Thursday, September 28, 2017

Reminder for Parents, Students: Check Out College Tax Benefits

With back-to-school season in full swing, the Internal Revenue Service reminds parents and students about tax benefits that can help with the expense of higher education.

Two college tax credits apply to students enrolled in an eligible college, university or vocational school. Eligible students include the taxpayer, their spouse and dependents.

American Opportunity Tax Credit

The American Opportunity Tax Credit, (AOTC) can be worth a maximum annual benefit of $2,500 per eligible student. The credit is only available for the first four years at an eligible college or vocational school for students pursuing a degree or another recognized education credential. Taxpayers can claim the AOTC for a student enrolled in the first three months of 2018 as long as they paid qualified expenses in 2017.

Lifetime Learning Credit

The Lifetime Learning Credit, (LLC) can have a maximum benefit of up to $2,000 per tax return for both graduate and undergraduate students. Unlike the AOTC, the limit on the LLC applies to each tax return rather than to each student. The course of study must be either part of a post-secondary degree program or taken by the student to maintain or improve job skills. The credit is available for an unlimited number of tax years.

To claim the AOTC or LLC, use Form 8863, Education Credits (American Opportunity and Lifetime Learning Credits). Additionally, if claiming the AOTC, the law requires taxpayers to include the school’s Employer Identification Number on this form.

Form 1098-T, Tuition Statement, is required to be eligible for an education benefit. Students receive this form from the school they attended. There are exceptions for some students.

Other education benefits

Other education-related tax benefits that may help parents and students are:
  • Student loan interest deduction of up to $2,500 per year.
  • Scholarship and fellowship grants. Generally, these are tax-free if used to pay for tuition, required enrollment fees, books and other course materials, but taxable if used for room, board, research, travel or other expenses.
  • Savings bonds used to pay for college. Though income limits apply, interest is usually tax-free if bonds were purchased after 1989 by a taxpayer who, at time of purchase, was at least 24 years of age.
  • Qualified tuition programs, also called 529 plans, are used by many families to prepay or save for a child’s college education. Contributions to a 529 plan are not deductible, but earnings are not subject to federal tax when used for the qualified education expenses.
To help determine eligibility for these benefits, taxpayers should use tools on the Education Credits Web page and IRS Interactive Tax Assistant tool on

Keep A Copy of Tax Returns

Taxpayers should keep a copy of their tax return for at least three years. Copies of tax returns may be needed for many reasons. If applying for college financial aid, a tax transcript may be all that is needed. A tax transcript summarizes return information and includes adjusted gross income. Get one from the IRS for free.

The quickest way to get a copy of a tax transcript is to use the Get Transcript application. After verifying identity, taxpayers can view and print their transcript immediately online. The online application includes a robust identity verification process. Those who can’t pass the verification must request the transcript be mailed. This takes five to 10 days, so plan ahead and request the transcript early.

Additional IRS Resources:

IRS Offers Help to Hurricane Victims: A Recap of Key Tax Relief Provisions Available Following Harvey, Irma and Maria

The Internal Revenue Service today offered a rundown of key tax relief that has been made available to victims of Hurricanes Harvey, Irma and Maria.
In general, the IRS is now providing relief to individuals and businesses anywhere in Florida, Georgia, Puerto Rico and the Virgin Islands, as well as parts of Texas. Because this relief postpones various tax deadlines, individuals and businesses will have until Jan. 31, 2018 to file any returns and pay any taxes due. Those eligible for the extra time include:
  • Individual filers whose tax-filing extension runs out on Oct. 16, 2017. Because tax payments related to these 2016 returns were originally due on April 18, 2017, those payments are not eligible for this relief.
  • Business filers, such as calendar-year partnerships, whose extensions ran out on Sept. 15, 2017.
  • Quarterly estimated tax payments due on Sept. 15, 2017 and Jan. 16, 2018.
  • Quarterly payroll and excise tax returns due on Oct. 31, 2017.
  • Calendar-year tax-exempt organizations   whose 2016 extensions run out on Nov. 15, 2017.
A variety of other returns, payments and tax-related actions also qualify for additional time. See the disaster relief page on for details on these and offer relief the IRS has offered since these hurricanes began hitting in August. The IRS also continues to closely monitor the aftermath of these storms, and additional updates for taxpayers and tax professionals will be posted to

