ATO Changes to prevent unauthorised access to clients’ accounts

ATO Changes to prevent unauthorised access to clients’ accounts

Australian Taxation Office (ATO) are strengthening their security for online services. ATO are taking action due to the increasing efforts by criminals to impersonate legitimate users to lodge fraudulent tax returns or gain access to data that they can make money from.

Tax agents, BAS agents and payroll service providers are not immune to fraud and identity theft. To counter the increased risk, ATO are adding an extra control into the process for how we link to a new client or add a new obligation for an existing client.

Further strengthening the front-end controls will:

  • help protect agents and their clients
  • ensure that only an authorised agent or payroll service provider can link to your clients’ accounts and access their tax and super affairs
  • give more confidence about the identity of a new client
  • bring ATO processes more into line with best practice and community expectations.

The new step requires a business to complete an Agent nomination in Online services for business. The agents can then link or change authorisations in the ATO online services as normal. There will be no impacts on client links that are already in place.

ATO ran a successful pilot for this new process in mid-2022. The pilot included some of the Top 100 and Top 1,000 public and multinational businesses. From 13 December 2022, ATO will extend the process to:

  • most public and multinational businesses
  • businesses in the Top 500 privately-owned wealthy groups, where that group has a significant level of ownership.

The new process will progressively apply to more taxpayers and ATO will also send an email to businesses to let them know.

For a more detailed information and support materials about client to agent linking in online services, you can go to the ATO website at