The Internal Revenue Service has announced that the final regulations have been issued on the revamped Foreign Tax Credit, which was modified as a result of tax reform in 2017. The credit generally allows taxpayers and businesses to claim a credit for income taxes paid or accrued to foreign governments.
So What’s Different?
The tax reform legislation, termed the Tax Cuts and Jobs Act (TCJA), made major changes to the international tax system in the U.S.
Several Foreign Tax Credit provisions were changed. One was the repeal of section 902, which allowed deemed-paid credits in connection with dividend distributions based on foreign subsidiaries’ cumulative pools of earnings and foreign taxes.
The legislation also added two limitation categories for foreign branch income and amounts that are includible under the Global Intangible Low-Taxed Income (GILTI) provisions.
How taxable income is calculated when figuring the Foreign Tax Credit limitation was also changed by the tax reform package. Certain expenses have now been disregarded and the use of the fair market value for allocating interest expense has been repealed.
The IRS says the TJCA made “systemic” changes to taxation of international income that impact the Foreign Tax Credit calculation. These include the introduction of a participation exemption through a dividends-received deduction for certain section 245A dividends.
IRS changes also introduced the GILTI provisions which subjects certain foreign earnings to current U.S. taxation. Previously, these earnings would have been deferred – at a lower tax rate – and subject to extra Foreign Tax Credit restrictions.
Other Regulations Issued
Proposed regulations have also been issued that apply to the allocation and apportionment of deductions and creditable foreign taxes, foreign tax redeterminations, availability of Foreign Tax Credits under the Transition Tax, and the application of the Foreign Tax Credit limitation to consolidated groups.
For more information on the implementation of the Tax Cuts and Jobs Act, check out the Tax Reform Page of IRS.gov.
– Story provided by TaxingSubjects.com
Main Street businesses might consider themselves too small to be the target of a business identity theft scam, but the Security Summit says that identity thieves are more than happy to steal their personally identifiable information (PII) in today’s National Tax Security Awareness Week topic.
Just like individual identity theft, criminals use stolen PII to fraudulently apply for business-related financial services and file business tax returns. The latter has become increasingly frequent, leading the Security Summit to increase its educational outreach efforts to business-owning taxpayers.
What businesses are targeted by identity thieves?
Reports of international retail chains suffering data theft incidents might give the impression that large brands with millions of customers are the only targets that interest cybercriminals, but the Security Summit says that simply isn’t the case.
The reality is that all businesses are a ripe target for identity thieves. Despite not having as much customer information as an international corporation, a smaller business is unlikely to have robust data security systems in place.
Another thing to consider is that an identity theft incident might be part of a full-blown data breach. Any business that maintains customer information—like a retailer with an online storefront—is a ripe target for identity theft scams.
Tax practices in particular can be home to thousands of taxpayers’ PII. Making matters worse, that data is formatted in such a way that successfully impersonating victims on credit card applications is much easier.
What are the signs that my business has been a victim of identity theft?
The first step in mitigating the damage caused by identity theft is confirming that your company’s identity has been stolen.
As the IRS notes in today’s press release, the signs of business identity theft are similar to individual identity theft. Unfortunately, they only tend to pop up when victims try to file a tax return.
The Summit urges businesses that experience any of the following issues to immediately reach out to the IRS:
- Extension to file requests are rejected because a tax return with the Employer Identification Number (EIN) or Social Security number (SSN) is already on file.
- An e-filed return is rejected because of a duplicate EIN or SSN is already on file with the IRS.
- An unexpected receipt of a tax transcript or IRS notice that doesn’t correspond to anything submitted by the filer.
- Failure to receive expected and routine correspondence from the IRS because the thief has changed the address.
Business identity theft victims will also want to take the same steps as individuals whose identity has been stolen: contact credit bureaus and apply for credit-monitoring services.
How do tax professionals spot business identity theft?
Tax professionals will immediately spot the reject codes outlined above, but the Security Summit stresses that they should also “step up the ‘trusted customer’ procedures” by asking the following questions:
- Is this person authorized to sign the return?
- Were estimated tax payments made?
- [What is the] total income amount from prior-year filings?
- Is there a parent company? If yes, the name?
- [Is there any] additional information based on deductions claimed?
- [What is your] filing history?
According to the release, the programs tax professionals use to file returns also helps in the fight against identity thieves: “Tax software products now share many data elements with the IRS and state tax agencies. These data elements assist the IRS and states to identify suspicious tax returns and to reduce the impact to legitimate filers … [and] allow legitimate returns to be processed as usual.”
What is the final National Tax Security Awareness Week topic?