Besides extra time to file and pay, the IRS offers other special assistance to disaster-area taxpayers. This includes the following:

  • Special relief helps employer-sponsored leave-based donation programs aid hurricane victims. Under these programs, employees may forgo their vacation, sick or personal leave in exchange for cash payments the employer makes, before Jan. 1, 2019, to charities providing relief. Donated leave is not included in the employee’s income, and employers may deduct these cash payments to charity as a business expense.
  • 401(k)s and similar employer-sponsored retirement plans can make loans and hardship distributions to hurricane victims and members of their families. Under this broad-based relief, a retirement plan can allow a hurricane victim to take a hardship distribution or borrow up to the specified statutory limits from the victim’s retirement plan. It also means that a person who lives outside the disaster area can take out a retirement plan loan or hardship distribution and use it to assist a son, daughter, parent, grandparent or dependent who lived or worked in the disaster area. Hardship withdrawals must be made by Jan. 31, 2018.
  • The IRS is waiving late-deposit penalties for federal payroll and excise tax deposits normally due during the first 15 days of the disaster period. Check out the disaster relief page for the time periods that apply to each jurisdiction.
  • Individuals and businesses who suffered uninsured or unreimbursed disaster-related losses can choose to claim them on either the return for the year the loss occurred (in this instance, the 2017 return normally filed next year), or the return for the prior year (2016). See Publication 547 for details.
  • The IRS is waiving the usual fees and expediting requests for copies of previously filed tax returns for disaster area taxpayers. This relief can be especially helpful to anyone whose copies of these documents were lost or destroyed by the hurricane.
  • If disaster-area taxpayers are contacted by the IRS on a collection or examination matter, they should be sure to explain how the disaster impacts them so that the IRS can provide appropriate consideration to their case.
Further details on these and other relief provisions can be found on the agency’s disaster relief page, as well as on the special pages for Hurricane Harvey and Hurricane Irma . For information on disaster recovery, visit

IRS Notice 2017-54: 2017-2018 Special Per Diem Rates

Notice 2017-54 announces the special per diem rates effective October 1, 2017, which taxpayers may use to substantiate the amount of expenses for lodging, meals, and incidental expenses when traveling away from home.  This notice provides the special transportation industry rate, the rate for the incidental expenses only deduction, and the rates and list of high-cost localities for purposes of the high-low substantiation method.

Notice 2017-54 will be in IRB 2017-42, dated October 16, 2017.

Friday, September 15, 2017

Don’t Take the Bait: Act Quickly after a Data Incident

If you experience a data breach or theft of client data, it is in your interest and the interest of your clients to contact the IRS immediately. Fast action is critical because criminals can quickly convert the stolen data into fraudulent tax returns to claim refunds. 

Tuesday, September 12, 2017

Don’t Take the Bait, Step 10: Steps for Tax Pros with Data Incidents; Tips to Help Protect Clients, Taxpayers

The IRS, state tax agencies and the tax industry today reminded tax professionals that if they experience a breach or theft of taxpayer data they should immediately contact the IRS to help protect clients.

The IRS can take some steps to lessen the impact of tax-related identity theft on clients, but a quick response by tax practitioners discovering a problem can help avert problems. Generally, criminals work quickly to convert the stolen data into fraudulent tax returns to claim refunds.

Encouraging tax practitioners to report data thefts is the final news release in a 10-week, “Don’t Take the Bait” campaign, an effort focused on informing tax professionals. The IRS, state tax agencies and the tax industry, working together as the Security Summit, urge practitioners to immediately report data losses to the IRS and state tax agencies. This is part of the ongoing  Protect Your Clients; Protect Yourself effort.

