IRS Logo
Print - Click this link to Print this page

Privacy Impact Assessment – Internet Refund Fact of Filing

Approved - Nov. 11, 2008

System Overview
Internet Refund Fact of Filing provides information on tax refund status via the Internet to 1040-series filers who are eligible to receive a refund. The IRFOF applet authenticates taxpayers based on tax return information (termed "shared secrets") known to the IRS and to the taxpayer. Specifically, IRFOF requires taxpayers to provide their Social Security Number (SSN)/Individual Taxpayer Identification Number (ITIN), their filing status (i.e., "Single", "Married", etc.), and the refund amount shown on their latest tax return.

Once authenticated, IRFOF displays read-only refund status information to the taxpayer. For taxpayers whose tax returns are mistake-free, IRFOF displays the date that the IRS mailed the taxpayer's tax refund check. If there is a problem with the user’s tax return, IRFOF displays the amount of the credit check or direct deposit to be disbursed to the taxpayer, as well as a detailed message that describes the problem. Additionally, the applet provides information needed to solve the problem, including a referral to the appropriate IRS telephone number.

IRFOF retrieves taxpayer data from the Refund Information File (RFIF), which is part of the Integrated Data Retrieval System (IDRS). No taxpayer data is stored permanently by the applet itself.

IRADDR, a module within IRFOF, provides Taxpayers the ability to initiate a change of address of record and provide a phone number (optional) based on a refund status that indicates an undeliverable refund check and other criteria have been met. Eligible taxpayers are provided access to the Address Module through IRFOF, which may be accessed from www.irs.gov.

IRTRC, another module within IRFOF, provides the ability for taxpayers to initiate a Refund Trace (or re-issuance of their refund check). Taxpayers access the IRTRC applet via the IRFOF applet by clicking on a link on the IRS.gov homepage. After authenticating to IRFOF as described above, the applet displays read-only refund status information to the taxpayer. If the taxpayer’s refund status indicates that their check was mailed beyond the waiting period time (i.e., greater than 28 days), IRFOF provides the taxpayer with the option to execute the functionality provided by the IRTRC module. The IRTRC module guides the taxpayer through a second round of authentication by prompting them for their address dwelling number. If the taxpayer passes authentication, they will be given the ability to request that a Refund Trace be initiated.

Systems of Records Notice (SORN)

  1. Treasury/IRS 00.001, Correspondence Files and Correspondence Control Files
  2. Treasury/IRS 34.037, Audit Trail and Security Records System
  3. Treasury/IRS 34.018 IDRS Security Files

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:

A. Taxpayer
B. Employee
C. Audit Trail Information (including employee log-in info)
D. Other (Describe)

A.1. Taxpayer information gathered by IRFOF

  • SSN/ITIN
  • Filing Status
  • Tax Return Refund Amount

A.2. Taxpayer information gathered by IRADDR

  • Adjusted Gross Income (AGI)
  • Address

A.3. Taxpayer information gathered by IRTRC

  • Address
  • Phone

B. No employee data is available in the IRFOF application

C. IRFOF applet audit data is captured by the Security Audit and Analysis System (SAAS). Audit trail logging for the applet is sent to SAAS via Application Messaging and Data Access Services (AMDAS). Audit records contain the following data:

  • Date and time that the event occurred;
  • The unique identifier (e.g., user name, SEID, application name, etc) of the user or application initiating the event;
  • Type of event;
  • Subject of the event (e.g., the user, file, or other resource affected) and the action taken on that subject; and
  • The outcome status (success or failure) of the event.

D. No other data is available in the System

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.

A. IRS
B. Taxpayer
C. Employee
D. Other Federal Agencies (List agency)
E. State and Local Agencies (List agency)
F. Other third party sources (Describe)

A. IRS
The IRFOF applet obtains information from the Refund Information File (RFIF),which is a part of the Integrated Data Retrieval System (IDRS).

The data elements obtained from IDRS are:

IRFOF:

  • Refund Check Mailing Date
  • Refund Amount

IRADDR:

  • Taxpayer Address

IRTRC:

  • Refund Check Waiting period exceeded

B. Taxpayer
The PII that taxpayers submit online in order to gain access to their individual IRS account information is referenced in question 1A of this PIA.

C. Employee
Employees do not provide information to the IRFOF application. As such, the IRFOF application does not obtain any data from employees.