On Friday, the Security Summit will address data security plans for financial institutions. As every tax professional knows, having a written data security plan in place is required by law. Tomorrow’s blog will include resources to help tax professionals create and improve those plans.
– Story provided by TaxingSubjects.com
Passwords are a ubiquitous part of life in the Digital Age, but many of us aren’t particularly good at making them. That’s why the Security Summit is highlighting tips for creating strong passwords on the third day of National Tax Security Awareness Week.
The IRS press release opened with a nod to the frenetic nature of the holiday shopping season, a time when taxpayers across the US access online accounts to take advantage of sales. Unfortunately, cybercriminals know that many of those accounts store personally identifiable information (PII) and financial data.
Considering how often taxpayers save their payment information on retailers’ websites—and just how many of those sites they’re frequently logging into from Thanksgiving to Christmas—it’s painfully obvious why protecting those accounts with a strong, secure password is essential.
How do I create a strong password?
The IRS and Security Summit partners recommend longer, but easy-to-remember passwords that are unique to every online account.
Part of that advice—creating a password that’s easy to remember—may seem at odds with what your third-party webmail accounts recommended a few years ago. Predictably, the shift is directly related to human habits.
“Experts previously suggested something like ‘PXro#)30,’ but now suggest a longer phrase like ‘SomethingYouCanRemember@30,’” the IRS says. “By using a phrase, users don’t have to write down their password and expose it to additional risk. Also, people may be more willing to use strong, longer passwords if it’s a phrase rather than random characters that are harder to remember.”
The rest of the password-creation tips covered account usernames, password storage, and programs designed to help users manage the exponential growth of online account passwords. Here’s the full list from the IRS:
- Use a minimum of eight characters; longer is better.
- Use a combination of letters, numbers and symbols in password phrases, i.e., UsePasswordPhrase@30.
- Avoid personal information or common passwords; use phrases instead.
- Change default or temporary passwords that come with accounts or devices.
- Do not reuse or update passwords. For example, changing Bgood!17 to Bgood!18 is not good enough; use unique usernames and passwords for accounts and devices.
- Do not use email addresses as usernames if that is an option.
- Store any password list in a secure location, such as a safe or locked file cabinet.
- Do not disclose passwords to anyone for any reason.
- When available, a password manager program can help track passwords for numerous accounts.
From that list, choosing a unique username that’s different from your email address might seem strange, but there are a few reasons for that recommendation:
- Knowing an email address gives identity thieves another piece of PII that they can use to build a credible profile for fraudulently applying for loans and credit cards.
- Having the email address in hand means being able to start the password recovery process.
- Using the same email address and password for everything—including bank account logins—is a pretty common mistake that cybercriminals are more than happy to leverage against victims.
Remember, taking every possible precaution can better protect you from cybercriminals.
Should I use multi-factor authentication to protect my online accounts?
Aside from creating unique passwords and user names, the Security Summit also recommends that taxpayers use multi-factor authentication to protect online accounts. For those who are unfamiliar with the term, multi-factor authentication is any process that adds another step to the account login process.
An account just protected by a password would be considered to have single-factor authentication. Accounts that have another step, like security questions or a code sent via text message that you have to enter during login, would be considered protected by multi-factor authentication.
The IRS says, “The idea behind multi-factor authentication is that a thief may be able to steal usernames and passwords, but it’s highly unlikely they also would have access to the mobile phone to receive a security code or confirmation to actually complete the login process.”
What’s the next topic for National Tax Security Awareness Week?
So far, the Security Summit has covered online shopping safety tips, how to spot phishing scams, and password-creation tips. On Thursday, the Summit will cover how big a business needs to be for cybercriminals to target them.
– Story provided by TaxingSubjects.com
The second day of National Tax Security Awareness Week saw the Internal Revenue Service spotlight common signs of tax-related identity theft phishing scams.
As one of the most common data-security threats faced by taxpayers and tax professionals alike, phishing scams take many forms. While they can appear as an email, website, phone call, or printed letter, phishing scams tend to use similar tactics—and learning those telltale signs is one way to protect yourself.
Luckily, phishing scam basics is the focus of today’s IRS press release.
What is a phishing scam?
Phishing scams are unsolicited communications from identity thieves who want to trick you into giving them your personally identifiable information (PII) or money. As the IRS points out, “the most common way thieves steal identities is simply by asking for it.”
The basic gimmick is that identity thieves pose as a representative from an organization that you trust, like “a bank, a favorite retailer, or even a tax professional.” Fraudsters wager that you are more likely to believe the request for your Social Security Number is legitimate if it appears to come from the IRS.
What are the signs of a phishing scam?