“The IRS, the states and the nation’s tax community continue to make progress in the battle against tax-related identity theft,” said IRS Commissioner John Koskinen. “But we need the help of tax professionals across the country to help strengthen this effort. In addition to working to ensure the safety of their systems, practitioners should promptly report identity theft or data breaches to help protect their clients.”

The IRS has created a reporting process for tax professionals. Those experiencing a data loss should contact their local IRS stakeholder liaison. The IRS representative will relay information to other parts of the IRS that need to know, including the Return Integrity and Compliance Services and Criminal Investigation divisions.

Also, be aware that some states require notification of data losses, and tax professionals should notify each state for which they prepare returns.

IRS stakeholder liaisons will need a list of the affected taxpayers, including names and Social Security numbers. Send the file to liaisons in a CSV (Comma Separated Values) format. If using Microsoft Excel, simply “save as” and scroll the list of options to CSV. Save and encrypt the file before emailing it to IRS staff.

Protecting Clients and Businesses by Reporting Data Thefts

Tax professionals should review IRS Data Theft Information for Tax Professionals for details on reporting losses.  Preliminary steps include:

Contacting the IRS and law enforcement:
Contacting states in which the tax professional prepares state returns:
  • Any breach of personal information could impact the victim’s tax accounts with the states as well as the IRS. Email the Federation of Tax Administrators at to get information on how to report victim information to the states.
  • State Attorneys General  for each state in which the tax professional prepares returns. Most states require that the attorney general be notified of data breaches. This notification process may involve multiple offices.
Contacting experts:
  • Contact a security expert to determine the cause and scope of the breach, to stop the breach and to prevent further breaches from occurring.
  • Contact insurance companies to report the breach and to check if the insurance policy covers data breach mitigation expenses.
Contacting clients and other services:
  • Federal Trade Commission
  • Credit / identity theft protection -- certain states require offering credit monitoring / identity theft protection to victims.
  • Credit bureaus – to notify them if there is a compromise and clients may seek their services.
  • Clients – Send an individual letter to all victims to inform them of the breach but work with law enforcement on timing.
IRS toll-free assisters cannot accept third-party notification of tax-related identity theft. Again, preparers should use their local IRS Stakeholder Liaison.

Tuesday, September 5, 2017

Don’t Take the Bait, Step 9: Make Data Security an Everyday Priority; Key Steps Can Help

The IRS, state tax agencies and the tax industry today urged tax professionals to make data security an everyday priority, noting a few simple steps can go far in protecting taxpayer information from cybercriminals.

Cybersecurity experts often refer to the 90/10 rule. This rule states that 10% of cybersecurity is reliant upon technology; 90 percent is up to users. The IRS currently is receiving reports of tax professional data breaches at the rate of three to five a week, a level that requires immediate attention.

Making daily security a priority is part of the “Don’t Take the Bait” campaign, a 10-part series aimed at tax professionals. The IRS, state tax agencies and the tax industry, working together as the Security Summit, urge practitioners to work to protect their clients and themselves from cybersecurity threats. This is part of the ongoing Protect Your Clients; Protect Yourself effort.

“Tax professionals should not overlook the importance of protecting their systems and their data,” said IRS Commissioner John Koskinen. “Cybercriminals are increasingly targeting the tax community, and tax practitioners play a critical role in helping safeguard their client data as well as their own. Taking a few critical steps can help tax professionals avoid a devastating situation for their business and the taxpayers they serve.”

Data security within a tax professional’s office is only as strong as the least-informed employee. And, security awareness must extend beyond the office into homes. The IRS is aware of situations where a data breach of a tax preparer’s office began at the home of an employee working remotely.

Tax professionals – as well as the Security Summit partners – are matching wits and skills with highly-sophisticated, well-funded, technologically-adept criminal syndicates from the United States and around the world. Anyone who handles taxpayer information has an obligation under federal law to protect that information from unauthorized disclosure, improper disposal and outright theft.

