Taking Action to Protect Applications and Reduce Rising Identity Theft
Tax fraud marred the tax season this year, resulting in the halt of a major online tax filing service. But identity theft and tax fraud has its roots in many different industries - late last year, KrebsonSecurity.com reported on payroll and HR data stolen and used for tax fraud.
In order to combat rising levels of fraud, the Internal Revenue Service (IRS) has created a criminal investigation team of about a dozen agents, as the The Wall Street Journal reported.
According to The Wall Street Journal, about a quarter of all IRS criminal investigations are online-based identity theft cases, representing 1,063 of the 4,297 cases. Identity theft cases have risen in number almost fourfold since 2011.
But some aren’t completely convinced by the agency’s methods - as the SANS Institute’s Director, John Pescatore put it succinctly in the latest NewsBites email newsletter:
If the IRS required strong forms of authentication for tax returns, it could cut the fraud significantly. Imagine if instead of fixing the ignition switch problem, GM said "We are establishing a unit to investigate crashes due to failed ignition switches."
I agree, It’s not enough to merely establish an investigative unit when you know what could solve the problem, or at least a major part of the problem, right away. But it’s a probably easier and more definitive, if not a tentative, step in the right direction.
And while perhaps not the only thing the IRS could do to greatly reduce fraud, it’s a start to implement and require stronger authentication for tax returns. We already know stolen credentials are the “keys to the digital kingdom.” So why not protect them with the most basic and effective security method available today?
TurboTax did implement a form of multi-factor authentication for their customers that e-file their taxes with online accounts, but it requires notification via their email address. A more secure form of two-factor authentication is an out-of-band method that uses your smartphone for verification via a push notification. Learn more about our authentication app, Duo Mobile (now available for Apple Watch!), and Duo Push.
Of course, using two-factor authentication across all of the applications you log into is key to stopping criminals from stealing your personal data used to file these tax returns in the first place. To protect your payroll and HR data, including employee work and financial information, consider deploying a two-factor authentication solution that allows you to see who’s logging into your applications, as well as the users’ devices and networks.
Don’t have any employees in China or Russia? Then don’t trust logins originating from these locations, and block them from ever reaching your Salesforce or Amazon Web Services (AWS) accounts (or any other enterprise cloud application). Find out more about protecting your company with advanced security controls using the Duo Access.