Did you know that cybercriminals are increasingly targeting tax systems, with fraudulent refunds costing taxpayers millions each year?
The Australian Taxation Office (ATO) has recently addressed these growing concerns following media reports about potential security breaches.
Business owners and bookkeepers must understand what these developments mean for their operations.
ATO Confirms. Systems Not Hacked!
Recent media reports suggested that hackers had infiltrated myGov accounts and filed fake tax returns. These reports claimed that fraudsters were exploiting security weaknesses in the ATO’s online portal. However, the ATO has firmly disputed these claims.
The Tax Office issued a clear statement:
The ATO’s systems are secure, resilient and have not been compromised.
This response came after several concerning media articles described how unsuspecting taxpayers discovered fraudulent activity in their accounts.
What makes these cases particularly troubling is that many affected individuals already had two-factor authentication enabled.
ATO's Official Response To Security Concerns
The ATO maintains that taxpayer information safety remains its highest priority.
They continue monitoring for new and emerging cyber threats constantly. When unusual account activity occurs, it typically relates to identity theft rather than system breaches.
Identity compromise can happen through various methods:
- Malicious actors requesting personal information
- Phishing emails targeting unsuspecting users
- Large-scale data breaches from external sources
- Individual device or home network hacking
The ATO activates strict security measures immediately when it suspects identity compromise. Taxpayers should contact the ATO directly if they notice any unusual activity in their accounts.
Key ATO Online Security Update - New Agent Nomination System
To minimise identity theft risks and avoid ATO login issues, the ATO has introduced a new client-agent linking process.
Previously, tax or BAS agents could link themselves to a business using ATO Online Services without the business owner’s direct authorisation. That has changed.
As of 13 November 2023, new agent links require direct confirmation from the business owner before any action can be taken.
This means more protection for the taxpayer, but also more responsibility. The process demands that business owners use the ATO’s online services for business to nominate their agent.
| Feature | Old System | New System |
|---|---|---|
| Agent Link Creation | Agent-initiated | Business owner must initiate |
| Business Owner’s Permission Needed | Not always | Mandatory |
| Security Risk | Higher risk of unauthorised access | Lower risk due to two-step validation |
| Responsibility | Mostly with agent | Shared—business owner must take initial steps |
| Help Available from Agent | Agent could guide the full process | Agents can no longer complete the linking process on behalf of clients |
Impact On Bookkeeping Services In Melbourne
Professional BAS services providers now face additional administrative requirements when establishing new client relationships.
Existing client relationships remain unaffected, but new engagements require careful attention to the updated process.
The system increases cybersecurity substantially whilst potentially creating an administrative burden for business owners unfamiliar with ATO online platforms.
However, those already comfortable with the business platform should find the change relatively short.
Step-by-Step Client-Agent Linking Process
Business owners must complete several steps to establish new agent relationships:
Initial Setup Requirements
1. Create a digital identity using myGovID
2. Link myGovID to ABN through the Relationship Authorisation Manager (RAM)
3. Authorise others to act on your behalf if needed
4. Access ATO online services for business
Agent Nomination Process
1. Navigate to Profile > Agent details > Add
2. Search for the chosen registered agent using the registration number or exact name
3.Submit the nomination form
4. Contact the agent immediately after nomination
5. Sign out of the ATO account properly
Agents then have 28 days to accept nominations and complete account linking. This timeframe ensures secure BAS lodgement processes whilst maintaining business continuity.
Fraud Prevention Now A Shared Responsibility!
The ATO has made it clear that while its systems are not compromised, fraudulent activity can still occur if your personal information is leaked elsewhere.
Even with two-factor authentication, criminals may attempt to use stolen identity data to gain access to your accounts or lodge fake returns.
To protect yourself, here are some recommended actions:
- Check your ATO account regularly for unusual activity.
- Immediately contact the ATO if anything seems off.
- Notify your bookkeeping service or tax agent if your tax details are impacted.
- Keep your devices and networks secure.
- Avoid sharing sensitive login credentials through emails or messages.
- Always sign out after accessing the ATO platform.
What Does The New Process Mean For Secure BAS Lodgement?
One of the biggest benefits of the client-agent linking system is that it supports secure BAS lodgement by ensuring that only authorised agents are submitting returns on your behalf.
The system does not affect existing client-agent relationships. So, if you’re already using professional BAS services, no further action is required unless you decide to appoint a new agent.
This added security helps prevent fake GST or tax refund lodgements, which have been key concerns raised in recent media.
Protect Your Business With The Right Accounting Partner
At Candid Books, our trusted BAS agents are ready to help you adapt to the ATO’s updated client-agent linking process. With clear advice, secure handling of your tax and BAS matters, and a commitment to reliable, affordable service, we make sure your financial data stays protected.
