The Australian Taxation Office (ATO) has launched a suite of new protections to help secure people’s personal information amid an unprecedented rise in identity-related fraud attempts.
ATO Deputy Commissioner and Chief of the Serious Financial Crime Taskforce (SFCT) John Ford said there had been an increase in the pace and scale of criminals using people’s stolen personal information to attempt fraud.
‘Global threats, organised crime, the use of artificial intelligence and increased data breaches in the community all mean the risk of fraud is only growing,’ he said.
‘The ATO has acted decisively to help people protect themselves. Security upgrades launched this week will add extra layers of protection for those taxpayers who log in to ATO online services using the myGovID service.’
Deputy Commissioner Ford said there were simple steps people could take to better protect themselves.
‘The first step is to get a myGovID if you don’t already have one and set it at the strongest level you can obtain.
‘The second step is once you’re in myGov, authenticate your identity using myGovID to link to the ATO. These two simple steps will protect you against many forms of identity fraud.’
‘From that point on, you’ll need to use myGovID to log into ATO online services and the identity strength you have used will become the minimum level needed whenever you log in in the future.
‘For businesses with an ABN, if you appoint a tax agent or change agents, you will now get a message asking you to give permission to that agent to act on your behalf. Please do not ignore this message, especially if it’s unexpected.’
Everyone has a role in combatting fraud
Mr Ford said responding to the rise in fraud required the ATO to work with the community, tax professionals and many other partners to shut down any potential pathways for fraudsters.
‘Fraud is everyone’s concern,’ he said.
‘Those attempting fraud are sophisticated. They continually assault systems right across the community to build their expertise and find new ways of breaching defences.
‘These criminals do not care if they are targeting the ATO, a tax agent or a small business – anything and anyone is fair game for these heartless thieves.’
Mr Ford said those attempting to commit fraud against the ATO were targeting Australia’s capacity to fund health, education and infrastructure, but everyday Australians were also significantly impacted by the theft of their personal information.
‘Unfortunately, we know victims of identity fraud suffer more than just financial loss and personal anguish.
‘Necessary additional protections put in place for these victims can mean it takes longer to access services or prove their identity. ‘We understand the frustrations additional protections can sometimes cause, but we cannot make changes which risk losing Australia’s revenue or people’s personal information to criminals.’
‘We also want to thank the tax professional community, who continue to work with us to add extra protections into their business practices, such as client-agent linking. ‘They have recognised the fraud challenge, and are willingly playing their part in making the system harder for fraudsters, even where this has required some changes to their processes.’
Steps you can take
The ATO is asking the community to:
– Be aware of where you share your personal information
– Use myGovID when interacting with the ATO’s online services for Individuals, and set-up to the highest identity strength where possible
– take prompt action when you think you may have had your identity compromised, for example arranging cancellation and re-issuing of relevant government identity documents and notifying the ATO so we can add additional protections
– Do not be tempted to engage in fraud – remember, if it seems too good to be true, it probably is.
– Think twice when you receive an SMS or email from the ATO to consider if it is genuine – Although the ATO does occasionally use SMS or email to ask you to contact us, we will never ask you to return personal information through these channels or ask you to click a link and to sign into our online services.
Case studies in fraud
– Earlier this year, a Brisbane retiree’s stolen personal information was used to open bank accounts, set up a myGov account in her name and linked that myGov account to the ATO. The criminals then lodged fraudulent Business Activity Statements (BAS) in an attempt to steal money. The woman must now call the ATO whenever she needs to access our services as enhanced protections are in place to prevent her being further victimised.
– We have also seen criminals targeting tax agents. In one incident, a western Sydney-based tax agent had their identity details compromised which allowed the criminals to pose as the agent and access their clients’ records. The criminals then attempted to submit several fraudulent Business Activity Statements (BAS) in an attempt to gain millions of dollars in GST fraud. This case not only significantly impacted the agent, but also the legitimate businesses who were impacted by the fraudulent BAS statements and the fact the criminals were able to see the history of their financial interactions with the ATO.
How it works: Bolstering security when accessing ATO online services
– Your Digital ID, such as myGovID, is the most secure way to access ATO online services.
– A new minimum online access strength will be based on the sign in method you’ve used to access ATO online services through myGov.
– You can use your online access strength to better protect your identity and increase your security when accessing ATO online services including accessing via the ATO app.
– The sign in method you’ve used with the highest identity strength becomes your minimum online access strength and you’ll need to use this for all future access.
– For example, if you have a myGovID with a Standard identity strength and use it as your sign in method, your online access strength will be Standard. Whenever you sign in to myGov to access ATO online services, you’ll need to use your Standard myGovID at a minimum.
– Where possible, we encourage people to use myGovID and set-up a Strong identity strength which includes a facial verification check. Visit Create a myGov account and link it to the ATO for more information.
How it works: Ensuring tax professionals can only access the data of businesses they represent
– This protection requires entities to ‘nominate’ their agent in ATO Online services before the agent can access their ATO data or act on their behalf with the ATO.
– This client-to-agent linking process is being progressively rolled out and now applies to all types of entities with an ABN, except for sole traders, covering approximately 4.7 million businesses.
Only businesses that are looking to engage a new agent, change their existing agent, or want to provide additional authorisation to their existing agent need to complete an agent nomination.