Similar issue with Tax Software used by Accountants
Tax software used by accountants records passwords and keys required to file a tax return on behalf of a customer. There could be thousands of people in each DB depending on the size of the accountancy business. There has been cases before where this has been pilfered. There is no way to completely protect the information even if the software encrypts it in the DB as it need to be decrypted before it can be transmitted.
A proper process needs to be in place to avoid fraud.
Letters and emails should be sent on submission of a tax return and on advice of a refund on your tax.
There should be a delay in the refund to allow any fraud to be detected.
Address changes should have a process to avoid fraud, e.g. letter to old address informing them of the change, contact us if you didn't authorise this.
Bank details for refund, any changes again need to be written in a letter and a delay added to ensure any fraud is detected by the letter.
Agent bank details changes should require extra monitoring of any changes as the repercussions are so enormous.