Phishing scams tend to seem “urgent,” the IRS warns. They do this by making you believe there’s a problem that needs to be solved immediately, like paying your tax bill or updating your account information. But that’s just the hook.
To get victims to provide their PII without thinking twice, scammers tend to ask for it directly or “[instruct] the receiver to open an embedded link or download an attachment.” Links may send you to a compromised website that is designed to trick you into providing you information by filling out a form, and downloaded files can contain malware that tracks what you do on your computer—like what you type when you access your bank account.
What should I do if I receive a phishing email?
If you suspect you have received a phishing email, the IRS says you need to resist the urge to respond. Taxpayers who are more vulnerable to these urgent requests—like a someone who knows he owes money to the IRS—can contact the IRS directly via their official phone number or by “[registering] at the official IRS.gov website and [checking] their account balance.”
Once you’re confident the request is a scam, report the incident to firstname.lastname@example.org. The IRS uses this information to improve their catalogue of phishing scams, which they use to warn taxpayers about the most recent scams making the rounds. After all, it’s harder for fraudsters to trick people who are wise to their schemes.
Should I click links on social media?
Identity thieves have started posting links on social media platforms. Someone who is practices good security habits with their personal and work email might not be as cautious when they see a link on Facebook or Twitter.
The IRS has the following advice: “Do not open links from social media unless you are certain of the source.” That advice extends to every platform where you might encounter a link.
What’s next for National Tax Security Awareness Week?
Tomorrow, the IRS will cover another key aspect of data security: creating secure passwords.
– Story provided by TaxingSubjects.com
It’s National Tax Security Awareness Week!
It’s the first day of National Tax Security Awareness Week, and the Security Summit is kicking off the festivities by focusing on the dangers of online shopping.
The Security Summit was founded in 2015 by the Internal Revenue Service, state tax agencies, and private members of the tax industry to help taxpayers and tax professionals protect their data from tax-related identity theft scams.
National Tax Security Awareness Week is one of the Summit’s annual outreach campaigns. From December 2 to December 6, Security Summit partners will post data security tips on their websites and social media, focusing on a different topic each day. Here’s the itinerary revealed by the IRS in mid-November:
- Day 1: Protect personal and financial information online
- Day 2: Learn to recognize phishing emails and phone scams
- Day 3: Create strong passwords to protect online accounts
- Day 4: Recognize clues of identity theft
- Day 5: Tax professionals should review their safeguards
Not by accident, the first day of National Tax Security Awareness Week coincides with the start of the holiday shopping season.
IRS Warns Taxpayers about Cyber Monday Grinches
As the IRS notes in today’s press release, Cyber Monday is one of the busiest online shopping days of the year. That means identity thieves will try to take advantage of people who are caught up in the excitement of finding the perfect deal on holiday gifts.
For those not familiar with phishing scams, fraudsters reach out to potential victims via phone, letter, or email, impersonating a trusted source, like a government agency, online retailer, or business contact. While the content of these messages can vary, fraudsters basically want to trick victims into providing personally identifiable information (PII) that can be sold on the Dark Web or used to apply for loans and credit cards.
Since the best security software in the world won’t protect you if you volunteer your PII, it’s absolutely essential that you develop data-security habits when surfing the Internet. That’s where the Security Summit comes in.
To give you an idea of where to start, the Summit put together these online security tips for Day 1 of National Security Awareness Week:
- Shop at sites where the web address begins “https;” the “s” is for secure communications over the computer network. This is an added layer of protection when sharing credit card numbers for a purchase. Note: scam sites also can use “https,” so shoppers should ensure they are shopping with a legitimate retailer.
- [Do] not shop on unsecured public Wi-Fi. This helps to prevent thieves from eavesdropping. Instead, use secure home Wi-Fi with a password.
- Use security software for computers and mobile phones, and keep it updated. Make sure anti-virus software has a feature to stop malware and there is a firewall that can prevent intrusions.
- [Do] not hand out personal information. Phishing scams, imposter emails, calls and texts are the number one way thieves steal personal data.
- [Do] not open links or attachments on suspicious emails.
- Use strong, unique, yet easily remembered passwords are safest for online accounts.
- Use two-factor authentication whenever possible. Many email providers and social media sites offer this feature to help prevent thieves from easily hacking accounts.
- Back up files on computers and mobile phones. A cloud service or an external hard drive can be used to copy information from computers or phones.
Tomorrow, the Security Summit will focus on identifying and avoiding phishing scams. Check back with us to get the latest National Tax Security Awareness Week information.
Source: IR-2019-185; IRS Tax Tip 2019-168
– Story provided by TaxingSubjects.com