IRS Announces Collaboration to Fight Identity Theft Tax-Refund Fraudby
A new collaboration between the IRS and tax-preparation and software companies, payroll and tax financial product processors, and state tax administrators was announced on June 11 in an effort to combat the recent surge in identity theft tax-refund fraud.
The agreement includes identifying new steps to validate taxpayer and tax return information at the time of filing. Information sharing between the tax-preparation industry and governments will also be increased, as well as the standardized sharing of suspected identity fraud information and analytics to identify fraud schemes and patterns.
âThis agreement represents a new era of cooperation and collaboration among the IRS, states, and the electronic tax industry that will help combat identity theft and protect taxpayers against tax-refund fraud,â IRS Commissioner John Koskinen said in a written statement. âWe've made tremendous progress, and we will continue these efforts. Taxpayers filing their tax returns next filing season should have a safer and more secure experience.â
The steps taken in the partnership result from a March 19 Security Summit, in which the IRS met with CEOs and leaders of private-sector firms, as well as federal and state tax administrators, to discuss emerging threats on identity theft and expand existing collaborative efforts to stop fraud. Since then, three specialized working groups have been working on developing tax-refund fraud prevention tactics.
Just two weeks ago, the IRS announced a massive security breach involving its âGet Transcriptâ application on the agency's website. After gaining access to the personal taxpayer information of approximately 100,000 households, cyber-thieves have stolen millions of dollars by filing fraudulent tax returns. The incident is still being investigated by several federal agencies.
The Associated Pressreported last week that, so far, the thieves have claimed about 13,000 refunds using information they stole from the website, totaling about $39 million.
âWe share a common enemy in those stealing personal information and perpetrating refund fraud, and we share a common goal of protecting taxpayers,â Koskinen said. âWe want to build these changes into the DNA of the entire tax system to make it safer.â
Among the new initiatives included in this collaborative effort include:
Taxpayer authentication. The industry and government groups identified numerous new data elements that can be shared at the time of filing to help authenticate a taxpayer and detect identity theft tax-refund fraud. The data will be submitted to the IRS and states with the tax return transmission for the 2016 filing season. Some of these issues include:
- Reviewing the transmission of the tax return, including the improper and or repetitive use of the IP address from where the return originates.
- Reviewing computer device identification data tied to the return's origin.
- Reviewing the time it takes to complete a tax return so computer-mechanized fraud can be detected.
- Capturing metadata in the computer transaction that will allow review for identity theft-related fraud.
Fraud identification. The groups agreed to expand sharing of fraud leads. For the first time, the tax industry will share aggregated analytical information about their filings with the IRS to help combat identify fraud. This post-return-filing process has produced valuable fraud information because trends are easier to identify with aggregated data. Currently, the IRS obtains this analytical information from some groups, but not all. The expanded effort will ensure a level playing field so everyone approaches fraud from the same perspective, making it more difficult for the perpetration of fraud schemes.
Information assessment. In addition, the groups will look at establishing a formalized Refund Fraud Information Sharing and Assessment Center to more aggressively and efficiently share information between the public and private sectors to help stop the proliferation of fraud schemes and reduce the risk to taxpayers. This would help in many ways, including providing better data to law enforcement to improve the investigations and prosecution of identity thieves.
Cybersecurity framework. Participants within the tax industry agreed to align with the IRS and states under the National Institute of Standards and Technology cybersecurity framework to promote the protection of IT infrastructure. The IRS and states currently operate under this standard, as do many in the tax industry.
Taxpayer awareness and communication. The IRS, industry, and states agreed that more can be done to inform taxpayers and raise awareness about the protection of sensitive personal, tax, and financial data to help prevent refund fraud and identity theft. These efforts have already started, and will increase through the year and expand in conjunction with the 2016 filing season.
âToday marks an important milestone in a multistep journey for government and industry to work together to drive fraud out of the US tax system,â Brad Smith, CEO of tax-preparation software company Intuit Inc., said in a written statement. âWe applaud this new set of security standards and data protocols that create a strong foundation for deepening the partnership between IRS, the states, and industry. What makes this process so effective â and these outcomes so encouraging â is the collaboration and contribution from the entire tax ecosystem.â
Bill Cobb, president and CEO of tax-preparation company H&R Block, said there is still much work to do and not a lot of time to get it done. But he said the agreement âis a good first step.â
âWe must get ahead of the fraudsters. To do that, we need to deal with the most pressing challenge â authentication â by collectively developing industry-wide standards to authenticate filers before submission of the tax returns to the IRS and the states in time for tax season 2016,â he said in a written statement. âLooking further out, we need a comprehensive framework that governs the end-to-end process, builds layers of defense against fraud attacks, and is adaptive.â
The IRS noted that several major system and process changes will be made this summer and fall by the participants in order to be ready for the 2016 filing season.