IRS, states and industry offer tips to tax professionals on spotting signs of client data theft

WASHINGTON — The Internal Revenue Service and its Security Summit partners today urged tax professionals to learn the tell-tale signs that their office may have experienced a data theft that resulted in fraudulent tax returns being filed in their clients’ names.

The IRS, state tax agencies and the private-sector tax industry, working together as the Security Summit, warned practitioners that global criminal syndicates remain active, and they are well financed, high skilled and tax savvy in their attempts to gain sensitive tax data.

The reminder came as the IRS and the Summit partners encouraged tax professionals to take time this summer to review their data security protection. To help the tax community, the Summit partners offered a new “Taxes-Security-Together” Checklist as a starting point.

“Learning the signs of identity theft is critical for anyone handling taxpayer data,” said IRS Commissioner Chuck Rettig. “It can be as subtle as an unusually slow computer system or as obvious as multiple clients unexpectedly receiving the same IRS notice. Paying attention to these details is critical, and fast action alerting the IRS and calling in a security expert can help protect taxpayers and your business.”

Recognizing the signs of data theft is the fourth item on the “Taxes-Security-Together” Checklist. Previous checklist items include: deploying the “Security Six” basic steps, creating a written data security plan and educating yourself on email phishing scams.

Although the Security Summit -- a partnership between the IRS, states and the private-sector tax community started in 2015 -- is making major progress against tax-related identity theft, cybercriminals continue to quickly evolve, and data thefts at tax professionals’ offices remain a major attack point. Thieves use stolen data from tax practitioners to create fraudulent returns that are harder for Summit partners to detect.

Recognize the signs of client data theft

The IRS and Summit partners have created a list of warning signs that a tax professional or their office may have experienced a data theft:

• Client e-filed returns begin to be rejected by the IRS or state tax agencies because returns with their Social Security numbers were already filed;
• Clients who haven’t filed tax returns begin to receive taxpayer authentication letters (5071C, 4883C, 5747C) from the IRS to confirm their identity for a submitted tax return.
• Clients who haven’t filed tax returns receive refunds;
• Clients receive tax transcripts that they did not request;
• Clients who created an IRS Online Services account receive an IRS notice that their account was accessed or IRS emails stating their account has been disabled. Another variation: Clients unexpectedly receive an IRS notice that an IRS online account was created in their names;
• The number of returns filed with the tax professional’s Electronic Filing Identification Number (EFIN) exceeds the number of clients;
• Tax professionals or clients responding to emails that the firm did not send;
• Network computers running slower than normal;
• Computer cursors moving or changing numbers without touching the keyboard;
• Network computers locking out employees.

“Tax professionals should be on the lookout for these scary scenarios that have hit firms across the country, jeopardizing data of the company and their clients,” Rettig said.

Because IRS and state tax systems will only accept one unique Social Security number, taxpayers often discover they are a victim when they attempt to e-file and their tax return is rejected because a return with their SSN already is in the system. Or, more commonly, the IRS identifies a return that could be an identity theft return and sends a letter to the taxpayer asking them to contact the agency to let the IRS know if they filed the return.

Identity thieves sometimes try to leverage the stolen data by using taxpayer information to access the IRS Get Transcript system. Taxpayers who receive transcripts by mail but did not order them are sometimes victims of this approach. Get Transcript Online is protected by a robust, two-factor authentication process. But crooks may still try to use stolen identities to try to create Get Transcript accounts, which results in the IRS disabling the account and sending the taxpayer a letter.

During the tax filing season, tax professionals should make a weekly review of returns filed with the office’s Electronic Filing Identification Number, or EFIN. A report is updated weekly. Tax preparers can access their e-File applications and select “check EFIN status” to see a count. If the numbers are inflated, practitioners should contact the IRS e-Help Desk.

Tax professionals may also notice IRS acknowledgements for returns they did not e-file. Acknowledgements are sent soon after a return is transmitted.

Tax professionals who fall victim to spear phishing email scams, a common way cybercriminals access office computer, may suddenly see responses to emails they never sent. If a practitioner mistakenly provides username and password information to the thief, the thief often harvests the practitioner’s contact list, stealing names and email addresses of colleagues and clients and enabling the crooks to use the tax firm to expand their spear phishing scam.

Always be alert to phishing scams, even if the emails appear to come from a colleague or client. If the language sounds a bit off or if the request seems unusual, contact the “sender” by phone to verify rather than opening a link or attachment.

Finally, there are several signs that office computer systems may be under attack or may be under remote control, such as the cursor moving with no one at the keyboard. The IRS is aware of many examples in which cybercriminals gained access to practitioners’ office computers, complete the pending Form 1040s, change electronic deposit information to their own accounts and then e-filed the returns – all performed remotely.

