IRS Logo
Print - Click this link to Print this page

Offshore Credit Card Program (OCCP)

Privacy Impact Assessment - Offshore Credit Card Program 

OCCP System Overview

OCCP is an initiative aimed at bringing back into compliance with U.S. tax laws participants who used “offshore” payment cards or other offshore financial arrangements to mask or shelter their income.  The IRS used judicial John Doe summonses to request information from three credit card companies (VISA, MasterCard, and American Express) regarding individuals who may have participated in offshore credit card scams.  The IRS also summoned information from a Florida credit card processor, Credomatic, that services banks located in Caribbean tax haven countries. The goal is to identify US persons from offshore card transactions.  A vendor queries the data and compares it against Name Search Facility (NSF) and Information Return Master File (IRMF) data.  If a Taxpayer Identification Number (TIN) is found, the data is sent in an Excel spreadsheet through encrypted email to the Philadelphia campus, OCCP Unit.  The spreadsheet is printed out and used by OCCP Unit personnel. 

System of Records Number(s) 

Treasury/IRS 34.037 - IRS Audit Trail and Security Records System
Treasury/IRS 42.021 – Compliance Programs and Project Files
Treasury/IRS 42.001 – Examination Administrative Files
Treasury/IRS 46.002 – Criminal Investigation Management Information System
Treasury/IRS 24.030 – CADE Individual Master File (IMF)
Treasury/IRS 24.046 – CADE Business Master File (BMF)
Treasury/IRS 22.061 – Individual Return Master File

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:

A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

A.  Refer to Attachment 1, OCCP Data Element Dictionary.  All fields are taxpayer related.

B.  OCCP does not contain employee information.

C.  They system OCCP resides on collects the employee log-in info.

D.  OCCP does not contain information other than taxpayer information.

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.

A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)


A. See Attachment 1, OCCP Data Element Dictionary.  All fields in tables NSF Summary and IRMF Summary are the result of a query of credit card data against the IRS Name Search Facility system and IRS Information Return Master File Processing system, using a taxpayer name and address to locate a Social Security Number (SSN) or Employer Identification Number (EIN).

B. No information is collected from taxpayers.

C. Login and passwords are collected from employees when they access the system.

D. No Federal Agencies provide data for this system.

E. No State or Local Agencies are providing data for use in ALS.

F. See Attachment 1, OCCP Data Element Dictionary, all fields in tables CC_Names, Positional_Merchants, Transactions, Possible Address, Airline Summary, Hotel Summary, and Car Rental Summary are provided by Credit Card Companies via a John Doe summonses.

3.  Is each data item required for the business purpose of the system?  Explain.

Yes, each item is required to identify individuals or organizations that are or were involved in the promotion of tax transactions for the purpose of avoiding tax.

4. How will each data item be verified for accuracy, timeliness, and completeness?

Each data item is reviewed by the appropriate technical personnel to verify for accuracy, timeliness, and completeness.

5. Is there another source for the data?  Explain how that source is or is not used.  No.

6. Generally, how will data be retrieved by the user? 

Data is retrieved by taxpayer name and address.

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier? 

Yes, data is retrievable by Name.

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?


The SBSE Compliance Policy Technical Analyst, LMSB Computer Audit Specialist, Key Logic personnel, and OCCP Unit personnel will have access to the data in the system.

9. How is access to the data by a user determined and by whom? 

Access is determined by the manager based on job requirements and need-to-know.

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.

Refer to OCCP Data Element Dictionary tables NSF SUMMARY and IRMF SUMMARY. TIN, Name, and Address information is received from Name Search Facility (NSF) and Information Return Master File.

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?  Yes.

12.  Will other agencies provide, receive, or share data in any form with this system?  No.

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?


The retention period for the data is based on statutory provisions related to the expiration of the statute of limitations for the assessment of additional taxes.  For a filed return, this statute of limitations is generally 3 years from the date the return was filed, unless there is a 25% omission of income in which case, the statute of limitations is generally 6 years from the date the return was filed {IRC 6501(e)} .  In the case of fraud/false return, there is no statute of limitation. {IRC 6501(c)(1)}.  As for non-filers, there is no statute of limitations, however we generally limit the examinations to a 6-year period.  Since the type of cases that are generated from the data generally will meet the 6-year period, the data will be needed for this time period.  Therefore, the retention period for the data is 6 years.

Only relevant and current information is maintained for the OCCP project.  When it has been determined that the data maintained in regards to OCCP is no longer relevant, it will be destroyed according to proper procedures.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15.   No.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.

Yes, the system is used to identify or locate individuals or groups.  The business purpose for this capability is to identify individuals or organizations that are or were involved in the promotion of tax transactions for the purpose of avoiding tax.

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.

No, the system does not have the capability to monitor individuals or groups. 

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.

No, all taxpayers will be treated equally.

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?

The system does not make determinations.  The data from the system is used to assist OCCP Unit personnel in identifying and setting up cases for Compliance review.  All cases will be worked per the Offshore Credit Card Desk Guide.

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?

The system is not web-based.

Page Last Reviewed or Updated: 18-Aug-2012