieves.
  • Back up files on computers and mobile phones. A cloud service or an external hard drive can be used to copy information from computers or phones—providing an important place to recover financial or tax data.
  • Working from home? Consider creating a virtual private network (VPN) to securely connect to your workplace.

Don’t overlook your phone.

The Security Summit partners also note that these precautions don’t just cover office computers—they apply to smartphones as well. Keep in mind that thieves have become much more adept at compromising cellphones. Phone users are also more prone to open a scam email from their phone than from their computer.

Taxpayers can check out security recommendations for their specific mobile phone by reviewing the Federal Communications Commission’s Smartphone Security Checker. Since phones are used for shopping and even for doing taxes, remember to make sure phones and tablets are just as secure as computers.

The truth shall keep you safe.

Some basic facts can keep you out of trouble when it comes to cybercriminals. The IRS will not call, text or email about your Economic Impact Payment or your tax refund. Nor will the IRS call with threats of jail or lawsuits over unpaid taxes. Those are scams.

The Federal Bureau of Investigation has already issued warnings about fraud and scams related to the pandemic. It specifically warned of COVID-19 schemes related to taxes, anti-body testing, healthcare fraud, cryptocurrency fraud and others.

COVID-related fraud complaints can be filed at the National Center for Disaster Fraud.

The Federal Trade Commission also has issued alerts about fraudulent emails claiming to be from the Centers for Disease Control or the World Health Organization. Keep atop the latest scam information and report COVID-related scams at

This is the first in a week-long series of reminders to raise awareness about identity theft. Check out for more details.


Story provided by

Final Regulations Clarify Section 1031 Like-Kind Exchanges

Final Regulations Clarify Section 1031 Like-Kind Exchanges

Final Regulations Clarify Section 1031 Like-Kind Exchanges

The Internal Revenue Service and the Treasury Department have issued their final regulations on section 1031 like-kind exchanges. The regulations clarify the definition of real property under section 1031, while providing a rule governing the receipt of personal property incidental to real property in a like-kind exchange.

TCJA Limits Focus of Like-Kind Exchange

Legislation passed into law in 2017 as part of the Tax Cuts and Jobs Act (TCJA) limited like-kind exchange treatment to exchanges of real property.

As of Jan. 1, 2018, exchanges of personal or intangible property — such as vehicles, artwork, collectibles, patents, and other intellectual property — generally do not qualify for the same treatment of gain as do like-kind exchanges.

In addition, like-kind exchange treatment applies only to exchanges of real property held for use in a trade or business or for investment. An exchange of real property held primarily for sale doesn’t qualify as a like-kind exchange.

Under the final regulations, “real property” includes land and generally anything built on or attached to the land. As a rule, real property also includes property considered real property under state or local law.

Certain intangible property, such as leaseholds or easements, also qualifies as real property under section 1031.

It should be noted that property that wasn’t eligible for like-kind exchange treatment before the TCJA was passed remains ineligible. Neither the TCJA nor the final regulations change whether those properties are of like kind.

Reporting an Exchange

To report a like-kind exchange, taxpayers file a Form 8824, Like-Kind Exchange. The form should accompany the filer’s tax return for the year property was transferred as part of a like-kind exchange.

The Form 8824 helps taxpayers figure the amount of gain deferred as a result of the like-kind exchange, as well as the basis of the like-kind property received.

The form also helps taxpayers calculate the amount of gain they must report if cash or property that is not of a like-kind is involved in the exchange.

For more information about like-kind exchanges and other tax reform changes, visit


Story provided by

IRS Teams with Research Firm to Smooth Procurement Process

IRS Teams with Research Firm to Smooth Procurement Process

IRS Teams with Research Firm to Smooth Procurement Process

The Internal Revenue Service is pairing up with a Virginia research firm in an effort to improve the agency’s procurement operations.

Data and Analytic Solutions of Fairfax, Va., will team up with the IRS and a group of academic researchers with a shared goal of using data science to better understand and streamline the procurement process—the process the government uses to purchase goods and services from outside vendors.

Time for a team approach?

The effort will bring together a multi-disciplinary team made up of procurement practitioners, university professors and students with procurement and machine learning experience. Machine learning is a form of artificial intelligence that makes computers more accurate at predicting outcomes without being specifically programmed.

“As with many agencies, we have a wealth of data available to us to understand where time is being spent in our contracting process,” said Shanna Webbers, IRS Chief Procurement Officer. “The intent of this research project is to enable us to hone in on key factors impacting our time to award and identify tools that can be utilized to make process improvements to shorten our lead time, more effectively allocate our human resources, and better serve our customers.”

Time is money!

One topic on the top of the researchers’ list is the length of time it takes to award a government contract.

New regulations have standardized the lead time needed to finalize a new contract procurement, resulting in the largest-ever set of data on timeframes for federal contract awards. Researchers plan to use this information to examine nearly a half-million contracts as they look for ways to improve the overall process.

The overall goal is to find the right process so that federal agencies can buy the mission-critical goods and services it needs at roughly the same speed as private industry.

The main intent of the research is to better understand key factors that impact the time it takes to award contracts and how to execute contracts more efficiently.

In addition, the team will also try to improve the accuracy of an algorithm that predicts when individual procurement requests will become signed contracts.

The partnership also plans to train the officials tasked with processing and executing contracts on the best practices of the process. Also in the works: a talent-hiring “pipeline” that can provide a steady stream of contact and resume information on acquisition professionals with data expertise.

Source: IR-2020-261

Story provided by