Tax professionals who notice any signs of identity theft should contact their state’s IRS Stakeholder Liaison immediately. The process for reporting data theft to the IRS is outlined in Data Theft Information for Tax Professionals.

In some states, data thefts must be reported to various authorities. To help tax professionals find where to report data security incidents at the state level, the Federation of Tax Administrators has created a special page with state-by-state listings.

Additional Resources

The Security Summit reminds all professional tax preparers to have a written data security plan as required by the Federal Trade Commission and its Safeguards Rule. They can also get help with security recommendations by reviewing IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security: the Fundamentals by the National Institute of Standards and Technology.

Publication 5293, Data Security Resource Guide for Tax Professionals, provides a compilation of data theft information available on IRS.gov. Also, tax pros should stay connected to the IRS through subscriptions to e-News for Tax Professionals and Social Media.

The Taxes-Security-Together Checklist

During this special Security Summit series, the checklist will highlight these key areas for tax professionals:

• Deploy “Security Six” basic safeguards
• Create data security plan
• Educate yourself on phishing scams
• Recognize the signs of client data theft
• Create a data theft recovery plan, including calling the IRS immediately

WASHINGTON — The Internal Revenue Service today launched the new Tax Withholding Estimator, an expanded, mobile-friendly online tool designed to make it easier for everyone to have the right amount of tax withheld during the year.

The Tax Withholding Estimator replaces the Withholding Calculator, which offered workers a convenient online method for checking their withholding. The new Tax Withholding Estimator offers workers, as well as retirees, self-employed individuals and other taxpayers, a more user-friendly step-by-step tool for effectively tailoring the amount of income tax they have withheld from wages and pension payments.

“The new estimator takes a new approach and makes it easier for taxpayers to review their withholding,” said IRS Commissioner Chuck Rettig. “This is part of an ongoing effort by the IRS to improve quality services as we continue to pursue modernization and enhancements of our taxpayer relationships.”

The IRS took the feedback and concerns of taxpayers and tax professionals to develop the Tax Withholding Estimator, which offers a variety of new user-friendly features including:

• Plain language throughout the tool to improve comprehension.
• The ability to more effectively target at the time of filing either a tax due amount close to zero or a refund amount.
• A new progress tracker to help users see how much more information they need to input.
• The ability to move back and forth through the steps, correct previous entries and skip questions that don’t apply.
• Enhanced tips and links to help the user quickly determine if they qualify for various tax credits and deductions.
• Self-employment tax for a user who has self-employment income in addition to wages or pensions.
• Automatic calculation of the taxable portion of any Social Security benefits.
• A mobile-friendly design.

In addition, the new Tax Withholding Estimator makes it easier to enter wages and withholding for each job held by the taxpayer and their spouse, as well as separately entering pensions and other sources of income. At the end of the process, the tool makes specific withholding recommendations for each job and each spouse and clearly explains what the taxpayer should do next.

The new Tax Withholding Estimator will help anyone doing tax planning for the last few months of 2019. Like last year, the IRS urges everyone to do a Paycheck Checkup and review their withholding for 2019. This is especially important for anyone who faced an unexpected tax bill or a penalty when they filed this year. It’s also an important step for those who made withholding adjustments in 2018 or had a major life change.

Those most at risk of having too little tax withheld include those who itemized in the past but now take the increased standard deduction, as well as two-wage-earner households, employees with nonwage sources of income and those with complex tax situations.

To get started, check out the Tax Withholding Estimator on IRS.gov.

IRS, Security Summit partners alert tax professionals to the risks posed by phishing emails; education key to protecting taxpayer data

WASHINGTON — The IRS, states and tax industry partners today warned tax professionals to beware of the continuing threat of phishing emails, which remain the most common tactic used by cybercriminals to steal sensitive data.

The reminder came as the IRS and its Security Summit partners urged tax professionals to take time this summer to review their data security protections. To help this effort, the Summit partners prepared a special “Taxes-Security-Together” Checklist as a starting point.
 
“You can take all the cybersecurity steps in the world, but tax professionals and others in the business world should remember you are only as safe as your least educated employee,” said Chuck Rettig, IRS Commissioner. “Cybercriminals use phishing emails and malware to gain control of computer systems or to steal usernames and passwords. These can provide a treasure trove of information that can lead to tax-related identity theft.”

Educating personnel on the dangers of phishing emails is the third item on the “Taxes-Security-Together” Checklist. This summer awareness initiative also has covered deploying the “Security Six” basic steps to protect computers and email as well as creating a data security plan.
 
Although the Security Summit -- a partnership between the IRS, states and the private-sector tax community -- is making major progress against tax-related identity theft, cybercriminals continue to evolve, and data thefts at tax professionals’ offices continue to be seen across the nation. Thieves use stolen data from tax practitioners to create fraudulent returns that are harder for the IRS and Summit partners to detect.
 
