Unfortunately, cybercrime statistics are not decreasing with major cybercrimes being front page news – think Optus and Medibank. According to the latest Annual Cyber Threat Report for 2021-2022, by the Australian Cyber Security Centre there was a cybercrime reported every seven minutes. This compares to one reported every eight minutes the previous year.

Identity theft is a cybercrime and incidences are increasing as criminals use increasingly sophisticated means to steal taxpayer identities (some people have far too much time on their hands!) To help combat identity theft, the ATO and the Tax Practitioners Board have developed new client verification guidelines which registered tax practitioners and BAS agents need to follow.

What does this mean for clients of ESV?

• We need to verify the identity of all new clients and new representatives acting on behalf of current or new clients.

How will we do this?

• We have engaged the services of a third party to verify a client’s proof of identity electronically. DocuSign is an ATO approved ‘gateway’ which we have chosen to use.

Is my data safe?

• The information entered will not be held by ESV or DocuSign. In our internal system we will record when a proof of identity check was completed in DocuSign, but not keep any of the proof of identity documents.

What will clients be asked for?

• You will need to provide two types of ID such as your driver’s licence, passport and Medicare card.

How long will it take?

• It will only take a couple of minutes. For anyone we need to verify – an email will be sent, and the prompts should be followed to provide your proof of identity.

The ATO state “strong client verification helps to protect tax practitioners, their clients, and Australia’s tax and superannuation systems from misuse and abuse due to identity theft and related issues.” If you have any questions, please reach out to your Engagement Partner.