IRS enhances efforts to combat identity fraud
WASHINGTON - The Internal Revenue Service and private tax preparers say they are beefing up efforts to limit tax-related identity theft for the 2016 filing season, testing more than 20 new safeguards to protect taxpayers' sensitive information.
"We have never had this level of cooperation or sharing," IRS Commissioner John Koskinen said at a briefing Tuesday. "We will collect [information] in real time, and we will pull it together and share it back out so everyone has access to that information."
So far, 34 states and 20 tax preparation companies have agreed to share information.
The new safeguards mark the latest effort in a new information-sharing strategy among the IRS, state tax authorities and the private tax preparation industry to halt a surge in tax refund fraud.
Identity theft has been a major theme for the agency this year following a spike in suspicious tax filings and an attack from hackers who stole personal information of hundreds of thousands of taxpayers. The IRS is also coping with a surge in phone related scams from fraudsters pretending to be from the agency to intimidate taxpayers into making payments or giving up personal information.
Koskinen said the new safeguards will be as "non-burdensome as possible" for tax preparers and require "relatively incremental steps" for taxpayers.
"Filing season is going to be much more secure than in the past," he said.
Tax authorities and software providers are eager to show that they are taking efforts to prevent tax fraud following the spike in suspicious tax filings earlier this year.
Tax authorities and software providers have come up with a list of 20 data points about tax returns that could be shared to help the IRS and state tax agencies verify tax returns and spot fraud.
While declining to go into specifics, Koskinen said the kind of information that would be shared includes whether a return was submitted from a location or device where multiple tax returns were filed. The groups will also look at how long it takes to file and prepare tax forms to spot returns that may have been mechanically generated, he said.
Tax preparation firms agreed to stricter login and validation requirements that can cut down on incidents of criminals taking over taxpayers' accounts to steal personal information. For instance, software companies agreed to add three security questions and to require more secure passwords that are at least eight characters long, including uppercase and lowercase letters, numbers and special characters.
Software companies agreeing to the changes will also let customers know when a second tax return has been filed using their Social Security number. They'll tell customers change has been made to their account, to make it easier for them to know if a fraudster has accessed their account.
But the new efforts won't address one issue that came up earlier this year: What should tax software providers do when fraudsters use their programs to file phony returns? Intuit, the maker of most popular tax filing program TurboTax, previously shared information about suspicious returns with the IRS but with a time lag that security experts said would have made it difficult for the agency to catch the fraud before the refunds were paid out.
Now, companies will share that information on a weekly basis, if not sooner, allowing the IRS to be more nimble in adjusting its fraud filters. But it will still fall on the IRS and state tax authorities to accept or reject a return. Tax preparation companies are not required to shut down accounts even if it appears that they're used primarily for filing fraudulent tax returns, meaning that fraudsters may still be able to use software to generate high numbers of phony returns.