Tax pros: Educate yourself on phishing emails

More than 90% of all data thefts start with a phishing email. The employee may open a link that takes them to a fake site or open an attachment that is embedded with malware that secretly downloads onto their computers.
 
The IRS often sees tax professionals victimized after being targeted with a tactic called spear phishing. The objective of a spear phishing email is to pose as a trusted source and “bait” the recipient into opening an embedded link or an attachment. The email may make an urgent plea to the tax pro to update an account immediately. A link may seem to go to another trusted website, for example a cloud storage or tax software provider login page, but it’s actually a website controlled by the thief.
 
An attachment may contain malicious software called keylogging, which secretly infects computers and provides the thief with the ability to see every keystroke. Thieves can steal passwords to various accounts or even take remote control of computers, enabling them to steal taxpayer data.
 
Common spear phishing scams seen by the IRS include thieves posing as prospective clients, sending unsolicited emails to tax professionals. After an exchange of emails, the thief sends an email with an attachment, claiming it contains the tax information needed to prepare a return. Instead, it contains spyware that allows thieves to track each keystroke.

The IRS also sees thieves posing as tax software providers or data storage providers with emails containing links that go to web pages that mirror real sites. The thieves’ goal is to trick tax professionals into entering their usernames and passwords into these fake sites, which the crooks then steal.
 
Another trick used by thieves is rather than stealing the data, they encrypt it, a practice known as ransomware. Once they encrypt the data, thieves demand a ransom in return for the code to unencrypt the data. The Federal Bureau of Investigation warns users not to pay the ransom because thieves often do not provide the code. The FBI has called ransomware attacks a growing threat to businesses and others. 
 
Educated employees are the key to avoiding phishing scams, and office systems are only as safe as the least informed employee. These simple steps also can help protect against stolen data: 

• Use separate personal and business email accounts; protect email accounts with strong passwords and two-factor authentication if available.
• Install an anti-phishing tool bar to help identify known phishing sites. Anti-phishing tools may be included in security software products.
• Use security software to help protect systems from malware and scan emails for viruses.
• Never open or download attachments from unknown senders, including potential clients; make contact first by phone, for example.
• Send only password-protected and encrypted documents if files must be shared with clients via email.
• Do not respond to suspicious or unknown emails; if IRS-related, forward to phishing@irs.gov.

Additional resources

The Security Summit reminds all tax professionals that they must have a written data security plan as required by the Federal Trade Commission and its Safeguards Rule. Get help with security recommendations by reviewing the recently revised IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security: the Fundamentals by the National Institute of Standards and Technology.

Publication 5293, Data Security Resource Guide for Tax Professionals, provides a compilation of data theft information available on IRS.gov. Also, tax professionals should stay connected to the IRS through subscriptions to e-News for Tax Professionals and Social Media.

The Taxes-Security-Together Checklist

During this special Security Summit series, the checklist highlights these key areas for tax professionals:

• Deploy “Security Six” basic safeguards
• Create data security plan
• Educate yourself on phishing scams
• Recognize the signs of client data theft
• Create a data theft recovery plan, and call the IRS immediately

WASHINGTON — The Internal Revenue Service today issued a Revenue Procedure allowing a taxpayer to make a late election, or to revoke an election, under section 168(k) for certain property acquired by the taxpayer after September 27, 2017, and placed in service by the taxpayer during its taxable year that includes September 28, 2017.

The Tax Cuts and Jobs Act made several changes to bonus depreciation. For example, the additional first year depreciation deduction percentage was increased from 50 to 100 percent. The property eligible for the additional first year depreciation deduction was expanded to include certain used depreciable property and certain film, television, or live theatrical productions; the placed-in-service date was extended to before January 1, 2027. Finally, the date on which a specified plant is planted or grafted by the taxpayer was extended to before January 1, 2027.

There are three additional first year depreciation deduction elections. A taxpayer can elect not to deduct the additional first year depreciation for all qualified property that is in the same class of property and placed in service by the taxpayer in the same tax year.   Secondly a taxpayer can elect to deduct 50-percent, instead of 100-percent, additional first year depreciation for all qualified property acquired after September 27, 2017, and placed in service by the taxpayer during its taxable year that includes September 28, 2017. 

Finally, a taxpayer can elect to deduct additional first year depreciation for any specified plant that is planted after September 27, 2017 and before January 1, 2027, or grafted after and before those dates to a plant that has already been planted.  If the taxpayer makes this election, the additional first year depreciation deduction is allowable for the specified plant in the taxable year in which that plant is planted or grafted.

