Tax ombud's report exposes serious e-filing profile hijacking risks for taxpayers
The Tax Ombud's latest report uncovers vulnerabilities in the SARS e-filing system, revealing significant risks of profile hijacking that threaten taxpayer security.
Image: File
The Office of the Tax Ombud (OTO) draft report on SARS eFiling profile hijacking has revealed incidents where taxpayers' security details were altered, bank account information was manipulated and fraudulent tax returns were submitted to generate refunds that were directed to the fraudsters.
The report found that incidents were most prevalent among tax practitioners and individual taxpayers.
The draft report, which has been released for public comment, shows that the majority of cases involve Personal Income Tax and Value-Added Tax (VAT). Fraudulent transactions are usually for amounts under R10,000 but can climb as high as R100,000.
The investigation identified several vulnerabilities in the current system, including inadequate authentication processes, challenges in fraud detection, delayed SARS response times, insider threats, and low digital security awareness among taxpayers.
The report said the findings of the investigation revealed that eFiling profile hijacking poses a serious threat.
“While this investigation exposed a pattern of fraudulent activities, it also highlighted a service delivery failure by SARS in assisting taxpayers who fall victim to eFiling profile hijacking.”
The report said SARS, guided by the OTO recommendations must enhance the current two-factor authentication for all user categories, introduce profile lock features during risk period of SARS tax filing, enhance biometric verifications for both new and existing profiles and improve taxpayer support.
Tax practitioners are also urged to implement stricter controls on third-party access and uphold high professional conduct standards, while taxpayers are encouraged to use strong passwords, activate two-factor authentication, and regularly monitor eFiling profile activities.
Further recommendations include amendments to the Tax Administration Act by National Treasury, the creation of an Inspector-General of Tax Administration as suggested by the Nugent Commission, and a call for the South African Reserve Bank to investigate banking irregularities linked to eFiling profile hijacking.
The report is open for public comment until October 31. The OTO said: “By inviting public participation, the OTO aims to create a robust and effective response to eFiling profile hijacking, thereby ensuring protection of taxpayers’ rights and enhancing trust in South Africa’s tax administration system.”
Submissions can be sent to communications@taxombud.gov.za. The draft report is available at www.taxombud.gov.za.