What Tax-Filing Fraud Could Mean for You
(This post originally appeared on Inc.)
Have you filed your taxes yet? Neither have I. And now I’m concerned. Really concerned.
My accountant, like many accountants, files my returns electronically. So sometime, between now and March 15 (the date my company’s returns are due) and April 15 (the due date for individual tax returns), he will be filing my tax returns and there could be a problem: He may find that they have been already fraudulently filed, and that a refund has been paid to an account that is not owned by me. That’s what happenedto a bunch of customers using Intuit’s TurboTax software recently and, for all we know, this is happening elsewhere with other tax filing services.
A number of states including Minnesota, Alabama, Utah, and Georgia have responded to alarms raised about a spike in fraudulent state filings by tightening security,according to The Washington Post. The Wall Street Journal reports there are now stories of fraud involving federal returns as well.
What can we do to protect ourselves from this?
Not a damn thing. Some say to file early, but it’s the early filers who discovered the problem. Others say go to back to paper filing, but that’s not very convenient. The IRS prefers e-filings. So if my worst nightmare comes true, and someone has hacked my tax information, I’m going to have headaches–big headaches. And I’m not going to blame the hackers, whoever they are, or the government, or my accountant. If my accountant is using TurboTax, then I’m going to blame Intuit.
Intuit has maintained that the fraud did not stem from a breach of its own systems–and that personal information was obtained elsewhere. The Wall Street Journalreports the FBI has opened a probe into the matter.
I say it is Intuit’s fault if hackers are stealing data input through their program. It’sAnthem’s Insurance’s fault when hackers make it into their system and take 80 million social security numbers. It’s Sony’s fault when their employee data is exposed to the world. It’s Target’s fault when my credit card number gets stolen.
A friend of mine runs a roofing company and recently received a complaint because some of the shingles he used on a new roof were faulty. He received replacement shingles from the materials company (at no charge) and then sent out his crew for another week to fix the problem. No one paid him for this extra time. But he did it because it was his problem and he takes ownership of his problems. A contractor I know was called back to a home three times more than he expected to repair a tricky problem with a customer’s pipes. He lost money on that job, but he did what he had to do. And just last week, I had to pay one of my people for 30 hours of extra time to fix a problem with a piece of software that we didn’t even make, but had recommended and installed. That’s what we do. That’s what people in business do: We take ownership of our problems and we fix them. Or we get out of the business.
Why isn’t Intuit stepping up and saying, “It’s our software, it’s our problem, and we will make sure our customers are compensated and not inconvenienced?” Why isn’t Target saying, “We will reimburse each and every customer for any money they lose because of our mistake?” Why doesn’t Anthem Insurance promise the same?
Maybe these companies, and so many like them that have suffered data breaches, are offering services that they shouldn’t be. Maybe their IT departments just aren’t good enough. Maybe they are offering something that they are not competent enough to offer. Maybe they should get out of the business of taking credit cards or tax return information over the internet if they don’t know how to properly protect this data.
But they won’t, of course. There’s too much money to be made. And their customers, like you and me, demand ease and speed and all the comforts of this cloud-based age. So they won’t take the high road and say, “We know you want this, but we’re not capable of doing this securely.” They’ll just take our money and keep their fingers crossed.
On Friday, President Obama is holding a “cyber-security summit” with some of the country’s leading business and tech people to discuss ways to overcome this problem. He’s concerned that the proliferation of hacking has turned into a national security issue. I’m just concerned that my days aren’t going to be consumed with unraveling a mess with the IRS because Intuit didn’t properly protect my data.
C’mon companies: Get it together. Or get out of the business.
UPDATE: Intuit has issued the following statement:
After working with third-party security experts on a preliminary examination of recent fraud activities, we do not believe these instances of fraud resulted from a security breach of our systems. We are continuing to investigate the issue.
We’re aware that the FBI has acknowledged that it is investigating incidents of identity theft and potential tax fraud. But to the best of our knowledge, Intuit is not the target of that investigation. We work with law enforcement, including the FBI, on a regular basis to detect and prevent fraud. As a general rule, Intuit does not comment on particular requests for cooperation and assistance it receives from law enforcement.