The Revenue Procedure applies to these elections for the taxable year that includes September 28, 2017.  If a taxpayer did not make these elections timely for that taxable year, the Revenue Procedure allows the taxpayer to make late elections by filing an amended return or a Form 3115 for a limited period of time.  If a taxpayer did make these elections timely for that taxable year, the Revenue Procedure also allows the taxpayer to revoke the elections by filing an amended return or a Form 3115 for a limited period of time. 

Updates on the implementation of the TCJA can be found on the Tax Reform page of IRS.gov.

WASHINGTON — The Internal Revenue Service will conduct a webinar Aug. 1 for employers and tax professionals focusing on employment and payroll taxes.

Federal law requires most employers to withhold federal income taxes from their employees' wages. These taxes must be deposited, along with the employer and employee portion of Social Security and Medicare taxes, and reported to the IRS. Last year, the IRS processed over 30 million employment tax returns and collected over $1 trillion in employment taxes.

The free 60-minute webinar is open to tax professionals, employers and anyone else interested in the topic. Tax pros can earn one continuing education credit. Subjects such as common mistakes, how employers can monitor and limit their risks, as well as options for delinquent businesses to repay back taxes will be discussed.

The webinar will provide an overview of:

• Common employment/payroll tax mistakes businesses make
• Mitigating risks when using a third party to handle employment/payroll tax
• Tools and advice for employers on how to monitor their compliance and limit risks
• IRS help for businesses behind on their employment/payroll taxes
• IRS enforcement authority (liens, levies, seizures and criminal referrals)  

A live question and answer session will be included to help attendees understand how to best meet these obligations and stay compliant.

The webinar will be Thursday, Aug. 1, 2019, at 2 p.m. Eastern time. Interested participants can register online.

The webinar will be offered with closed captioning for viewers who are deaf or hard of hearing. Questions before the webinar can be sent to:  cl.sl.web.conference.team@irs.gov.

More information is available at Understanding Employment Taxes and Employment Taxes on IRS.gov. Archived webinars are available at www.irsvideos.gov.

IRS, Security Summit partners remind practitioners that all ‘professional tax preparers’ must create a written data security plan to protect clients

WASHINGTON — The IRS, state tax agencies and the nation’s tax industry today reminded all “professional tax preparers” that federal law requires them to create a written information security plan to protect their clients’ data.

The reminder came as the IRS and its Security Summit partners urged tax professionals to take time this summer to review their data security protections. To help them in this complex area, the Summit created a special “Taxes-Security-Together” Checklist as a starting point.

“Protecting taxpayer data is not only a good business practice, it’s the law for professional tax preparers,” said IRS Commissioner Chuck Rettig. “Creating and putting into action a written data security plan is critical to protecting your clients and protecting your business.”

Creating a data security plan is the second item on the “Taxes-Security-Together” Checklist. The first step for tax professionals involved deploying the “Security Six” basic steps to protect computers and email.

Although the Security Summit -- a partnership between the IRS, states and the private-sector tax community -- is making major progress against tax-related identity theft, cybercriminals continue to evolve, and data thefts at tax professionals’ offices remain a major threat. Thieves use stolen data from tax practitioners to create fraudulent returns that can be harder for the IRS and Summit partners to detect.

Create a data security plan under federal law

The Security Summit partners noted that many in the tax professional community do not realize they are required under federal law to have a data security plan.

The Financial Services Modernization Act of 1999, also known as the Gramm-Leach-Bliley (GLB) Act, gives the Federal Trade Commission authority to set information safeguard regulations for various entities, including professional tax return preparers. According to the FTC Safeguards Rule, tax return preparers must create and enact security plans to protect client data. Failure to do so may result in an FTC investigation. The IRS also may treat a violation of the FTC Safeguards Rule as a violation of IRS Revenue Procedure 2007-40, which sets the rules for tax professionals participating as an Authorized IRS e-file Provider.

The FTC-required information security plan must be appropriate to the company’s size and complexity, the nature and scope of its activities and the sensitivity of the customer information it handles. According to the FTC, each company, as part of its plan, must:

• designate one or more employees to coordinate its information security program;
• identify and assess the risks to customer information in each relevant area of the company’s operation and evaluate the effectiveness of the current safeguards for controlling these risks;
• design and implement a safeguards program and regularly monitor and test it;
• select service providers that can maintain appropriate safeguards, make sure the contract requires them to maintain safeguards and oversee their handling of customer information; and
• evaluate and adjust the program in light of relevant circumstances, including changes in the firm’s business or operations, or the results of security testing and monitoring.

The FTC says the requirements are designed to be flexible so that companies can implement safeguards appropriate to their own circumstances. The Safeguards Rule requires companies to assess and address the risks to customer information in all areas of their operations.

Please note: The FTC currently is re-evaluating the Safeguards Rule and has proposed new regulations. Be alert to any changes in the Safeguards Rule and its effect on the tax preparation community.

