Bookmark and Share [ [link removed] ]

a { color:#0073AF !important;} a:hover { color:#004673 !important;} <!-- body { font-family: arial; } p { font-size: 12px; } li { font-size: 12px; } h2 { font-size: 24px; font-style: italic;} -->
IRS.gov Banner
IRS Newswire August 6, 2024

News Essentials

What's Hot [ [link removed] ]

News Releases [ [link removed] ]

IRS - The Basics [ [link removed] ]

IRS Guidance [ [link removed] ]

Media Contacts [ [link removed] ]

Facts & Figures [ [link removed] ]

Around The Nation [ [link removed] ]

e-News Subscriptions [ [link removed] ]

________________________________________________________________________

The Newsroom Topics

Multimedia Center [ [link removed] ]

Noticias en Español [ [link removed] ]

Radio PSAs [ [link removed] ]

Tax Scams [ [link removed] ]

The Tax Gap [ [link removed] ]

Fact Sheets [ [link removed] ]

IRS Tax Tips [ [link removed] ]

Armed Forces [ [link removed] ]

Latest News Home [ [link removed] ]

________________________________________________________________________

IRS Resources

Contact My Local Office [ [link removed] ]

Filing Options [ [link removed] ]

Forms & Instructions [ [link removed] ]

Frequently Asked Questions [ [link removed] ]

News [ [link removed] ]

Taxpayer Advocate [ [link removed] ]

Where to File [ [link removed] ]

IRS Social Media [ [link removed] ]

________________________________________________________________________


Issue Number:    IR-2024-201

Inside This Issue
________________________________________________________________________

*Multi-Factor Authentication: Key protection to tax professionals’ security arsenal now required * 

*"Week 5 of “Protect Your Clients; Protect Yourself” series focuses on strengthening account security"  *

WASHINGTON — The Internal Revenue Service and the Security Summit partners remind tax professionals that using multi-factor authentication is now more than an important protection for their businesses and their clients – it’s now a federal requirement. 

All tax professionals are now required under the Federal Trade Commission’s safeguards rule to use multi-factor authentication, or MFA, to protect clients’ sensitive information. The June 2023 change mandates MFA to strengthen account security by requiring more than just a username and password to confirm an identity when accessing any system, application or device. 

“Multi-factor authentication is now more than just a good idea for tax professionals; it’s a requirement,” said IRS Commissioner Danny Werfel. “This is an effective way to increase security and protect tax professionals and their clients from a data breach. Multi-factor authentication is a little like a deadbolt on a door; it’s additional security supplementing the doorknob lock. This is an important step to protect not just tax professionals and their firms, but also the sensitive taxpayer information from their clients.” 

This is the fifth week of an eight-part "Protect Your Clients; Protect Yourself [ [link removed] ]_"_ summer series, part of an annual education effort by the Security Summit, a group that includes tax professionals, industry partners, state tax agencies and the IRS. The public-private partnership has worked since 2015 to protect the tax system against tax-related identity theft and fraud. 

Security is a key focus of the Nationwide Tax Forum [ [link removed] ], being held this summer in five cities throughout the U.S. In addition to the series of eight news releases, the tax professional security component is featured at the three-day continuing education events. The forums continue the weeks of August 12 in Baltimore, August 19 in Dallas and September 9 in San Diego. The IRS reminds tax pros that registration deadlines are quickly approaching for the Baltimore and Dallas forums, as San Diego has already sold out. 

In upcoming weeks, the news release series and the IRS Tax Forums will provide timely tips to help protect sensitive taxpayer data that tax professionals hold while also protecting their own businesses from identity thieves. 

A key part of tax pro security now revolves around MFA. The extra layers of different authentication factors include something only a user knows, like a username and password; something they have, like a token or random number sequence sent to their cell phone; or something unique, like biometric information. These provide extra assurance that a tax pro’s client, not an impostor, is gaining access. 

The Summit partners noted that implementing MFA is one of the most cost-effective ways to increase security and reduce a tax pro’s fraud and data breach risks. Once in place, MFA helps protect against phishing, social engineering and other types of technology attacks that exploit weak or stolen passwords. 

*Common MFA examples  * 

The general public makes wide use of MFA these days, so tax pro clients shouldn’t be surprised by the extra scrutiny asked of them. 

