The IRS says that tax-refund fraud is expected to soar again this tax season and to hit a whopping $21 billion by 2016, up from $6.5 billion two years ago. Why is this? Joe Public does not realize that the public Internet is just that — public. Anyone, anywhere on the globe, can intercept information in transit across the Internet and use it for nefarious means. OK, OK, you and I both know that all a criminal needs to do to make a fake filing and get the refund is have a name, date of birth and a Social Security number. However professionals shouldn’t be wringing their hands and saying there is nothing they can do. Remember, the great advantage to the tech-savvy consumer of using an online automated tax preparation service (TurboTax, H&R Block, TaxACT, etc.) is that the software creates a secure link between the consumer’s computer and the tax service’s server. And is it not these online services that have been eating into your core business?
Studies from the Federal Financial Institutions Examination Council (FFIEC), the Consumer Financial Protection Bureau (CFPB) and others indicate that a large proportion of financial professionals of all kinds continue to send and receive documents containing Non-public Personal Information (NPI) via email, thus exposing their clients’ most precious family and financial information to the public Internet. Criminals can have a field day targeting your clients and not just because they “work” during tax season and they have a ready-made source of targeted email domain names to observe. It’s because you distribute your email address freely.
For you, the tech-savvy consumers are probably a lost cause. However your existing clients are not, and you have a fiduciary duty to protect their information as it passes back and forth between you. You may be old-school and still use a courier service, but such services are probably eating into your margins. Email, on the other hand, is not only very cheap, but also fast, convenient, and limits the number of paper copies of documents you need to print out or store. However using traditional email is like sending a picture postcard through the mail — anyone can read it en route. Let’s face it, a criminal could open your mailbox, read the postcard and then return it to the mailbox; you would never know. The difference with email is that not only can the text be read, it can also be altered by the criminal, and again you would never know. Hence, for example, the criminal would not even need to send off a bogus tax return on January 1. If he wished to, he could change your client’s banking details in an email, and you would supply the IRS with the criminal’s bank account.
So how can you protect your clients? It is really quite simple. Email encryption has come a long way in the past few years. It used to be that you would need a four-year degree in computer science to understand encryption — not any more. Many solutions will create a branded portal for your company — a Web page that is tailored to your business and for your clientele. You or your staff need not know anything about encryption. Any email containing NPI is automatically encrypted in the background and sent to your secure portal. At the same time, an automatically generated email is sent to your client with a Web link to click on, with very simple instructions on how to see the encrypted email, and to download the encrypted documents. It used to be that clients had to follow a laborious sequence of instructions and would soon become disenfranchised. No more. Two clicks and one password is all that is required. What’s more, replies from your clients are also encrypted. In fact they can send you encrypted documents at any time using your encrypted email portal.
Tax preparation professionals still have the luxury of being respected and trusted by their clients. Let’s deserve that trust by protecting them with modern email encryption.