Tax professionals should conduct ongoing education of office employees to combat daily threats, including spear phishing emails, business identity theft, account takeovers, ransomware attacks, remote takeovers, business email compromises and Electronic Filing Identification Number (EFIN) thefts.

Protecting Clients and Businesses by Making Data Security a Daily Priority

Practitioners also should review the NIST small business guide to learn not only what technological steps should be taken but also what everyday steps all employees should take. NIST, or the National Institute of Standards and Technology, a division of the U.S. Department of Commerce, has been helping small businesses with information security since 2001. NIST also has recommendations on everyday activities tax professionals and employees can do to help keep businesses safe and secure. Some of these include:

  • Be careful of email attachments and web links
    • Do not click on a link or open an attachment that you were not expecting. If it appears important, call the sender to verify they sent the email and ask them to describe what the attachment or link is. Before you click a link (in an email or on social media, instant messages, other webpages), hover over that link to see the actual web address it will take you to. Train employees to recognize phishing attempts and who to notify when one occurs.
  • Use separate personal and business computers, mobile devices and accounts
    • As much as possible, have separate devices and email accounts for personal and business use. This is especially important if other people, such as children, use personal devices. Do not conduct business or any sensitive activities (like online business banking) on a personal computer or device and do not engage in activities such as web surfing, gaming, downloading videos, etc., on business computers or devices. Do not send sensitive business information to personal email addresses.
  • Do not connect personal or untrusted storage devices or hardware into computers, mobile devices or networks.
    • Do not share USB drives or external hard drives between personal and business computers or devices. Do not connect any unknown / untrusted hardware into the system or network, and do not insert any unknown CD, DVD or USB drive. Disable the “AutoRun” feature for the USB ports and optical drives like CD and DVD drives on business computers to help prevent such malicious programs from installing on the systems.
  • Be careful downloading software
    • Do not download software from an unknown web page. Be very careful with downloading and using freeware or shareware.
  • Watch out when providing personal or business information
    • Social engineering is an attempt to obtain physical or electronic access to business information by manipulating people. A very common type of attack involves a person, website or email that pretends to be something it’s not. A social engineer will research a business to learn names, titles, responsibilities and any personal information they can find. Afterwards, the social engineer usually calls or sends an email with a believable, but made-up, story designed to convince the person to give them certain information.
    • Never respond to an unsolicited phone call from a company you do not recognize that asks for sensitive personal or business information. Employees should notify their management whenever there is an attempt or request for sensitive business information.
    • Never give out usernames or passwords. No company should ask for this information for any reason. Also, beware of people asking what kind of operating system, brand of firewall, internet browser, or what applications are installed. This is information that can make it easier for a hacker to break into the system.
  • Watch for harmful pop-ups
    • When connected to and using the Internet, do not respond to popup windows requesting that users click “OK.” Use a popup blocker and only allow popups on trusted websites.
  • Use strong passwords
    • Good passwords consist of a random sequence of letters (upper case and lower case), numbers, and special characters. The NIST recommends passwords be at least 12 characters long. For systems or applications that have important information, use multiple forms of identification (called “multi-factor” or “dual factor” authentication).
    • Many devices come with default administration passwords – these should be changed immediately when installing and regularly thereafter. Default passwords are easily found or known by hackers and can be used to access the device. The manual or those who install the system should be able to show you how to change them.
    • Passwords should be changed at least every three months.
    • Passwords to devices and applications that deal with business information should not be re-used.
    • You may want to consider using a password management application to store your passwords for you.
  • Conduct online business more securely
    • Online business/commerce/banking should only be done using a secure browser connection. This will normally be indicated by a small lock visible in the lower right corner or upper left of the web browser window.
    • Erase the web browser cache, temporary internet files, cookies and history regularly. Make sure to erase this data after using any public computer and after any online commerce or banking session. This prevents important information from being stolen if the system is compromised. This will also help the system run faster. Typically, this is done in the web browser’s “privacy” or “security” menu. Review the web browser’s help manual for guidance.