For example, many smartphone users are accustomed to fingerprint or facial recognition that authenticates their identity before unlocking their device. Certain smartphone applications can also rely on that biometric factor along with a PIN or password for app-level MFA. 

Many online banks, financial applications and payroll services use MFA to verify account holders’ identities before granting access or allowing high-risk transactions, such as money transfers. 

In addition, taxpayers connecting to the IRS will be asked to set up MFA to create an IRS Online Account [ [link removed] ]. After that, to sign in, they will first log in with an email address and password, then receive a one-time passcode by text or call to one’s chosen device and finally enter the passcode into the account to complete sign-in. A bad actor cannot access one’s account without also having their passcode. 

*MFA required by law  * 

Under the new FTC MFA rules, there’s a requirement to use at least two of the following factors for anyone accessing customer information: something a user knows like a username; something sent to them like numbers texted to a cell phone; or a physical part of them like a fingerprint or facial scan. 

In addition, MFA should be used to secure client information on a tax pro’s computer or network, but it should also be used to access client information stored within their tax preparation software. MFA is required by law for all companies – not just tax professionals. The size of the company does not matter. Opting out of using MFA in tax prep software is a violation of the FTC safeguards rules. 

*Best implementation practices  * 

Tax pros should implement MFA across all their services and data access points. 

In addition, they should regularly evaluate current MFA methods, standards and new technologies to stay protected against the latest threats, and they should offer a variety of authentication factors to suit the needs of different users. 

Finally, tax pros should always enable MFA within tax software products and cloud storage services containing sensitive client data, and they should never share usernames. 

*Additional resources  * 

If a tax pro or their firm are the victim of data theft, they should: 


* Report the incident to their local IRS Stakeholder Liaison [ [link removed] ]. Speed is critical. IRS stakeholder liaisons will ensure all the appropriate IRS offices are alerted. If reported quickly, the IRS can take steps to block fraudulent returns in the clients' names and assist tax pros through the process.
* Visit the Federation of Tax Administrators to find state contact information. Tax professionals can share information with the appropriate state tax agency by visiting the special “Report a Data Breach.” [ [link removed] ]__
* _Review _Publication 5293, Data Security Resource Guide for Tax Professionals [ [link removed] ], which provides an overview and resources about how to avoid data theft.
* Tax professionals can also get help with security recommendations by reviewing IRS Publication 4557, Safeguarding Taxpayer Data [ [link removed] ], and the IRS' Identity theft information page for tax pros [ [link removed] ].
* _Read _Small Business Information Security: The Fundamentals [ [link removed] ], by the National Institute of Standards and Technology. 

Tax professionals should also stay connected to the IRS through subscriptions to e-News for tax professionals [ [link removed] ] and its social media sites [ [link removed] ].

Back to Top [ #Fifteenth ]

________________________________________________________________________

FaceBook Logo [ [link removed] ]  YouTube Logo [ [link removed] ]  Instagram Logo [ [link removed] ]  Twitter Logo [ [link removed] ]  LinkedIn Logo [ [link removed] ]

________________________________________________________________________

Thank you for subscribing to the IRS Newswire, an IRS e-mail service.

If you know someone who might want to subscribe to this mailing list, please forward this message to them so they can subscribe [ [link removed] ].

This message was distributed automatically from the mailing list IRS Newswire. *Please Do Not Reply To This Message.*


________________________________________________________________________

Update your subscriptions, modify your password or email address, or stop subscriptions at any time on your Subscriber Preferences Page [ [link removed] ]. You will need your email address to log in. If you have questions or problems with the subscription service, visit subscriberhelp.govdelivery.com [ [link removed] ].

This service is provided to you at no charge by the Internal Revenue Service (IRS) [ [link removed] ].


body .abe-column-block {min-height: 5px;} ________________________________________________________________________

This email was sent to [email protected] by: Internal Revenue Service (IRS) · Internal Revenue Service · 1111 Constitution Ave. N.W. · Washington, D.C. 20535 GovDelivery logo [ [link removed] ]
body .abe-column-block { min-height: 5px; } table.gd_combo_table img {margin-left:10px; margin-right:10px;} table.gd_combo_table div.govd_image_display img, table.gd_combo_table td.gd_combo_image_cell img {margin-left:0px; margin-right:0px;}