TIRS and Security Summit Announce New Anti-Fraud Framework: What Taxpayers and Businesses Should Know

The IRS and its Security Summit partners have announced a new framework designed to better protect taxpayers and federal tax revenue from identity theft and refund fraud. The announcement is not just a cybersecurity update. It reflects a broader shift in how tax fraud is occurring and how the IRS, states, tax software companies, payroll providers, and tax professionals are trying to respond.

For taxpayers, businesses, and professional advisors, the practical message is direct: tax identity theft is no longer limited to obviously fake returns or crude phishing emails. Fraudsters increasingly seek real taxpayer, payroll, wage, withholding, and financial data so they can file returns that look legitimate enough to bypass ordinary filters.

That makes prevention, documentation, and rapid response more important than ever.

What Is the Security Summit?

The Security Summit is a public-private partnership among the IRS, state tax administrators, tax software companies, the tax professional community, and other participants in the tax system. Its purpose is to combat tax-related identity theft and refund fraud through coordinated fraud detection, information sharing, and taxpayer protection.

The IRS states that the Security Summit has helped protect millions of taxpayers from identity theft and prevented billions of dollars from being wrongfully paid to fraudsters.

The newly announced framework restructures the partnership to improve collaboration across the tax lifecycle. The IRS specifically identified payroll partners as a key part of the new structure because wage and withholding data have become attractive targets for cybercriminals.

Why Payroll Data Is a Major Target

Payroll information is especially valuable to identity thieves. A fraudulent return is more likely to appear authentic if the fraudster has accurate Forms W-2, wage amounts, withholding data, employer information, and taxpayer identifying information.

That is why payroll systems, payroll providers, HR departments, accountants, bookkeepers, and tax professionals are now part of the tax-fraud risk environment. A compromised payroll account can affect more than one taxpayer. It can expose employee Social Security numbers, wage data, withholding amounts, addresses, bank information, and other information that can be used to file fraudulent returns or create related financial harm.

For businesses, payroll security is no longer only an employment or IT issue. It is a tax compliance issue.

The Five New Security Summit Work Groups

The IRS announced that the new Security Summit structure will include five work groups.

  1. The first is Pre-Filing. This group focuses on early identification of potentially fraudulent information returns and suspicious behavior within payroll and tax administration processes. The goal is to identify fraud before returns are filed or refunds are issued.

  2. The second is Forecasting. This group focuses on emerging schemes and anticipates threats before they become widespread. This matters because tax scams often evolve quickly, especially during filing season.

  3. The third is Preventing. This group focuses on proactive measures and tools designed to reduce opportunities for fraud, including safeguards across payroll systems and data exchanges.

  4. The fourth is Detecting and Reporting. This group focuses on real-time identification of fraud indicators and improved intelligence-sharing among Security Summit partners, including payroll industry participants.

  5. The fifth is Responding. This group focuses on technical controls and coordinated responses to security incidents.

The IRS also noted that the Security Summit uses the Coalition Against Scam and Scheme Threats to assess and respond to time-sensitive threats.

Why This Matters for Taxpayers

For individual taxpayers, tax identity theft often becomes visible only after something has already gone wrong. A taxpayer may attempt to file a return electronically and learn that a return has already been filed under the same Social Security number. The taxpayer may receive an IRS notice about a return they did not file, income they did not earn, a refund they did not receive, or a balance due that does not make sense.

These issues can be time-consuming to resolve. They may delay refunds, trigger account freezes, cause correspondence with the IRS and state agencies, and require identity-verification steps.

Taxpayers should consider several practical protections.

An Identity Protection PIN can be an important preventive tool. An IP PIN is a six-digit number known only to the taxpayer and the IRS. It helps prevent someone else from filing a federal tax return using the taxpayer’s Social Security number or individual taxpayer identification number.

Taxpayers should also review IRS notices carefully, maintain secure online accounts, avoid responding to unsolicited texts or emails claiming to be from the IRS, and use secure methods to transmit tax documents to preparers.

The IRS does not initiate contact with taxpayers by email, text, or social media to request personal or financial information. Requests for Social Security numbers, IP PINs, refund information, bank information, or tax transcripts through those channels should be treated as suspicious.

Why This Matters for Businesses

Businesses are often the source of information that fraudsters want. Employer records may contain the personal and payroll data needed to file fraudulent returns. A business that suffers a payroll breach may face not only reputational harm and employee concerns, but also payroll tax, information reporting, and notification issues.

Businesses should review who has access to payroll systems, how login credentials are protected, whether multi-factor authentication is required, how Forms W-2 are transmitted, whether payroll data is encrypted, and whether vendors have appropriate safeguards.

Businesses should also be alert for common payroll and tax scams, including requests to change employee direct deposit information, emails pretending to come from executives requesting employee W-2 data, fake IRS notices, fraudulent vendor payment instructions, and compromised payroll portal credentials.

