Business owners spend a lot of time and effort ensuring their operations run smoothly, from delivering quality goods and services to providing accurate financial statements and tax returns. Yet one scammer going after your company can bring it all down, harming your reputation and your revenue.
One of the best ways to protect your business is understanding the types of scams so you and your employees know what to look for – and how to avoid them.
Electronic signatures, or e-signatures, are a convenient and efficient substitute for “wet signatures,” but they can also expose your business to fraud and unauthorized signing. If you use electronic signatures in your business, ensure these two things:
1. Electronic signatures are valid. How do you ensure an electronic signature is valid without an in-person verification? The lengths you go to may depend on the size or nature of the contract. Still, there are several ways to authenticate a signer’s identity, including knowledge-based authentication (KBA), taking a video of the signing, and employing a notary.
2. Electronic signatures are compliant. In the U.S., electronic signatures must comply with the Electronic Signatures in Global and National Commerce Act and the Uniform Electronic Transaction Act (UETA). These laws generally require an intent to sign, consent to do business electronically, associating the electronic signature with a record, and retaining those records.
Most modern e-signature solutions comply with these requirements, so make sure you use a solution provider that takes appropriate steps to verify a signer’s identity and comply with applicable regulations and best practices.
Client portal access
Client portals make it easy to send and receive documents and collaborate on projects with coworkers, clients, and other third parties, but they can also open the door to data leaks, breaches, and hacking incidents.
There are three elements to help keep data in a client portal secure:
- Authentication. This is how to identify a user. That typically involves entering a valid username and password before granting them access to the portal. Provide each user a unique username and password through a secure channel before logging in.
- Authorization. What authority does the user have to perform specific tasks after logging into a portal? Your employees may be authorized to access more areas or perform more activities than a client or another third party, such as a banker, attorney, or consultant.
- Audit. The final element is an audit trail, which tracks a user’s access and activities while in the portal.
Many pre-built solutions allow your business to quickly deploy a secure client portal and integrate with your existing systems. Again, using a solution provider that takes steps to maintain data integrity will protect your company, customers, and clients.
Tax scams take many forms as scammers try to steal money, identities, tax refunds, and more. Often, these scams start with a phone call, email, or in-person visit from someone claiming to represent the IRS. These scammers may demand payment of back taxes and penalties or ask an individual to confirm their Social Security or bank account number to receive a tax refund.
Knowing how the IRS will and won’t initiate contact is one of the best ways to avoid falling victim to tax scams.
In most cases, IRS contact starts with a letter or notice delivered via the U.S. Postal Service. Following that initial notice, the IRS may call or visit an individual’s home or office to collect an overdue income or employment tax payment, follow up on a delinquent return, or tour a business’ premises as part of an IRS audit or criminal investigation.
The IRS does not:
- Demand payment via a prepaid debit card, gift card, or wire transfer or insist an individual make a payment over the phone.
- Threaten to send local law enforcement or immigration officials to arrest an individual for not paying your tax bill.
- Demand payment without allowing an individual to review or appeal the amount they owe.
- Initiate contact or request personal or financial information via email, text message, or social media channels.
You can learn more about common tax-related scams at Tax Scams/Consumer Alerts. If you believe a scammer has targeted you, you can report IRS impersonation scams online or call the IRS at (800) 366-4484. If your company needs assistance setting up the safeguards addressed above or strengthening your cybersecurity efforts, contact our team of professionals today!
Treasury Circular 230 Disclosure
Unless expressly stated otherwise, any federal tax advice contained in this communication is not intended or written to be used, and cannot be used or relied upon, for the purpose of avoiding penalties under the Internal Revenue Code, or for promoting, marketing, or recommending any transaction or matter addressed herein.