How the IRS Protects Taxpayers from Tax-Related Identity Theft

Notice: Historical Content


This is an archival or historical document and may not reflect current law, policies or procedures.
People holding the American flag

While the Security Summit partners have made tremendous progress, there is still much work to be done and they need the help of taxpayers and tax professionals to also take steps and protect their own data.

Get to know the IRS, its people and the issues that affect taxpayers


Two hands cupped under three locks with Security Summit under them

By Michael Beebe
CL-21-07, February 25, 2021

Whether or not you’ve heard of the “Security Summit,” you’ve benefitted from the work this group does. The Security Summit is a partnership between the Internal Revenue Service, state tax agencies and the private-sector tax industry. Together they work to combat a common enemy – identity thieves.

Since its start in 2015, the Security Summit partners have made tremendous progress. That said, as 2020 proved, there is still much work to be done.

No longer a petty crime of opportunity perpetrated by unorganized criminals and unscrupulous tax preparers, tax-related identity theft evolved into a major enterprise by well-funded, technically sophisticated national and international criminal syndicates.

These criminals have the capabilities to steal people’s names, addresses and Social Security numbers in massive data breaches from businesses and other organizations. Making matters worse, they have the tax savvy to quickly use that stolen information to file fraudulent tax returns claiming refunds from the IRS.

Working together, the Security Summit partners have identified actions to better protect the nation’s taxpayers from tax-related identity theft. These actions range from minor to major activities, many invisible to taxpayers, but invaluable to identifying and stopping stolen identity refund fraud.

Some changes were more noticeable to the average person. For example:

  • Tax product providers agreed to strengthen password protocols. This is the first line of defense for these companies to make sure their products are secure.
  • State agencies began asking for taxpayers’ driver’s license numbers as another way for people to prove their identities.
  • The IRS limited the number of tax refunds going to financial accounts or addresses.
  • The IRS redacted personal information from tax transcripts.

All Security Summit partners took steps to strengthen their anti-fraud efforts. Because software providers share more non-tax information with the IRS, the agency is better able to identify fraudulent returns before accepting them into the processing pipeline. For any tax returns that make it past that barrier, the IRS has improved its fraud filters to better identify them as fraudulent.

Security Summit partners now consist of the IRS, 42 states and 25 private-sector businesses and associations. They focus on “trusted customer” issues – ensuring the person filing a tax return is the person they say they are.

The partners also recognize they could not combat these criminals alone. They need the help of taxpayers and tax professionals to also take steps and protect their own data.

To get this done, the Security Summit has created several campaigns to educate taxpayers and tax preparers about what they can do to help stop identity theft.

  • Taxes. Security. Together
    The goal of this campaign is to heighten awareness among taxpayers about the security measures they should take. These include using virus protection on their computers and creating strong passwords for all their accounts.
  • Protect Your Clients; Protect Yourself
    The Security Summit launched this campaign urging tax professionals to better protect client information from data thefts. The Summit partners work to improve awareness among tax professionals who emerged as key targets by identity thieves. Data thefts from tax preparer offices result in fraudulent tax returns that are much harder to identify.
  • National Tax Security Awareness Week
    This annual promotion happens in December. Partners join forces to bring attention to necessary security steps and increase awareness of scams ahead of the start of the tax filing season.

The Security Summit’s results were dramatic.

  • Between 2015 and 2019, the number of taxpayers reporting they were identity theft victims fell 80 percent.
  • The number of confirmed identity theft returns stopped by the IRS declined by 68 percent.
  • The IRS protected a combined $26 billion in fraudulent refunds by stopping the confirmed identity theft returns.
  • Financial industry partners recovered an additional $1.7 billion in fraudulent refunds.

Working together, the Security Summit partners have identified actions to better protect the nation’s taxpayers from tax-related identity theft. These actions range from minor to major activities, many invisible to taxpayers, but invaluable to identifying and stopping stolen identity refund fraud.

Even with these successes, 2020 showed how we must all remain vigilant. Scammers and identity thieves look for any and every opportunity to steal, regardless of the pain caused. The Coronavirus pandemic and the resulting economic downturn gave them that opportunity.

As Congress approved the Coronavirus Aid, Relief, and Economic Security Act that included the first round of Economic Impact Payments distributed through the IRS and enhanced unemployment benefits distributed through the states, scammers and identity thieves worked overtime to trick people into disclosing their data.

Even before the events of 2020, the Summit partners were already planning on providing taxpayers and tax preparers with additional tools to protect themselves in 2021:

  • Online tax software products available to both taxpayers and tax professionals will contain options for multi-factor authentication. Multi-factor authentication allows users to better protect online accounts. One way this is accomplished is by requiring a security code sent to a mobile phone in addition to the username and password used to access the account.
  • Any taxpayer who can authenticate their identity can also obtain an Identity Protection PIN. When a taxpayer uses this PIN, it helps prevent identity thieves from filing a fraudulent tax return in the taxpayer’s name. An IP PIN is a six-digit number known only to the taxpayer and IRS. It adds another layer of protection to the taxpayer’s SSN or Taxpayer Identification Number.
  • The Summit partners formed an information sharing center that allows them to quickly identify emerging scams and react to protect taxpayers. The Identity Theft Tax Refund Fraud Information Sharing and Analysis Center is now operational.

As the Security Summit begins its sixth year, the partnership between the IRS, the states and the industry is more important than ever. Just as important is the need for taxpayers and tax professionals to be aware and alert to scams and theft.

We all have a role in protecting America’s taxpayers.

Michael Beebe
Director, Return Integrity and Compliance Services

Photo of Michael Beebe

About the author

Michael Beebe is the Director, Return Integrity and Compliance Services in the W&I Division, where he is responsible for strengthening the integrity of the tax system through pre-refund revenue protection and the oversight of refundable credits. This includes screening returns for potential fraud and identity theft and compliance activities to prevent improper refunds. Prior to this assignment, Mike served in various other roles within the IRS such as RICS Deputy Director, Director of Field Assistance, Director of Stakeholder Partnerships, Education & Communications (SPEC), and Field Director, Accounts Management (Atlanta).

 

 

Avoid Phishing Emails

A Closer Look

Read all our posts about a  variety of timely issues of interest to taxpayers and the tax community

Subscribe

The IRS offers several e-News subscriptions on a variety of tax topics. Subscribe to get email alerts when new content is posted.