IRS Commissioner John Koskinen should be smiling just a little more lately, and with good reason. The latest statistics clearly show his agency and the tax industry at large are succeeding against identity thieves and fraudsters.

“The IRS, state tax agencies and the tax community have worked hard to turn the tide against tax-related identity theft,” Koskinen said. “We’re making progress in protecting individuals but we still have more work to do, especially in the business tax area and involving tax professionals.”

So far this year, reports of identity theft have declined sharply compared to the same time in 2016 and 2015. In the first five months of 2017, about 107,000 taxpayers reported being victims of identity theft compared to the same period in 2016, when 204,000 filed victim reports. That’s about 97,000 fewer victims – a drop of 47 percent; a similar drop was posted between 2015 and 2016.  For comparison, there were nearly 297,000 identity theft victims during the first five months of 2015.

The decline is part of an ongoing trend that began in 2016 as Security Summit safeguards were put in place. The Security Summit, made up of IRS officials, state tax agency representatives, and income tax partners, came together in 2015.

Drake Software Vice President Jami Gibson is a member of the Security Summit, serving on the Authentication Working Group. Taxing Subjects talked with her a few weeks ago about her part in this very important endeavor. One challenge, she said, is that much of what the various working groups do simply cannot be released to the public, lest they tip off the bad guys.

“It’s a fine line,” Gibson said. “On the one hand, this year our customers saw changes in password requirements, lockouts, and so forth. It appeared to them that these changes all came from Drake. Nowhere on the IRS website did it say ‘in the next year the industry will be adding these features.’ You want to educate the taxpayer and the tax preparer out there, but not reveal too much to the fraudster.”

All this is not to say, however, that the battle is won. Apparently the thieves and fraudsters have shifted  targets, turning more of their attention to businesses and tax preparers. There’s been an increase in identity theft involving business-related tax returns. So far in 2017, the IRS has identified some 10,000 business returns as potential identity theft. That compares to about 4,000 for calendar year 2016 and just 350 for calendar year 2015.

The actual number of affected businesses was relatively low, but the dollar amounts were significant: $137 million for 2017, $268 million for 2016 and $122 million for 2015.

The affected returns included corporate returns (Forms 1120 and 1120S) and estate and trust returns (Form 1041). There also was an increase in identity theft related to the Schedule K-1 filings made by partnerships. As a result, tax preparers will see new trusted customer questions on these types of returns.

One challenge for Gibson and the rest of the Security Summit is that cybercriminals are increasing in sophistication and tax expertise. Data stolen from tax practitioners, for example, can be used to file bogus business, partnership or trust returns for big refunds. Or, the data can be posted on the Dark Net so other criminals can file the fraudulent returns. No matter how the data is used, any data from a tax professional only helps the cybercriminal cloak the bogus returns with a screen of legitimacy.

That’s not lost on the identity thieves. For the first five months of this year, there were 177 data breaches reported by tax preparer’s offices. And the IRS gets three to five additional data breach reports every week.

“We need help from the tax community to combat cybercriminals and raise security awareness,” Koskinen said. “That’s why we launched a campaign this summer aimed at tax professionals called Don’t Take the Bait. We want all tax professionals to be aware of the threats and to take the necessary security steps to protect their clients’ most sensitive information.”

So the fight goes on. Gibson said what makes the Security Summit so effective is that the threat of financial ruin due to identity theft and the tax fraud it promotes is very real.

“This isn’t a pie-in-the-sky problem,” Gibson said. “Tax refund fraud and identity theft tax refund fraud is affecting people we know. This is about protecting the American taxpayer. That’s why the Security Summit works. You can point to people in the group and everybody knows somebody personally affected by it.”