Prepared Remarks of Commissioner John Koskinen at the Security Summit Press Briefing


Notice: Historical Content

This is an archival or historical document and may not reflect current law, policies or procedures.

Nov. 3, 2016

Thank you all for joining us.

We’re here today to provide an update on our battle against identity theft and to outline new steps we’re taking to protect taxpayers during next year’s tax filing season. These improvements are the direct result of the ongoing work we’re doing with our partners in the Security Summit group.

Joining me are several of our Security Summit partners, representing the states, tax practitioners and the software industry, as well as representatives from the financial sector and the payroll community. I want to thank them for being here today.

Just a few years ago, identity theft exploded and threatened to overwhelm the nation’s tax system, affecting the IRS, states and the private sector. While we had been making some inroads against identity theft, the formation of the Security Summit Group in March 2015 allowed us to do a lot more, and do it more quickly.

This is a strong, unique partnership between the public and private sectors. We’ve been able to make remarkable progress because the Security Summit partners, working together, have been able to coordinate our efforts on many different levels.

I’m delighted to report the Security Summit Group continues to grow. The Summit Group’s memorandum of understanding has now been signed by 40 states and 21 industry partners, and endorsed by seven major organizations representing various segments of the tax and financial industries. Many more organizations are supporting this wider effort. We’ve also taken the step of permanently establishing the Summit process under the auspices of the Electronic Tax Administration Advisory Committee, or ETAAC. Some of those members are also with us today. So we now have every segment of the tax system working together, which will increase our forward momentum against the threat of identity theft.

I want to take a minute today to look at some of the numbers that highlight the significance of what we achieved during the last filing season to put safeguards in place to protect taxpayers. Those safeguards have had a tremendous impact on our ability here at the IRS to identify and stop fraudulent tax returns – and it’s making a major difference for the states and the tax industry as well. Our collective work has helped us on the front end by keeping false returns from ever getting to the processing pipeline. That work also has helped us strengthen our internal fraud filters for returns that are filed. And it helped us on the back end by preventing fraudulent refunds from being deposited in criminals’ accounts. So you could say we’ve strengthened the tax system before, during and after the point of filing.

We have so much going on, it’s hard to summarize the work, so let me touch on just a few items.

The Summit effort is making a real difference in the lives of taxpayers. Here’s a remarkable statistic. The number of people who have filed affidavits with the IRS to tell us they were victims of identity theft has fallen – and fallen dramatically. Through the first nine months of this year, that number is down by more than 50 percent.  There were 512,278 affidavits a year ago, and that’s fallen to 237,750.  That means about 275,000 fewer taxpayer victims than a year ago. That’s a clear sign the IRS, the states and the tax industry are making a real progress in protecting taxpayers – even in an era where cybersecurity lapses are in the headlines every day.

We are seeing other illustrations of our work over the last year.

Even with this progress, the fraud filters in our processing systems are still catching a lot of bad returns, which shows that identity theft is still a major threat to tax administration. For the first nine months of this year, our systems stopped more than $4 billion in fraudulent refunds claimed by identity thieves on 787,000 tax returns.

But here’s another sign of progress. That number is down sharply from the same period in 2015 – a reduction of nearly half a million tax returns. That shows our up-front processes are stopping more fraudulent returns before they even made it into our systems.

Our news release today highlights several of these numbers in greater detail.

Add this all up, and it means we’re seeing fewer bad returns, fewer bad refunds and fewer taxpayers becoming victims. While these numbers highlight the critical difference the Security Summit Group is making, the battle against stolen identity refund fraud is far from over. In fact, we need to be prepared to fight on new fronts. As we make it harder for identity thieves to file false returns, they’re constantly working to come up with new ways to get around the barriers we’ve established. That’s why we’re evolving and putting more protections in place for the 2017 filing season.

Some of these steps are designed to help us do an even better job of making sure the person accessing our systems, to file a return or get information, is the legitimate taxpayer and not an identity thief.

One example involves the W-2 form that taxpayers file along with their returns. We’ve become increasingly concerned that identity thieves are attempting to create fake W-2s to make their fraudulent tax returns look more genuine. So we started a pilot last filing season with a small number of payroll service providers to test the idea of putting a verification code on W-2 forms. The code was used on 2 million forms in 2016. Thanks to the help from the payroll community and the software industry, we plan on expanding the pilot to about 50 million W-2s in 2017. So if you use tax software to prepare your return, you’re likely to be prompted to enter a W-2 verification code on the return. That code will help us verify the legitimacy of the W-2 that goes along with the return.

