Monina Perez
- Nov 23, 2022
- 3 min read

Breaking News Australia:

ATO will add security layer to agent linking

In response to widespread GST fraud and recent data breaches at Medibank and Optus, the Australian Taxation Office (ATO) has decided to strengthen the security of its agent connecting system by incorporating a fraud protection layer.

Second Commissioner Jeremy Hirschhorn stated that the Australian Taxation Office (ATO) and tax agents were both entrusted with enormous amounts of personal information despite the fact that cyber criminals were becoming more adept.

“If Optus and Medibank tell us anything, it’s that nobody can afford to be complacent,” he told the IPA National Congress at Surfers Paradise last week.

“Operating in an increasingly digital environment means that we have to consider how we safeguard our systems from ever-evolving cyber threats and fraud attempts.

“And fraud is not only just about money, but it’s also about information.”

“We’re entrusted with protecting the community’s personal information and this trust underpins the whole tax system. But at the same time, we provide you as tax agents with trusted access to those data stores for your clients.

“You yourselves hold very significant data on your clients. So we’ve begun a fundamental shift towards embedding fraud prevention measures into systems as part of the initial design process.”

He explained that the increased security would require improvements to the manner in which tax agents communicate with the office.

“To protect your clients, we may need you to do more, or to do things differently. One area where you’ll see this play out now is around agent linking.

“We have been seeing increasingly sophisticated efforts by criminals to impersonate legitimate users to lodge fraudulent returns or gain access to data that they can make money from.

“And in many cases, that is through exploiting tax and BAS agents.

“So that is why we have to boost our front-end controls.”

He explained that the new system would bring the ATO into closer alignment with industry best practices and would be implemented gradually, beginning with the more significant companies.

“Following a successful pilot involving about 40,000 entities and 800 agents, we’re changing the process for an agent to link to a taxpayer’s account. This is to help ensure that only a client-authorised tax agent as agent or payroll service provider can link to their accounts and access their tax and super affairs.

“Agents involved in the pilot told us that their experience was relatively simple, but we are looking for ways to make it simpler.

“For clients who aren’t already connected to online services for businesses, we recognise that there are additional steps involved to transition clients into a digital environment.

“But over time, this will have to apply to all taxpayers.”

Mr. Hirschhorn stated that the office had changed the process in order to make it more secure after learning from large-scale GST fraud that a system that was set up to pay refunds "almost immediately" was vulnerable. The office made these changes as a result of the fraud.

“Since we’ve changed our settings, we’ve blocked over $2 billion of fraud attempts before the frauds have been paid out.”

He acknowledged that there was a tension between the security of an interaction and the need to make speedy refunds to legitimate businesses.

“So there’s a real challenge of how you have the safeguards against the safeguards.”

Mr. Hirschhorn warned again about the number of attacks on the ATO, which is almost one per second, or three million per month. He also said that the office was proud of its high satisfaction rating from the public, which was shown in the recent Trust in Australian Public Services report.

Find out on how you can protect your data on our next post. Follow us for more business tips!

Contact us to get a more in-depth expert advice about your business.

Breaking News Australia:

ATO will add security layer to agent linking

In response to widespread GST fraud and recent data breaches at Medibank and Optus, the Australian Taxation Office (ATO) has decided to strengthen the security of its agent connecting system by incorporating a fraud protection layer.

Second Commissioner Jeremy Hirschhorn stated that the Australian Taxation Office (ATO) and tax agents were both entrusted with enormous amounts of personal information despite the fact that cyber criminals were becoming more adept.

“If Optus and Medibank tell us anything, it’s that nobody can afford to be complacent,” he told the IPA National Congress at Surfers Paradise last week.

“Operating in an increasingly digital environment means that we have to consider how we safeguard our systems from ever-evolving cyber threats and fraud attempts.

“And fraud is not only just about money, but it’s also about information.”

“We’re entrusted with protecting the community’s personal information and this trust underpins the whole tax system. But at the same time, we provide you as tax agents with trusted access to those data stores for your clients.

“You yourselves hold very significant data on your clients. So we’ve begun a fundamental shift towards embedding fraud prevention measures into systems as part of the initial design process.”

He explained that the increased security would require improvements to the manner in which tax agents communicate with the office.

“To protect your clients, we may need you to do more, or to do things differently. One area where you’ll see this play out now is around agent linking.

“We have been seeing increasingly sophisticated efforts by criminals to impersonate legitimate users to lodge fraudulent returns or gain access to data that they can make money from.

“And in many cases, that is through exploiting tax and BAS agents.

“So that is why we have to boost our front-end controls.”

He explained that the new system would bring the ATO into closer alignment with industry best practices and would be implemented gradually, beginning with the more significant companies.

“Agents involved in the pilot told us that their experience was relatively simple, but we are looking for ways to make it simpler.

“For clients who aren’t already connected to online services for businesses, we recognise that there are additional steps involved to transition clients into a digital environment.

“But over time, this will have to apply to all taxpayers.”

Mr. Hirschhorn stated that the office had changed the process in order to make it more secure after learning from large-scale GST fraud that a system that was set up to pay refunds "almost immediately" was vulnerable. The office made these changes as a result of the fraud.

“Since we’ve changed our settings, we’ve blocked over $2 billion of fraud attempts before the frauds have been paid out.”

He acknowledged that there was a tension between the security of an interaction and the need to make speedy refunds to legitimate businesses.

“So there’s a real challenge of how you have the safeguards against the safeguards.”

Mr. Hirschhorn warned again about the number of attacks on the ATO, which is almost one per second, or three million per month. He also said that the office was proud of its high satisfaction rating from the public, which was shown in the recent Trust in Australian Public Services report.

Find out on how you can protect your data on our next post. Follow us for more business tips!

Contact us to get a more in-depth expert advice about your business.

Recent Posts