Intuit/TurboTax, one of the tax industry giants, suffered a black eye recently when they were forced to stop e-filing state tax returns for a period of time while they investigated a potential data breach.
They’ve since resumed e-filing of state returns and TurboTax announced there doesn’t appear to be breach of customers’ data, so what really went wrong?
Here’s my hypothesis.
State tax return fraud has been largely non-existent … so non-existent in fact that USA Today reported the state of Minnesota got suspicious when there were just 2 reported cases of fraud.
Forbes went on to report that up to 18 states have noticed an uptick in fraudulent state filings – all with a common thread: tax preparation software.
So what’s going on and why is TurboTax being called out by these states?
The rise in federal tax return fraud has grown steadily in relation to the number of software providers offering a free option… the reason we haven’t seen state fraud as rampant is because historically it always cost money to prepare your state return with software.
What’s new this year besides a dramatic increase in state tax return fraud? TurboTax’s Absolute Zero campaign.
That’s right, a lot more people can file their state taxes for free using TurboTax’s software.
That may seem great at first blush if you qualify, but an unintended consequence is it’s now completely free for a fraudster to file a state tax return in addition to a federal one.
Even if this doesn’t affect you personally it creates a really expensive bill that’s footed by all taxpayers. If it does affect you personally even worse; the average time to resolve your case is 6 months and if you’re due a refund that’s a long time to wait.
Creating good tax software is hard. Sure, the math part of it is easy but you’ve got to make the interface dead simple (after all, everyone has to do their taxes not just professional computer jockeys). You have to figure out wording that is completely unambiguous despite the necessity of IRS language, which may be incredibly ambiguous.
And think about the liability! If you’ve got a bug that screws up one person’s tax return you’ve got a bug that screws up thousands of tax returns. You can’t write tax software for free. Good engineers cost money, good interface designers cost money, and good insurance costs (a lot) of money. So how do you pay those costs and give your software away for free? Obviously you can’t. You have to squeeze the money out somehow and there are really only two viable options:
Option 1: You get users in the door with free and then you upsell upsell upsell! Oh hey, you want extra guidance? You’ll need to upgrade. Ooooh, you sold a share of stock and made a $100 profit? Upgrade.
Even better, I’ll keep throwing upsell screens at you until you accidentally upgrade or get so concerned the free version isn’t trustworthy you upgrade just to make the nagging stop. Oh, and don’t forget the audit insurance. (pro tip: audit insurance is a lot like blackjack insurance).
You know why I hate this strategy so much? Because when you’re doing this to a customer they start to become guarded. They stop believing the tax software has their back and start feeling like it’s a solar panel salesman.
This is particularly bad when they’re trusting you to help with a task they already want no part of. We should expect better.
Option 2: Use the customer’s data against them. Data is hot right now. Rich personal data, especially hot. Rich personal and financial data? Shut up and take my money.
And what better treasure trove of data than your personal income tax data! Luckily the IRS had the foresight to nip this one in the bud: Section 7216 of the Internal Revenue Code sets up stipulations on what a tax preparer can do with with the information you provide them… namely they can use it only to prepare your taxes. Full stop. Well, full stop-ish.
If you give your tax preparer permission to use your data for other purposes they can do that. This includes things like targeted credit card offers, Roth IRA offers, 401k offers, and hey how about a wonderful timeshare in Orlando Florida. AND THEY’RE TRICKING YOU IN TO DOING IT.
See this little beauty right here:
This bad boy gives your tax software provider permission to use your tax data to sell you stuff.
I grabbed this screenshot from the most recent version of a popular brand of tax software.
If you’re not careful it almost looks like something you need to sign; note that while the heading is a friendly and chipper “Sign now, save time later” and the beginning of the disclosure text states “Federal law requires this consent form be provided to you” the meat of this baby is “[company name] needs your tax return information to determine if you are eligible… for benefits beyond your refund.”
Yep. That’s marketer-speak to make money off your data.
And given how difficult it is to design a dead simple user interface I can’t help but assume this one is designed to make it dead simple for customers to give their consent without realizing the implications.
So here we are. To be a viable business in this industry it costs real money to operate but we’re racing to the bottom on price, and as a result we’re at an all time high on tax fraud and sneaky pricing practices.
Or you can carefully wade in to the swamp, being extra careful with the buttons you click while second-guessing every screen you’re shown… and as long as there are enough suckers in the herd, you’ll be OK for a few years.
Meantime, you can take some precautions to avoid tax-related identity theft.
- Use good strong passwords and don’t share passwords across sites. Ideally use a password manager
- Follow the usual practices to protect your Social Security Number – don’t fall for phishing emails, don’t give your SSN out to anyone who doesn’t need it, etc.
- If you are concerned that this type of ID theft may victimize you, file your taxes early. IRS and state systems only allow 1 return per SSN. So file before the fraudsters do.
Lastly, you can also vote with your wallet and support small providers like us. At Common Form, we’re running a grand experiment to see if people are willing to pay a fair price for honest service.
Can tax software be a viable business without resorting to shady tactics? We hope so.
Charles Logston is co-founder and CTO of Common Form, a tax and financial software company. Logston is also a privacy advocate and self-described crypto nerd.
Editor’s NOTE: Any affected customer who used Intuit/TurboTax can call a toll-free number 800-944-8596 for help. TurboTax experts will prepare taxes for affected customers at no cost. The company is also offering identity protection services and free credit monitoring.