D. Other Federal Agencies (List agency)
No other federal agencies provide data to IRFOF.

E. State and local agencies (List agency) 
No state and local agencies provide data to IRFOF.

F. Other third party sources (Describe)
No other third party sources provide data to IRFOF.

3. Is each data item required for the business purpose of the system?  Explain.
Yes. The business purpose of IRFOF is to allow individual taxpayers to view their IRS account information through the internet without IRS Customer Service Representative (CSR) assistance. Individual taxpayer account data stored in the IRFOF applet Presentation and Business Web Application Servers is required to achieve the business purpose of the system. Each data item is used either to verify authenticity of the taxpayer or to provide the information the taxpayer is requesting.

4. How will each data item be verified for accuracy, timeliness, and completeness?
The IRFOF applet is a public facing applet whose only users are taxpayers, and only provides these users with read-only access to information pertaining to the status of their tax refund. The only input into the IRFOF applet occurs during authentication where the applet verifies a combination of three (3) shared secrets with the taxpayer. Additionally, if a taxpayer has made a mistake, the applet asks the taxpayer to verify their entered data and also asks the taxpayer to provide answers to a few additional questions. The IRFOF applet compares the data entered by the user against the IDRS RFIF. If the data are accurate, complete, and valid, the applet provides the taxpayer with read-only access to their refund status. If any of the data items are inaccurate, incomplete, or invalid, the user will be presented with a validation message indicating that there is a problem with the data that has been provided. Specifically, the IRFOF applet restricts user input through the use of JavaScript pop-ups that notify users if required input is not provided (i.e., is left blank) or if input entered is of a different type than what is accepted for the field. It should be noted that the applet functions in the same manner regardless of whether JavaScript is disabled. To ensure authenticity of the information, the applet asks users to provide shared secrets that are only known to the taxpayer and the IRS.

The following table provides a sampling of IRFOF validation rules. For a complete listing, refer to the IRFOF PBD.

Interface Page Name: Get Refund Status Page
(Note: the applet requires users to provide input for all three (3) fields listed on this page – SSN, Filing Status, and Refund Amount) 

Field Name: SSN
(Note: the applet does not allow the entrance of any non-numeric values into the first nine positions)    

Validation Messages

  • Please re-enter your SSN or TIN.
    (The SSN or TIN you entered was incomplete for first three digits.)
  • Please re-enter your SSN or TIN.
    (The SSN or TIN you entered was incomplete for middle two digits.)
  • Please re-enter your SSN or TIN.
    (The SSN or TIN you entered was incomplete for last four digits.)

Field Name: Filing Status
(Note: only one of the selections displayed can be selected – a user makes a selection by clicking the radio button that appears next to their desired selection)

Validation Message

  • "Please select a Filing Status. (Filing Status is empty.)”

Field Name: Refund Amount
(Note: the applet requires a user to provide their refund amount)

Validation Messages

  • "Please enter a valid Refund Amount.
    (Refund Amount is empty.)"
  • "Please enter a valid Refund Amount.
    (The amount entered contains too many decimal places)"
  • "Please enter a valid Refund Amount.
    (The amount you enter can be no more than $9,999,999,999.99 Try again)"
  • "Please enter a valid Refund Amount.
    (Check the placement of your comma(s) and try again)"
  • "Please enter a valid Refund Amount.
    (The amount entered contains a non-numeric character)"
  • "Please enter a valid Refund Amount.
    (The amount entered contains a non-numeric character and too many decimal places.)"

All entered shared secrets are validated against the IDRS REF. Data retrieved from the IDRS RFIF is first validated on the BWAS server before it is displayed to the user. Specifically, the data is checked to ensure that it is in the correct format and a comparison of the SSN/ITIN sent in the request to the SSN/ITIN sent in the response is performed to ensure that the correct record has been returned. If there is a problem with the user’s tax return, IRFOF displays the amount of the credit check or direct deposit to be disbursed to the taxpayer, as well as a detailed message that describes the problem. Additionally, the applet provides information needed to solve the problem, including a referral to the appropriate IRS telephone number.

IRTRC – The IRTRC module guides the taxpayer through a second round of authentication by prompting them for their address dwelling number. In addition, the IRTRC module requests the reason for conducting the trace through the use of radio buttons for four predetermined reasons. Lastly, the module asks if the refund check had been endorsed or not. This input is also controlled through the use of radio buttons. If the taxpayer passes authentication, they will then be given the ability to request that a Refund Trace be initiated.

