ATO bolsters defences around personal data
Security upgrades this week aim to counter an "unprecedented rise" in identity fraud.
The ATO has bolstered its defences around personal data to counter an “unprecedented rise” in identity-related fraud.
It said security upgrades applied this week added extra layers of protection to the myGovID service after an increase in the pace and scale of criminals using stolen personal information.
ATO deputy commissioner and chief of the Serious Financial Crime Taskforce, John Ford, said fraud was a concern for everyone.
“Global threats, organised crime, the use of artificial intelligence and increased data breaches in the community all mean the risk of fraud is only growing,” he said.
“The ATO has acted decisively to help people protect themselves. Security upgrades launched this week will add extra layers of protection for those taxpayers who log in to ATO online services using the myGovID service.”
The ATO had been working with tax professionals and the community to shut down potential pathways for fraudsters, he said.
“Those attempting fraud are sophisticated. They continually assault systems right across the community to build their expertise and find new ways of breaching defences.
“These criminals do not care if they are targeting the ATO, a tax agent or a small business – anything and anyone is fair game for these heartless thieves.”
For anyone losing personal information, the impact could be devastating and time-consuming.
“Unfortunately, we know victims of identity fraud suffer more than just financial loss and personal anguish.
“Necessary additional protections put in place for these victims can mean it takes longer to access services or prove their identity.
“We understand the frustrations additional protections can sometimes cause.”
One example involved a Brisbane retiree whose stolen personal information was used to open bank accounts, set up a myGov account linked to the ATO and lodge fraudulent BAS. The ATO had put extra protections in place, but the woman now had to call the office to access services.
In another case, a western Sydney tax agent had their identity details compromised, which allowed criminals to their client records. The criminals then tried to submit fraudulent BAS in an attempt to steal millions in GST claims.
“This case not only significantly impacted the agent, but also the legitimate businesses who were impacted by the fraudulent BAS statements and the fact the criminals were able to see the history of their financial interactions,” the ATO said.
It said one additional protection measure was the revised agent-client linking system, which expanded this month to cover about 4.7 million businesses. Tax professionals had recognised the fraud challenge and were “willingly playing their part”, it said.
“For businesses with an ABN, if you appoint a tax agent or change agents, you will now get a message asking you to give permission to that agent to act on your behalf. Please do not ignore this message, especially if it’s unexpected.”
The ATO said its online services should be accessed using a digital identity such as myGovID, and the highest identity strength a user had set now became the minimum.
“For example, if you have a myGovID with a standard identity strength and use it as your sign in method, your online access strength will be standard,” it said. It encouraged all users to set-up a strong identity check, such as facial recognition.