IRS Publication 4557, Safeguarding Taxpayer Data, details critical security measures that all tax professionals should enact. The publication also includes information on how to comply with the FTC Safeguards Rule, including a checklist of items for a prospective data security plan. Tax professionals are asked to focus on key areas such as employee management and training; information systems; and detecting and managing system failures.

Additional data protection provisions may apply

The IRS and certain Internal Revenue Code (IRC) sections also focus on protection of taxpayer information and requirements of tax professionals. Here are a few examples:

• IRS Publication 3112 - IRS e-File Application and Participation, states: Safeguarding of IRS e-file from fraud and abuse is the shared responsibility of the IRS and Authorized IRS e-file Providers. Providers must be diligent in recognizing fraud and abuse, reporting it to the IRS, and preventing it when possible. Providers must also cooperate with the IRS’ investigations by making available to the IRS upon request information and documents related to returns with potential fraud or abuse.
• IRC, Section 7216 - This IRS code provision imposes criminal penalties on any person engaged in the business of preparing or providing services in connection with the preparation of tax returns who knowingly or recklessly makes unauthorized disclosures or uses information furnished to them in connection with the preparation of an income tax return.
• IRC, Section 6713 - This code provision imposes monetary penalties on the unauthorized disclosures or uses of taxpayer information by any person engaged in the business of preparing or providing services in connection with the preparation of tax returns.
• IRS Revenue Procedure 2007-40 - This legal guidance requires authorized IRS e-file providers to have security systems in place to prevent unauthorized access to taxpayer accounts and personal information by third parties. It also specifies that violations of the GLB Act and the implementing rules and regulations put into effect by the FTC, as well as violations of non-disclosure rules addressed in IRC sections 6713 and 7216, are considered violations of Revenue Procedure 2007-40. These violations are subject to penalties or sanctions specified in the Revenue Procedure.
   
  Many state laws govern or relate to the privacy and security of financial data, which includes taxpayer data. They extend rights and remedies to consumers by requiring individuals and businesses that offer financial services to safeguard nonpublic personal information. For more information on state laws that businesses must follow, consult state laws and regulations.

Where to report data theft for the IRS, states

To notify the IRS in case of data theft, contact the appropriate local IRS Stakeholder Liaison.

In some states, data thefts must be reported to various authorities. Email the Federation of Tax Administrators at StateAlert@taxadmin.org to get information on how to report victim information to the states.

Additional resources

Tax professionals also can get help with security recommendations by reviewing the recently revised IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security: the Fundamentals by the National Institute of Standards and Technology.

Publication 5293, Data Security Resource Guide for Tax Professionals, provides a compilation of data theft information available on IRS.gov. Also, tax professionals should stay connected to the IRS through subscriptions to e-News for Tax Professionals and Social Media.

The Taxes-Security-Together Checklist

During this special Security Summit series, the checklist highlights these key areas for tax professionals:

• Deploy “Security Six” basic safeguards
• Create data security plan
• Educate yourself on phishing scams
• Recognize the signs of client data theft
• Create a data theft recovery plan, and call the IRS immediately

IRS, Security Summit partners urge tax professionals to review their practices, enhance safeguards to protect taxpayer data

IRS YouTube Videos:
• Tax Security 2.0: Taxes-Security-Together Checklist: English

WASHINGTON — Leaders from the IRS, state tax agencies and the tax industry today called on tax professionals nationwide to take time this summer to review their current security practices, enhance safeguards where necessary and take steps to protect their businesses from global cybercriminal syndicates prowling the Internet.

Despite major progress by the IRS and the Security Summit partners against identity theft, evolving tactics continue to threaten the tax community and the sensitive data of taxpayers.
 
To help combat this, the Security Summit partners created a new “Taxes-Security-Together” Checklist to serve as a starting point for tax professionals. Beginning next week, the IRS and Summit partners will issue a series of five Tax Security 2.0 news releases highlighting “Taxes-Security-Together” Checklist action items.  
 
“The IRS, the states and the private sector tax industry have taken major steps to protect taxpayers and their data,” said IRS Commissioner Chuck Rettig. “But a major risk remains, regardless of whether you are the sole tax practitioner in your office or part of a multi-partner accounting firm. To help with this, we assembled a security checklist to assist the tax community. We hope tax professionals will use our checklist as a starting point to do everything necessary to protect their client’s data.”
 