The risk is not limited to large companies. Small and mid-sized businesses may be attractive targets precisely because their controls may be less formal.

Why This Matters for Tax Professionals

Tax professionals are high-value targets. A compromised tax professional can expose many clients at once. Tax return preparers, accountants, bookkeepers, enrolled agents, attorneys, and payroll providers may hold years of sensitive client information, including returns, transcripts, wage statements, bank records, entity documents, and identifying information.

The IRS has repeatedly warned tax professionals to maintain written security plans, use multi-factor authentication, monitor for unusual account activity, protect client data, and train staff on phishing and social engineering schemes.

A tax professional who experiences a data breach may need to act quickly. Depending on the facts, the response may include securing systems, contacting cybersecurity professionals, notifying the IRS stakeholder liaison, notifying state tax agencies, contacting clients, preserving logs, changing credentials, and reviewing professional responsibility obligations.

For law firms and tax advisors, cybersecurity is also connected to confidentiality and ethical duties. Client tax information is highly sensitive. Protecting that information should be treated as part of the firm’s compliance infrastructure.

What To Do If Tax Identity Theft Is Suspected

A taxpayer or business that suspects tax identity theft should act promptly. The correct response depends on the facts, but may include:

  • Filing IRS Form 14039, Identity Theft Affidavit, if required.

  • Responding to IRS identity-verification notices by the deadline.

  • Requesting or retrieving IRS account transcripts.

  • Obtaining an Identity Protection PIN.

  • Reviewing wage and income transcripts for unfamiliar Forms W-2 or 1099.

  • Contacting the state tax agency if state returns may also be affected.

  • Preserving notices, correspondence, filing confirmations, and transmission records.

  • Checking credit reports and financial accounts.

  • Notifying affected employees or clients if business records were compromised.

Taxpayers should avoid sending sensitive documents in response to unsolicited messages. If a notice appears suspicious, the taxpayer should verify it through official IRS channels or through a qualified tax professional.

Fraud Prevention and Tax Controversy Are Connected

Tax fraud prevention and tax controversy often overlap. A taxpayer may not know that identity theft occurred until the IRS issues a notice, freezes a refund, rejects an e-filed return, assesses a balance, or questions reported income.

In those situations, the problem is no longer only security. It becomes a tax account problem. The taxpayer may need to prove that a return was fraudulent, that income was not theirs, that withholding was misapplied, that a refund was diverted, or that penalties should not apply.

That process can require account transcripts, wage and income records, identity-verification correspondence, affidavits, amended filings, appeals, penalty-abatement requests, and coordination with state agencies.

For businesses, a payroll compromise may also raise employment tax issues, Form W-2 correction issues, and employee communications issues. The faster the business identifies and documents the problem, the better positioned it is to respond.

Practical Steps Taxpayers and Businesses Should Consider Now

The IRS announcement is a useful reminder to take practical steps before a filing-season problem occurs.

Individuals should consider obtaining an IP PIN, using secure portals to transmit tax documents, monitoring IRS notices, and keeping copies of filed returns and proof of filing.

Businesses should restrict payroll access, require multi-factor authentication, review payroll vendor controls, train staff on phishing, verify direct-deposit change requests, secure Forms W-2, and maintain a written incident response plan.

Tax professionals should review their written data security plans, update staff training, use secure client portals, monitor preparer accounts, protect EFIN information, and prepare a breach response protocol.

These steps do not guarantee that fraud will not occur. But they can reduce exposure and improve the ability to respond if it does.

The Practical Takeaway

The IRS and Security Summit’s new framework shows that tax fraud is moving earlier in the tax process and deeper into the data systems that support return filing. Fraudsters are not only trying to file fake returns. They are trying to obtain real payroll, wage, withholding, and taxpayer data so fraudulent returns look legitimate.

Taxpayers, businesses, payroll providers, and tax professionals should treat tax data security as part of tax compliance. Once identity theft occurs, the issue can quickly become a refund delay, IRS notice, payroll problem, state tax issue, or tax controversy matter.

The Karam Firm, PLLC advises individuals, businesses, executives, tax professionals, and fiduciaries on IRS notices, tax identity theft, refund holds, payroll tax issues, information reporting problems, penalty abatement, audits, appeals, and federal and state tax controversy. If you received an IRS notice involving a return you did not file, suspicious income reporting, a rejected return, a frozen refund, or possible payroll-related identity theft, contact The Karam Firm for additional information.

This article is for general informational purposes only and does not constitute legal or tax advice. Reading this article or contacting the firm does not create an attorney-client relationship. Tax identity theft and payroll fraud issues depend on the taxpayer’s specific records, notices, account transcripts, filing history, business systems, and applicable federal and state law.

Previous
Previous

Tax Court Confirms Crypto Staking Rewards Are Taxable When Received

Next
Next

New Partnership Interest Reporting Rules: What Sellers and Partnerships Need to Review