IRS working with tax industry, states to upgrade security
Tax identity theft victims also will now get copies of fraudulent returns
The good news for taxpayers is that the Internal Revenue Service recognizes our desire for more do-it-ourselves options and has been offering us more Web-based tax tools.
The bad news for taxpayers is that the expansion of online services makes it more likely the IRS will be hit by hackers and other tax fraud criminals.
That's the warning from IRS Commissioner John Koskinen and Treasury Inspector General for Tax Administration J. Russell George.
IRS Commissioner John Koskinen testifying June 2 on agency security before the Senate Finance Committee; click image to watch, in a new screen, the hearing video. A second IRS security hearing also was held Tuesday by the Senate Homeland Security and Governmental Affairs.
"Even security controls that may have been adequate in the past can be overcome by hackers, who are anonymous, persistent and have access to vast amounts of personal data and knowledge," George told Senate Finance Committee members during a June 2 hearing.
"The challenge will always be to keep up with, if not get ahead of, our enemies in this area," noted Koskinen at the same session.
And in order to at least keep pace with tax crooks, the IRS chief told lawmakers that his agency is working on broader security changes that also will involve input from the private sector tax industry and other government agencies.
Get Transcript was only option affected: The Finance Committee hearing was one of two on Capitol Hill Tuesday called in the wake of the revelation that identity thieves were able to get past tax returns of 104,000 taxpayers by using the IRS' Get Transcript online feature.
After Finance's morning session, the issue of how to better protect Americans' personal information moved in the afternoon to the Senate Committee on Homeland Security and Governmental Affairs' hearing room.
At both hearings, Koskinen reiterated that the IRS' online tool to download prior tax filing data was infiltrated using taxpayers' information that the crooks had secured from sources outside the tax agency. He again reassured lawmakers (and taxpayers) that the IRS' core tax processing computer operation was not compromised.
IRS Commissioner John Koskinen, testifying June 2 before the Senate Finance and the Senate Homeland Security and Governmental Affairs Committees, provided additional details on the 104,000 taxpayer accounts accessed between mid-February and mid-May through the IRS' online Get Transcript application:
• The unauthorized attempts to obtain tax account information focused on Get Transcript. There were no attempts to gain access to the main IRS computer system, which remains secure, as do other online IRS applications such as Where's My Refund?
• About 35,000 taxpayers had already filed their 2014 income tax returns before the unauthorized access attempts. These taxpayers' 2014 returns and refund claims were not affected, because any fraudulent return subsequently filed in their names would be automatically rejected by the IRS.
• There is no record for another 33,000 affected taxpayers of any return having been filed in 2015. This could be the case for a number of reasons, such as the Social Security numbers associated with these individuals belonging to persons who have no obligation to file.
• Unsuccessful attempts were made to file approximately 23,500 returns. These 23,500 returns were flagged by IRS fraud filters and stopped before refunds were issued.
• About 13,000 suspect returns were filed for tax year 2014 for which the IRS issued refunds, which totaled about $39 million. The agency is still determining how many of these returns were filed by the actual taxpayers and which were filed using stolen identities.
Security changes on the horizon: The commissioner also hinted at coming changes in how taxpayer identities and accounts are verified.
Koskinen said that the IRS is working with leaders of the tax software and payroll industries and state tax administrators to build on cooperative efforts of the past and find new ways to battle identity theft.
Later this month, said Koskinen, "we expect to announce an agreement on short-term solutions to help better protect personal information in the upcoming tax filing season, and to continue to work on longer-term efforts to protect the integrity of the nation's tax system."
UPDATE: It's official. The IRS, state tax departments and tax industry leaders announced their new united effort to fight tax identity theft fraud on June 11. The changes will be implemented during the summer, in time for the 2016 tax filing season.
A key change, he said, will be in the area of authentication.
"As criminals obtain more personal information, authentication protocols need to become more sophisticated, moving beyond information that used to be known only to individuals but now, in many cases, is readily available to criminal organizations from various sources," said Koskinen. "We must balance the strongest possible authentication processes with the ability of taxpayers to legitimately access their data and use IRS services online."
"It's going to create new requirements for the software industry and new expectations for government," Timur Taluy of FileYourTaxes.com told Tax Notes reporter Amy Hamilton. "Everybody's supposed to work together more efficiently to help stop fraud. So yes, everybody's going to have to do something to better protect the American taxpayer."
Expect more public-private information sharing, enhanced authentication steps by software providers and different processing methods by tax agencies for the 2016 filing season, according to Tax Notes.
Fake returns for real taxpayers: As for taxpayers who fall victim to identity thieves, the IRS has agreed to provide victims with copies of the fraudulent tax returns that have been filed under their names. The agency has refused to do so until now, citing privacy concerns.
The move was requested by Homeland Security and Governmental Operations committee member Sen. Kelly Ayotte (R-N.H.). She wrote Koskinen in May urging the IRS to provide the fake return copies to the victimized taxpayers. Ayotte's request was prompted by constituents who told her that the IRS' refusal to provide copies of fraudulent tax returns prevented them from knowing what information was stolen.
Koskinen said the IRS is developing a procedure that will enable victims to receive, upon request, redacted copies of the fraudulent returns.
Ayotte also is sponsor of the Social Security Identity Defense Act of 2015. In addition to requiring the IRS to notify potential victims of identity theft, the bill would require the IRS to notify law enforcement and the Social Security Administration to notify employers who submit fraudulently used Social Security numbers.
Are you worried about the security of your tax data? Will that concern affect how you interact with the IRS; that is, will you still e-file and use other digital tax options or go back to paper filing?
You also might find these items of interest: