Five Days to Online Security
- Day 1 – Protect personal and financial information online. Use security software for computers and mobile phones and keep it updated. Protect personal information; do not hand it out to just anyone. Use strong and unique passwords for all accounts. Shop only on secure websites. Look for the “https” in web addresses to verify it is a secure website. Avoid shopping on unsecured, public wi-fi in places like shopping malls. Routinely back up files on computers and mobile phones.
- Day 2 – Learn to recognize phishing emails and phone scams. Email scammers often pose as companies people know and trust and tell an urgent story to trick victims into opening a link or attachment. Watch out for scam phone calls, too. Remember, the IRS does not call demanding payment with threats of jail time or lawsuits. The IRS does not demand immediate payment via gift or debit cards. The IRS does not accept tax payments by iTunes cards. The IRS does not send unsolicited emails about refunds or payments, nor will the IRS request login credentials, Social Security numbers or other sensitive information.
- Day 3 – Create strong passwords to protect online accounts. Password standards have changed. Here are some simple guidelines. Use long phrases combined with characters and numbers. For example: SomethingOneCanRemember@30. Use a different password for each account. Do not use an email address if that is an option. Use an encrypted password manager to keep track of your passwords. Use two-factor authentication whenever it is offered — for email accounts, financial accounts and social media accounts.
- Day 4 – Recognize clues of identity theft. A taxpayer may be a victim of identity theft if an e-filed return is rejected because a duplicate is already on file with the IRS. Another warning sign to the taxpayer may be that a routine filing extension request is rejected or an unexpected receipt of a tax transcript or IRS notice is received. Failure to receive expected and routine correspondence from the IRS can be an indicator an identity thief has changed the taxpayer’s mailing address.
- Day 5 – Tax professionals should review their safeguards. The IRS and the Summit partners urge tax professionals to review the Taxes-Security-Together Checklist. Professionals should deploy basic security measures and create a written data security plan as required by law. Professionals should also know about phishing and phone scams, recognize the signs of client data theft and create a data theft recovery plan.
Tax Professional is Data Breach Cost His Business $500,000
An ongoing IRS effort is underway to educate tax professionals on the best practices for preventing data breaches. At the New England IRS Representation Conference on November 21, 2019, IRS Area Manager Margaret Romaniello described hacker’s methods for attacking tax preparers.
Romaniello stated, “In some instances, hackers will go into your software. In the background they will see a return that is ready to transmit, and all they will do is change the bank routing number and the bank account number – let’s say to a Green Dot card. The client typically provides a personal identification number and the tax return is legitimate in many respects, but the hacker receives the stolen refund.” Romaniello explained that hackers may use phishing or other strategies to gain access to a tax preparer’s database.
IRS Senior Stakeholder Liaison Joseph McCarthy urged tax professionals to contact the Service as soon as possible after a data breach occurs. He noted, “The best the IRS can do is partially mitigate some of the damage that is going to occur.”
Tax preparer data breaches reported to the IRS declined from 230 in 2017 to 155 in 2018. However, many data breaches are not discovered or reported. Some data breaches are discovered by IRS researchers who are reviewing “dark web” sites. The IRS will notify tax professionals if a data breach is discovered through its “dark web” research.
Tax professional David Lyons has about 800 clients. He reported that his business suffered a data breach in 2013. While he only lost about 10 clients due to the breach, Lyons was required by various states to provide credit monitoring to the 800 clients and related parties. The credit monitoring services for 2,500 individuals cost $500,000 over six years.
The IRS now requires tax preparers to check a “data security” box when renewing their preparer tax identification number (PTIN). The goal is to encourage all tax preparers to use anti-virus software, complex passwords and firewalls to protect client data.
Editor’s Note: The IRS is updating Pub. 1345, Handbook for Authorized IRS E-File Providers of Individual Income Tax Returns. The changes will include helpful suggestions for tax preparers who desire to improve data security.
Nonprofits Seek UBIT Solutions
The Tax Cuts and Jobs Act included two new Unrelated Business Income Tax (UBIT) provisions that affected nonprofits. Section 512(a)(6) requires separate trades or businesses to calculate UBIT for each respective entity. Section 512(a)(7) levies a 21% tax on qualified transportation fringe benefits.
At a Tax Exempt and Governmental Entities division meeting on November 18 in Washington, DC, IRS Deputy Associate Chief Counsel Janine Cooke stated that the Service is “fairly far along” in drafting proposed regulations on Sec. 512(a)(6). These new regulations will include guidelines on ordering net operating losses.
Nonprofits have been steadily building support for the repeal of the transportation fringe UBIT provisions. A UBIT coalition of 115 nonprofit associations and organizations sent a letter to Congressional leaders on November 13, 2019.
The letter strongly urged repeal of the transportation fringe UBIT provision. Under Sec. 512(a)(7) thousands of small nonprofits who have never before had to file IRS Form 990-T and pay tax will face the complexity and expense of valuing their employee parking benefits and paying tax.
The UBIT Coalition explained the extreme burden on smaller nonprofits. Only 3% of the 1.3 million nonprofits have a budget over $5 million. About 8% have budgets over $1 million and 12% have budgets over $500,000. Nearly 88% are small nonprofits who will expend valuable time and scarce resources to comply with this tax provision.
The UBIT Coalition states, “We are writing to restate our call on Congress to repeal Internal Revenue Code Section 512(a)(7) and its 21% tax on qualified transportation fringe benefits that tax-exempt employers provide to employees and to request that you include the repeal of this misguided and harmful new tax upon America’s charity in the Continuing Resolution to be enacted this month.”
Editor’s Note: The House passed repeal of the Sec. 512(a)(7) UBIT provision in 2018. There is substantial support for repeal in both the House and the Senate, but repeal will require inclusion in a tax bill to enact this change.
Applicable Federal Rate of 2.0% for December — Rev. Rul. 2019-26; 2019-49 IRB 1 (19 Nov 2019)
The IRS has announced the Applicable Federal Rate (AFR) for December of 2019. The AFR under Section 7520 for the month of December is 2.0%. The rates for November of 2.0% or October of 1.8% also may be used. The highest AFR is beneficial for charitable deductions of remainder interests. The lowest AFR is best for lead trusts and life estate reserved agreements. With a gift annuity, if the annuitant desires greater tax-free payments the lowest AFR is preferable. During 2019, pooled income funds in existence less than three tax years must use a 2.2% deemed rate of return.