Tax agents potentially compromised in early access to super fraud: ATO

A sophisticated fraud of the early access to super scheme could have involved a breach of security at accounting firms, a Senate inquiry has heard.

The Australian Federal Police has now announced an investigation into an alleged fraud of early access to superannuation, with 150 people estimated to have been affected by the fraud.

AFP Commissioner Reece Kershaw told a parliamentary inquiry that it had executed five search warrants and frozen $120,000 in several banks accounts but had yet to make any arrests.

Mr Kershaw said AUSTRAC first uncovered the alleged fraud at the end of April, with the ATO referring the issue to the AFP on 1 May.

The ATO, which issued a statement on Wednesday evening, said that victims’ personal details had been unlawfully used in a bid to defraud the early access scheme and that it was not a result of the ATO’s systems being hacked.

The application for the early access to super scheme is administered through ATO Online services in myGov.

Mr Kershaw said early investigations had indicated there was an “intrusion into a third party” that was not a government agency.

Commissioner of Taxation Chris Jordan then told the Senate inquiry that it was possible that tax agents, who hold confidential client information, could have been targeted as part of the fraud.

“When we get this higher level of sophistication [of fraud], it doesn’t tend to be a breach against us or our systems; it is others who have the information that we use to verify people and that information is in the hands of other people, including agents,” Mr Jordan said.

“I’m not in any way trying to be critical of agents, but there are some without the same level of security of that information than others and the breaches that are the sophisticated ones tend to come through those intermediaries.

“Very much mostly, it is not the intermediary who is [committing the fraud] but someone who has somehow got through their security, which is clearly not as strong as ours, and acquires the relevant information.”

Mr Jordan also stressed that it was important for Australians to keep their personal information, including their tax file numbers and date of birth, confidential.

myGov concerns

Earlier in the week, the ATO issued a reminder to tax practitioners that using a client’s myGov credentials was not an approved channel to manage their tax affairs.

“Doing this breaches the ATO Online terms and conditions,” the ATO said.

“myGov is not an approved channel for tax practitioners to use. You may risk referral to the Tax Practitioners Board (TPB) if you use myGov on behalf of your clients, with or without your clients’ knowledge.

“We are paying particular attention to unregistered preparers who may be obtaining myGov credentials to lodge on behalf of individuals.

“Our data matching and collection tools will help us identify patterns of behaviour showing this inappropriate use of myGov. Protecting the community and the tax profession from unregistered preparers remains a priority for us.”

An ATO spokesperson told Accountants Daily that the reminder was not related to the early access to super fraud activity.

Instead, the ATO said it had begun receiving a small number of reports that some agents have been requesting for clients’ myGov credentials to lodge applications and returns on their behalf.

“Where an agent cannot access a service for a client in online services for agents, they should provide their client with instructions on how to access the service themselves through myGov rather than request their login details to apply for them,” the ATO spokesperson said.

“The ATO wants to ensure that the right people get the right assistance, and are reminding taxpayers to protect their myGov login details and password. They should not share these details with anyone, including their tax agent.”

A total of $9.4 billion in super has now been approved for the early release of super, distributed across 1.1 million Australians.

/Public Release. The material in this public release comes from the originating organization and may be of a point-in-time nature, edited for clarity, style and length. View in full here.