IRADDR – The IRADDR module utilizes Finalist, which is a part of the MITS-22 GSS to ensure the address entered is a valid USPS address. IRADDR also used IDRS to verify the value of the entered AGI.

5. Is there another source for the data?  Explain how that source is or is not used.
No. IRFOF receives authentication data from taxpayers and the legacy IRS systems noted in question 2A of this PIA.

6. Generally, how will data be retrieved by the user?
After providing required authentication data (i.e., SSN/ITIN, filing status, and refund amount), IRFOF displays read-only refund status information to the taxpayer.  For taxpayers whose tax returns are mistake-free, IRFOF displays the date that the IRS mailed the taxpayer’s tax refund check. Specifically, for taxpayers whose tax returns are mistake free, IRFOF displays the following information:

  • The taxpayer’s SSN (it should be noted that the first five (5) digits of a user’s SSN/ITIN are masked when displayed on all IRFOF interface pages)
  • Filing Status (i.e., “Single”, “Married”, etc.)
  • Tax Period Ending (i.e., December 31, 2007)
  • Refund Amount
  • Refund Date (i.e., the date when the IRS mailed the taxpayer’s refund check)
  • Address
  • AGI
  • Phone Number

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier?
The data is retrievable by using the identifiers listed in question 1A of this PIA.

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

Roles and permissions

  • Business Managers: Management Information System (MIS) data
  • Security Administrators: Access to audit data stored in SAAS
  • System and Databse Administrators: Access to the authentication database
  • Developers: Access to the sanitized Integrated Customer Communications Environment (ICCE) data store (no access to live data) and interface data to develop the interfaces, test the application, and ensure data integrity among the interfaces.
    Developers are also given indirect access to data in the event that technical problem solving is necessary.
  • Taxpayers/Public: Access to view their own IRS account information after successful authentication

9.  How is access to the data by a user determined and by whom?

  • Internal Users:
    • Authorized IRS SAs and DBAs have access to the data on the databases. SAs and DBAs receive approval to access the data by their manager through the OL5081 process.
    • Contractors, including developers, do not have direct access to the IRFOF production system or authentication database.  Only IRS SAs and DBAs have access to the production environment.  However, developers are available to help SAs troubleshoot technology problems.  In these cases, the SA provided the necessary information to the developer so he/she can assist with the problem, which is considered indirect access since the SA provides the developer with the necessary information as opposed to the developer being able to access it directly.
  • External Users:
    A taxpayer gains access rights after completing authentication.

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.
Yes. Refund Information File (RFIF), which is part of IDRS, shares refund information with the IRFOF applet.
For information about the data that is retrieved by IRFOF from RFIF, refer to question 1A of this PIA.

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?

Yes. IDRS:

  • C&A approved on May 18, 2006, expiring May 18, 2009.
  • Privacy Impact Assessment approved on March 22, 2006, expiring March 22, 2009.

12.  Will other agencies provide, receive, or share data in any form with this system? No other agencies will provide, receive or share data in any form with IRFOF.
No other agencies will provide, receive or share data in any form with IRFOF.

Administrative Controls of Data

13.  What are the procedures for eliminating the data at the end of the retention period?
All taxpayer data is stored in RFIF/IDRS and is accessed by the IRFOF application during a user’s session.  Therefore, these systems are responsible for data elimination at the end of the retention period in accordance with IRS policies and procedures.

All data elimination procedures comply with IRM 1.15.1 through 1.15.62 Records Management requirements.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15.
No. This system will not use technology in a new way.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.
No. This system will not be used to identify or locate individuals or groups.

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.
No. This system will not provide the capability to monitor individuals or groups.

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.
No. Use of this system will not allow the IRS to treat taxpayers differently. The system is used by taxpayers to determine the status of their refund, request re-issuances of their refund checks and to update their address information so that their refund checks can be sent to the correct location.

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?
There are no negative determinations decreed by the IRFOF applet. The IRFOF applet displays taxpayer refund status, allows taxpayers to update their mailing addresses and allows taxpayers to request replacement refund checks.

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify Web visitors?
No. The system only uses "session-only" cookies. The session cookie is destroyed when the user terminates his/her web browser client; logs out of the application; or when the session timeout period has elapsed due to inactivity (20 minutes), whichever occurs first.

View other PIAs on IRS.gov

Page Last Reviewed or Updated: 18-Jul-2014