Other steps we’re taking won’t be visible to taxpayers, but they will help the IRS and state tax administrators improve their ability stop refund fraud. One example involves the data components that Security Summit partners collect and share when a return is filed. These act as an early warning system for potentially fraudulent individual returns. We’ve come up with 37 new data components that we will be receiving and monitoring during the next filing season. We also expect this to help with the quicker release of refunds for those returns we are able to verify, so the real taxpayers will be less likely to face delays in their refunds.

Also, following in the steps of our work with individual returns, Security Summit partners will collect and share underlying data components from business tax returns– extending more identity theft protections to corporate and business filers as well as individuals.

Another important example of what’s ahead for 2017 involves the work being done in conjunction with the financial services industry. Financial institutions have provided critical support to our efforts by being a key line of defense in stopping fraudulent refunds from reaching criminals. The IRS has been operating a very successful program with partners in the financial services industry to flag suspicious refunds before they are deposited into bank accounts.  I’m delighted to report that more than 20 states are now working to create their own individual versions of this program, where suspicious tax refunds also receive extra review before reaching a bank account.

Along these same lines, our financial services industry partners are enhancing their efforts in relation to what we call our “ultimate bank account” initiative. The goal is to provide greater clarity about the final destination of tax refunds, including those routed through prepaid cards, so we can all do a better job of identifying not only a fraudulent refund, but also a legitimate one, and minimize refund delays for legitimate taxpayers.

A moment ago I noted that the progress we’ve been making on identity theft has hinged on increasing the flow of information among Security Summit partners. To enhance that flow still further, the Summit Group will launch a new Identity Theft Tax Refund Fraud Information Sharing and Analysis Center, or ISAC for short. This project, in its initial stages for 2017, will help us identify emerging identity theft schemes and allow that information to be quickly shared among Summit partners. That way, we can move faster to shore up our defenses against emerging threats. We believe the ISAC will also help enhance law enforcement efforts to investigate and prosecute identity thieves. This will be an important new, long-term defense for the nation’s tax system, and it will become a cornerstone in our fight against identity theft.

I also wanted to mention a couple of new tools Congress has given us that will improve our ability to spot errors and potential fraud on tax returns in the upcoming filing season and beyond. Legislation passed by Congress in December moved up the deadline for employers to file W-2s and other information returns to the end of January. Having W-2s earlier will make it easier for the IRS to verify the legitimacy of tax returns at the point of filing – and will help us stop fraud.

Another change Congress made in December affects people who claim the Earned Income Tax Credit or the Additional Child Tax Credit. Beginning with the upcoming filing season, the IRS will hold tax returns claiming either of those credits until February 15. This change will give us time to verify the income claimed on these returns. But people claiming these credits should still file returns when they normally would. They don’t need to wait to file until February 15. Delaying until then will just mean they will get their refund later.

Along with all the efforts I just described, we also need to continue our work to make sure taxpayers and tax return preparers are doing everything they can to protect themselves against identity theft. I can’t stress enough how important this is. Stolen identity refund fraud touches nearly everyone, and we all have a part to play in stopping it.

So in 2017 the Security Summit Group will continue its public awareness campaign aimed at getting taxpayers to take more data security precautions. We’re also encouraging everyone to learn how to recognize and avoid scammers who try to trick people into disclosing personal financial data such as Social Security numbers or credit card numbers – either over the phone or by email. That’s critical to keeping this very sensitive information from falling into the wrong hands.

We will also continue to get the word out to tax return preparers, through the “Protect Your Clients, Protect Yourself” campaign launched earlier this year. We want to make sure preparers are using the best security practices available, to ensure they’re safeguarding their own data and that of their clients. This is critically important, given that identity thieves increasingly are targeting tax preparers in their never-ending hunt for personal data that helps them file false returns.

I want to thank the tax professional community and the national associations for their work on this outreach effort as well as for taking a very active role in our Security Summit initiatives  over the past year. They are a critical part of our work in this area as well as our other tax administration work.

Clearly, there’s still much more for all of us to do. We’re not close to declaring victory against identity theft. But thanks to the Security Summit Group, we’ve come a long way in a short time. I want to thank all of our Summit Group partners for their hard work and ongoing commitment to this effort. After seeing what we’ve been able to accomplish together thus far, I have no doubt we’ll keep making progress, and continue improving our ability to safeguard taxpayers and our tax system.

With that, let me turn it over to Julie Magee, Alabama’s Revenue Commissioner, for some brief remarks on the perspective of the states and the Federation of Tax Administrators.

Bill Cobb, President and CEO of H&R Block

CeCe Morken, Intuit’s Executive Vice President