May 12th 2010
The Internal Revenue Service must do more to protect the identity of taxpayers calling its toll-free assistance lines, a recent report concluded.
Callers to the IRS assistance line might overhear the personal information of other taxpayers as employees authenticate their identity. Also, the IRS does not always properly verify the taxpayer’s identity before discussing confidential tax account information, according to the Treasury Inspector General for Tax Administration in a March 31 report.
The information sought from callers includes name, address, Social Security Number, birth date, and place of birth. That information is considered to be Personally Identifiable Information, or PII. The report stated that taxpayers who call the toll-free lines are at risk of having their PII disclosed inadvertently as auditors listening to taped calls could hear part of assistors’ conversations with other callers. The report noted that identity theft has been the No. 1 consumer complaint with the Federal Trade Commission for the past nine years.
Of 180 calls tested, assistors increased the risk of unauthorized disclosures for 29 calls. Examples included not asking callers all five required questions, or not ending the call when the caller continued to incorrectly answer screening questions, the report stated.
Also, during 48 of the 180 calls, auditors were able to overhear assistors’ conversations with other callers. The report said that the employees failed to put callers on hold when they were looking up account information.
“For 26 calls (14 percent of all calls tested), assistors repeated the Social Security Number back to the caller on the telephone. This puts the IRS at risk of disclosing Personally Identifiable Information,” the report stated.
"As the telephone continues to be one of the primary tools taxpayers use to communicate with the IRS, taxpayers need to be assured that the IRS is taking every precaution to protect their personal information from inadvertent disclosure," wrote J. Russell George, the Treasury Inspector General for Tax Administration. Millions call the IRS every year at its toll-free number, (800) 829-1040.
Gautham Nagesh, a technology blogger for The Hill, wrote that the report is a “sobering reminder” that the most significant cyber security breaches occur after a failure to implement established security policies.
“While it's certainly encouraging to see the wave of proposed legislation and rules aimed at securing the nation's networks, none of those rules will have any chance to succeed without first educating workers about, and raising awareness of, the threat to the public's privacy. Once again, the human element is always the last and most important link in any secure network,” Nagesh wrote.
George recommended requiring IRS employees to ask additional questions to “potential-risk callers,” train them on controlling their calls, and using technology to lower the number of times taxpayers must answer the same verification questions. The IRS agreed with some, but not all, of the recommendations.
The report stated, “The IRS did not agree with our recommendation to revise guidelines to require assistors to ask two additional high-risk probes when callers incorrectly answer the address or date of birth probes. The IRS considers existing guidelines sufficient and revising the guidelines is unnecessary.”
See the full report at www.treas.gov/tigta/auditreports/2010reports/201040045fr.pdf.