The Security Summit — a partnership between the IRS, states and the private-sector tax community — started in 2015 to combat identity theft and protect taxpayers. Key IRS data show the Summit continues making major progress against tax-related identity theft. Between 2015 and 2018, key indicators showed:

• The number of taxpayers who reported to the IRS that they were victims of identity theft fell 71 percent. In 2018, the IRS received 199,000 identity theft affidavits from taxpayers compared to 677,000 in 2015. This was the third consecutive year this number declined.
• The number of confirmed identity theft returns stopped by the IRS declined by 54 percent, falling from 1.4 million in 2015 to 649,000 in 2018.

As the Summit has increased the tax community’s defenses against identity theft and refund fraud, cybercriminals continue to evolve. Increasingly, they look to data thefts at tax professionals’ offices to obtain large amounts of sensitive taxpayer data. Thieves then use stolen data from tax professionals to create fraudulent returns that are harder to detect.
 
The ‘Taxes-Security-Together’ Checklist
 
The Summit partners urge the tax community to review these basic security steps this summer. Some tax pros may routinely overlook these checklist items and others need to regularly revisit them. The steps are not only important for tax practitioners, but for taxpayers as well. Everyone has a responsibility to protect sensitive data.
 
The Taxes-Security-Together checklist highlights key security features 
 
√ Deploy the “Security Six” measures:

• Activate anti-virus software.
• Use a firewall.
• Opt for two-factor authentication when it’s offered.
• Use backup software/services.
• Use Drive encryption.
• Create and secure Virtual Private Networks.

√ Create a data security plan:

• Federal law requires all “professional tax preparers” to create and maintain an information security plan for client data.
• The security plan requirement is flexible enough to fit any size of tax preparation firm, from small to large.
• Tax professionals are asked to focus on key risk areas such as employee management and training; information systems; and detecting and managing system failures.

√ Educate yourself and be alert to key email scams, a frequent risk area involving:

• Learn about spear phishing emails.
• Beware ransomware.

√ Recognize the signs of client data theft:

• Clients receive IRS letters about suspicious tax returns in their name.
• More tax returns filed with a practitioner’s Electronic Filing Identification Number than submitted.
• Clients receive tax transcripts they did not request.

√ Create a data theft recovery plan including:

• Contact the local IRS Stakeholder Liaison immediately.
• Assist the IRS in protecting clients’ accounts.
• Contract with a cybersecurity expert to help prevent and stop thefts.

Security Summit partners/tax professionals urge review
 
“The states and our partners have made progress in the fight against tax-related identity theft, but criminals continue to evolve. We cannot let our guard down in this fight because our common enemy is well-funded, technologically skilled and savvy about state and federal tax processes,” said Sharonne Bonardi, president of the Board of Trustees of the Federation of Tax Administrators and Deputy Comptroller in Maryland. “To make this work, we need help from individual tax professionals across the nation.”

Checklist marks third year of Summit campaigns aimed at tax professional community

This year’s Tax Security 2.0 effort involving the Security Checklist is the third summer campaign in a row involving the Summit partners. The effort follows feedback and recommendations from the Electronic Tax Administration Advisory Committee (ETAAC) that encouraged the Summit partners to expand and intensify outreach efforts to the tax professional community on identity theft and security issues.

This year’s campaign also coincides with this summer’s IRS Nationwide Tax Forums, which will again feature a major focus on security protection for tax professionals. The sessions will provide continuing education credits for sessions led by experts from inside and outside the IRS. The American Coalition for Taxpayer Rights also will again sponsor special sessions with experts from the Pell Center for International Relations and Public Policy at Salve Regina University in Rhode Island.

Last year, Summit education effort focused on Protect Your Clients, Protect Yourself: Tax Security 101. In 2017, the campaign highlighted email schemes in Don’t Take the Bait.

Separate Summit initiatives focus on identity theft awareness for individual taxpayers and consumer alerts for developing tax scams and schemes.

Resources available for tax professionals
 
Tax professionals also can get help with security recommendations by reviewing IRS Publication 4557, Safeguarding Taxpayer Data, and Small Business Information Security: the Fundamentals by the National Institute of Standards and Technology.

Publication 5293, Data Security Resource Guide for Tax Professionals, provides a compilation of data theft information available on IRS.gov. Also, tax professionals should stay connected to the IRS through subscriptions to e-News for Tax Professionals and Social Media.

WASHINGTON — The Treasury Department and Internal Revenue Service today issued legal guidance under the 2017 Tax Cuts and Jobs Act (TCJA) and the Consolidated Appropriations Act of 2018 providing information on certain deductions to cooperatives and their patrons.

The proposed regulations issued today provide guidance for cooperatives and their patrons on calculating the deduction for qualified business income - the QBI deduction - and the deduction for domestic production activities for agricultural or horticultural cooperatives and their patrons (the Section 199A(g) deduction). In addition, Notice 2019-27, posted today on IRS.gov, contains a proposed revenue procedure providing guidance on methods for calculating W-2 wages for purposes of section 199A(g).

Final regulations on the new QBI deduction were published on Jan. 18, 2019. The QBI deduction is available for tax years beginning after Dec. 31, 2017, for taxpayers, including certain patrons of cooperatives, with income from a domestic business operated as a sole proprietorship, a partnership, S corporation, trust or estate. The QBI deduction is up to 20 percent of the qualified business income from the business. Some taxpayers may also be allowed a deduction up to 20 percent of qualified real estate investment trust dividends and publicly traded partnership income. 

Patrons’ deduction

Certain patrons who conduct business through cooperatives may be able to include patronage dividends and similar amounts they receive from those cooperatives to calculate their own QBI deduction. For example, a farmer receiving patronage dividends from a marketing cooperative through which the farmer sells agricultural products may be able to include these dividends in calculating the QBI deduction from the farmer’s agricultural business. The proposed regulations provide guidance to cooperatives and patrons regarding the QBI deduction.

Certain patrons, like farmers, must reduce their QBI deduction if they receive qualified payments from specified agricultural or horticultural cooperatives. The QBI deduction must be reduced by either 9 percent of the QBI from each business related to the qualified payments, or 50 percent of the wages allocated to each such business, whichever is the smaller amount. The proposed regulations provide guidance to patrons regarding the reduction to the QBI deduction. 

Specified agricultural or horticultural cooperatives’ deduction

Specified agricultural or horticultural cooperatives are allowed a Section 199A(g) deduction for income attributable to domestic production activities, which is similar to the domestic production activities deduction under former Section 199 before its repeal by the TCJA. Cooperatives cannot pass through any portion of their Section 199A(g) deduction to patrons structured as C corporations, unless they are specified agricultural or horticultural cooperatives. The proposed regulations provide guidance to cooperatives and patrons regarding the Section 199A(g) deduction.

IRS and Treasury welcome public comments on these proposed regulations and notice of proposed revenue procedure. For details on submitting comments, see the proposed regulations and notice. Taxpayers may rely on these proposed regulations if they apply the rules in their entirety until final regulations are published.

Updates on the implementation of the TCJA can be found on the Tax Reform page of IRS.gov.

WASHINGTON — During Small Business Week, the Internal Revenue Service is highlighting tax reform changes that impact depreciation and expensing for nearly every business. In some cases, these changes allow small business owners and the self-employed to write off the cost of machinery, equipment and other property more quickly.

This year, National Small Business Week is May 5-11. For more than 50 years, the week has recognized the important contributions of America’s entrepreneurs and small business owners. The IRS is reminding small businesses and self-employed individuals about tax benefits and reporting rules.

Here is some key information to keep in mind.

100 percent, first-year ‘bonus’ depreciation

The bonus depreciation percentage is now 100 percent for qualified property acquired and placed in service after Sept. 27, 2017, and before Jan. 1, 2023. This means that businesses can often write off the full cost of most depreciable property in the first year they use it in their business. Depreciable business assets with a recovery period of 20 years or less and certain other property usually qualify. This means that machinery, equipment, computers, appliances and furniture generally qualify. Special rules apply for longer production period property and certain aircraft.

In addition, qualified film, television and live theatrical productions are among the types of property that may qualify for 100 percent bonus depreciation.
 
Businesses can immediately expense more

Businesses may elect to expense all or part of the cost of what is often referred to as Section 179 property and deduct it in the year they place the property in service. The maximum deduction is increased to $1,000,000, and the phase-out threshold  is increased to $2,500,000. These amounts, adjusted annually for inflation, apply to property placed in service in tax-year 2019.

Section 179 property includes business equipment and machinery, office equipment, livestock and, if elected, qualified real property. Taxpayers can elect to include certain improvements made to nonresidential real property. See New rules and limitations for depreciation and expensing under the Tax Cuts and Jobs Act for more information.

Depreciation limitations on luxury automobiles

The Tax Cuts and Jobs Act (TCJA) changed depreciation limits for passenger vehicles placed in service starting in tax-year 2018. If a business doesn’t claim bonus depreciation, the greatest allowable depreciation deduction is:

• $10,000 for the first year,
• $16,000 for the second year,
• $9,600 for the third year, and
• $5,760 for each later taxable year in the recovery period.

If 100 percent bonus depreciation is claimed, the greatest allowable depreciation deduction is:

• $18,000 for the first year,
• $16,000 for the second year,
• $9,600 for the third year, and
• $5,760 for each later taxable year in the recovery period.

These amounts apply to property placed in service starting in 2018.

Applicable recovery period for real property

The general recovery period for residential rental property is 27.5 years. TCJA changed the alternative depreciation system recovery period for residential rental property from 40 years to 30 years. Under the new law, a real property trade or business electing out of the interest deduction limit must use the alternative depreciation system to depreciate any of its residential rental property. These changes apply starting in tax-year 2018.

Updates on the implementation of the TCJA can be found on the Tax Reform page of IRS.gov.  Business owners can refer to the Tax Reform Provisions that Affect Businesses page for updates.

More resources:

• Publication 535, Business Expenses
• Publication 946, How to Depreciate Property
• Publication 5318, Tax Reform: What's New for Your Business -- English | Spanish
• Additional First Year Depreciation Deduction (Bonus) FAQs
• FS-2018-9, New rules and limitations for depreciation and expensing under the Tax Cuts and Jobs Act

Tax Cuts and Jobs Act: A Comparison for Businesses

IRS YouTube videos:
IRS Withholding Calculator Tips – English
Estimated Tax Payments – English | Spanish | ASL

WASHINGTON — As part of Small Business Week, the Internal Revenue Service today reminds small business owners and self-employed people that they can avoid a surprise tax bill and possibly a penalty by making estimated tax payments during the year.

This year, National Small Business Week is May 5-11. For more than 50 years, the week has recognized the important contributions of America’s entrepreneurs and small business owners.

By law, everyone must pay tax as they earn income. Estimated tax is the method used to pay tax on income that is not subject to withholding. For small business owners and self-employed people, that usually means making quarterly estimated tax payments as they earn or receive income during the year. They need to pay as they go, so they don’t owe.

Individuals, including sole proprietors, partners and S corporation shareholders, generally must make estimated tax payments if they expect to owe tax of $1,000 or more when they file their 2019 tax return. Often, this includes people involved in the sharing economy. Corporations generally must make these payments if they expect to owe tax of $500 or more on their 2019 tax return.

Estimated tax is used to pay not only income tax but other taxes such as self-employment tax and alternative minimum tax. Estimated tax requirements are different for farmers and fishermen. Publication 505, Tax Withholding and Estimated Tax, has more information about these special estimated tax rules.

How and when to pay estimated taxes

The next quarterly estimated tax payment for 2019 is due June 17. Taxpayers may have to pay estimated tax for 2019 if their tax was more than zero in 2018. See the worksheet in Form 1040-ES, Estimated Tax for Individuals, or Form 1120-W, Estimated Tax for Corporations, and Publication 505 for details on how to figure estimated tax payments.

Using the Electronic Federal Tax Payment System (EFTPS) is the easiest way for individuals and businesses to make estimated tax payments. Using EFTPS, they can access a history of their payments, so they know how much and when they were made. Corporations must deposit payments using the EFTPS. For more information, refer to Publication 542, Corporations.

Wage-earners who also have business income can often avoid having to pay estimated tax by asking their employer to withhold more tax from their earnings. The IRS urges anyone in this situation to do a Paycheck Checkup, using the IRS Withholding Calculator. If the calculator suggests a change, they can then submit a new Form W-4 to their employer. This form has a special line to enter any additional withholding amount.

Penalty for underpayment of estimated tax

Anyone who pays too little tax through withholding, estimated tax payments or a combination of the two may owe a penalty. In some cases, the penalty may apply if their estimated tax payments are late, even if they’re due a refund.

For tax year 2019, the penalty will generally apply to anyone who pays less than 90 percent of the tax reported on their 2019 income tax return during the year through withholding, estimated tax payments or a combination of the two. People who base their estimated tax payments on last year’s tax will normally avoid a penalty if they pay 100 percent of the amount shown on Line 15 of their 2018 Form 1040 (110 percent if their income was more than $150,000).

Exceptions to the penalty and special rules apply to some groups of taxpayers, such as farmers, fishermen, casualty and disaster victims, those who recently became disabled and recent retirees. In addition, anyone who receives income unevenly during the year can often avoid or lower the penalty by annualizing their income and making unequal payments throughout the year. See Form 2210, Underpayment of Estimated Tax by Individuals, Estates, and Trusts (or Form 2220, Underpayment of Estimated Tax by Corporations), for more on the penalty. Refer to the Form 1040 Instructions or Form 1120 Instructions for where to report the estimated tax penalty.

Here’s a reminder for those who still need to file for tax-year 2018. An expanded estimated tax penalty waiver may be available to those who paid too little tax during 2018. See Form 2210 and its instructions and Form 843, Claim for Refund and Request for Abatement, for details.  

More information:

• Estimated Taxes
• IRS.gov/payasyougo
• Self-Employment Tax, Social Security and Medicare Taxes
• Sharing Economy Tax Center
• Self-Employed Individuals Tax Center
• IRS Tax Calendar for Businesses and Self-Employed
• Filing and Paying Your Business Taxes
• FS-2019-6: Basics of estimated taxes for individuals
• Publication 5318, Tax Reform: What's New for Your Business -- English | Spanish